毎月、GOWUKAKUは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
Identity with Windows Server 2016 試験
【2024桜まつりキャンペーン】:70-742 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。
実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。
さらに試験準備時間の35%を節約するには、70-742 問題集を使用してください。
Question No : 1
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two
servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has the DHCP Server role installed. The IPAM server retrieves data from Server2.
The domain has two users named User1 and User2 and a group named Group1. User1 is the only member of Group1.
Server1 has one IPAM access policy.
You edit the access policy as shown in the Policy exhibit. (Click the Exhibit button.)
The DHCP scopes are configured as shown in the Scopes exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解: 
Question No : 2
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1. You select the automatic provisioning method, and then you specify a prefix of IPAM1. You need to configure the environment for automatic IPAM provisioning.
Which cmdlet should you run? To answer, select the appropriate options in the answer area.
正解: 
Question No : 3
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2, Server3, and Server 4 have the DHCP Server role installed. IPAM manages Server2, Server3, and Server4.
A domain user named User1 is a member of the groups shown in the following table.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.
正解: 
Explanation:
Box 1: Can be performed by User1
DHCP Administrators can create DHCP scopes.
Box 2: Cannot be performed by User1
DHCP Users cannot create scopes.
Box 3: Cannot be performed by User1
IPAM users cannot creates copes.
References: https://technet.microsoft.com/en-us/library/dn741281(v=ws.11).aspx#create_access_scope
Question No : 4
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 has Microsoft System Center 2016 Virtual Machine Manager (VMM) installed.
You need to integrate IPAM and VMM.
Which types of objects should you create on each server? To answer, drag the appropriate object types to the correct servers. Each object type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解: 
Explanation:
Server 1 (IPAM): Access Policy
VMM must be granted permission to view and modify IP address space in IPAM, and to perform remote management of the IPAM server. VMM uses a “Run As” account to provide these permissions to the IPAM network service plugin. The “Run As” account must be configured with appropriate permission on the IPAM server.
To assign permissions to the VMM user account
In the IPAM server console, in the upper navigation pane, click ACCESS CONTROL, right-click Access Policies in the lower navigation pane, and then click Add AccessPolicy.
Etc.
Server 2 (VMM) #1: Network Service
Server 2 (VMM) #2: Run As Account
Perform the following procedure using the System Center VMM console.
To configure VMM (see step 1-3, step 6-7)
Etc.
References: https://technet.microsoft.com/en-us/library/dn783349(v=ws.11).aspx
Question No : 5
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.
From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.
You need to modify the GPO prefix used by IPAM.
What should you do?
正解:
Explanation:
The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server. The -GpoPrefix<String> parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.
References: https://technet.microsoft.com/en-us/library/jj590816.aspx
Question No : 6
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You install IP Address Management (IPAM) on Server1.
You need to manually start discovery of servers that IPAM can manage in contoso.com.
Which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
正解: 
Explanation:
Step 1: Invoke-IpamServerProvisioning
Choose a provisioning method
The Invoke-IpamGpoProvisioning cmdlet creates and links three group policies specified in the Domain parameter for provisioningrequired access settingson the server roles managed by the computer running the IP Address Management (IPAM) server.
Step 2: Add-IpamDiscoveryDomain
Configure the scope of discovery
The Add-IpamDiscoveryDomain cmdlet adds an Active Directory discovery domain for an IP AddressManagement (IPAM) server. A discovery domain is a domain that IPAM searches to find infrastructure servers. An IPAM server uses the list of discovery domains to determine what type of servers to add. By default, IPAM discovers all domain controllers, Dynamic Host Configuration Protocol (DHCP) servers, and Domain Name System (DNS) servers.
Step 3: Start-ScheduledTask
Start server discovery
To begin discovering servers on the network, click Start server discovery to launch the IPAM ServerDiscovery task or use the Start-ScheduledTask command.
Question No : 7
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server 2016.
Server1 has IP Address Management (IPAM) installed. Server2 and Server3 have the DHCP Server role installed and have several DHCP scopes configured. The IPAM server retrieves data from Server2 and Server3.
A domain user named User1 is a member of the groups shown in the following table.
On Server1, you create a security policy for User1. The policy grants the IPAM DHCP Scope Administrator Role with the \Global access scope to the user.
Which actions can User1 perform? To answer, select the appropriate options in the answer area.
正解: 
Explanation:
User1 is using Server Manager, not IPAM to perform the administration. Therefore, only the “DHCP Administrators” permission on Server2 and the “DHCP Users” permissions on Server3 are applied. The permissions granted through membership of the “IPAM DHCP Scope Administrator Role” are not applied when the user is not using the IPAM console.
Question No : 8
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You plan to deploy Remote Desktop Gateway (RD Gateway) services. Clients will connect to the RD Gateway services by using various types of devices including Windows, iOS and Android devices.
You need to publish the RD Gateway services through the Web Application Proxy.
Which command should you run? To answer, select the appropriate options in the answer area.
正解: 
Question No : 9
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web
Application Proxy role service installed.
You publish an application named App1 by using the Web Application Proxy. You need to change the URL that users use to connect to App1 when they work remotely.
Which command should you run? To answer, select the appropriate options in the answer area.
正解: 
Explanation:
The Set-WebApplicationProxyApplication cmdlet modifies settings of a web application published through Web Application Proxy. Specify the web application to modify by using its ID. Note that the method of preauthentication cannot be changed. The cmdlet ensures that no other applications are already configured to use any specified ExternalURL or BackendServerURL.
References: https://technet.microsoft.com/itpro/powershell/windows/wap/setwebapplicationproxyapplication
Question No : 10
HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy role service installed.
You need to publish Microsoft Exchange Server 2013 services through the Web Application Proxy. The solution must use preauthentication whenever possible.
How should you configure the preauthentication method for each service? To answer, select the appropriate options in the answer area.
正解: 
Explanation:
Box 1: Pass-through
Box 2: Active Directory Federation Services (ADFS)
Box 3: Pass-through
The following table describes the Exchange services that you can publish through Web Application Proxy and the supported preauthentication for these services:
References: https://technet.microsoft.com/en-us/library/dn528827(v=ws.11).aspx
Question No : 11
HOTSPOT
Your network contains an Active Directory forest named contoso.com.
Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.
正解: 
Explanation:
To configure your AD FSfarm to authenticate users from an LDAP directory, you can complete the following steps:
Step 1: New-AdfsLdapServerConnection
First, configure a connection to your LDAP directory using the New-AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection CHostName dirserver CPort 50000CSslMode None CAuthenticationMethod Basic CCredential $DirectoryCred
Step 2 (optional):
Next, you can perform the optional step of mapping LDAP attributes to the existing AD FS claims using the New-AdfsLdapAttributeToClaimMapping cmdlet.
Step 3: Add-AdfsLocalClaimsProviderTrust
Finally, you must register the LDAP store with AD FS as a local claims provider trust using the Add-AdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust CName “Vendors” CIdentifier “urn:vendors” CType L
References: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx
Question No : 12
Your network contains an Active Directory forest named contoso.com.
A partner company has a forest named fabrikam.com. Each forest contains one domain.
You need to provide access for a group named Research in fabrikam.com to resources in contoso.com. The solution must use the principle of least privilege.
What should you do?
正解:
Question No : 13
DRAG DROP
Your company has multiple offices.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK. The company plans to open a new office. The new office will have a domain controller and 100 client computers.
You install Windows Server 2016 on a member server in the new office. The new server will become a domain controller. You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.
Which three actions should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解: 
Question No : 14
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
Some user accounts in the domain have the P.O. Box attribute set.
You plan to remove the value of the P.O. Box attribute for all of the users by using Ldifde.
You have a user named User1 who is located in the Users container.
How should you configure the LDIF file to remove the value of the P.O. Box attribute for User1? To answer, select the appropriate options in the answer area.
正解: 
Question No : 15
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
You need to secure several high-privilege user accounts to meet the following requirements:
What should you do?
正解: