← Back to exam page

70-742 Identity with Windows Server 2016

Loading demo links...

Showing 7–9 of 15 questions

Question 7 (Manage and Maintain AD DS)

Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2016. The domain contains the servers shown in the following table.

The domain has several Managed Service Accounts.

Server1 hosts a service named Service1 that runs in the security context of the LocalSystem account.

You need to implement a group Managed Service Account to run Service1.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • On Server1, modify the properties of Service1.

  • On DC1, run Add-ADComputerServiceAccount.

  • On DC1, run New-ADServiceAccount.

  • On DC1, run Add-KDSRootKey.
Question 8 (Implement Active Directory Certificate Services)

Your network contains an Active Directory domain named contoso.com. The domain contains servers that run Windows Server 2016. The servers are configured as shown in the following table:

You have a research department. The computers in the research department are not domain-joined.

You need to ensure that the research department computers can use automatic certificate enrollment to receive and renew certificates from the CA.

Which two role services should you install and configure on CA1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • Certificate Enrollment Policy Web Service

  • Certificate Authority Web Enrollment

  • Online Responder

  • Certificate Enrollment Web Service

  • Network Device Enrollment Service

Question 9 (Implement Active Directory Certificate Services)

Your network contains an Active Directory domain named contoso.com.

The domain contains an enterprise root certification authority (CA) on a server that runs Windows Server 2016.

You need to configure the CA to support Online Certificate Status Protocol (OCSP) responders.

Which two actions should you perform? Each correct selection presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • Add a new certificate template to issue.

  • Modify the Authority Information Access (AIA) of the CA.

  • Configure an enrollment agent.

  • Install a standalone subordinate CA.

  • Modify the CRL distribution point (CDP) of the CA.