Microsoft 70-742 Exam Practice Questions (P. 3)

You network contains one Active Directory domain named adatum.com. The domain contains a DNS server named Server1 that runs Windows Server 2016. All domain computers use Server1 for DNS.
You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?

Note: This question is part of a series of questions that use the same scenario. For you convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

You work for a company named Contoso, Ltd.
The network contains an Active Directory forest named contoso.com. A forest trust exists between contoso.com and an Active Directory forest named adatum.com.
The contoso.com forest contains the objects configured as shown in the following table.

Group1 and Group2 contain only user accounts.
Contoso hires a new remote user named User3. User3 will work from home and will use a computer named Computer3 that runs Windows 10. Computer3 is currently in a workgroup.
An administrator named Admin1 is a member of the Domain Admins group in the contoso.com domain.
From Active Directory Users and Computers, you create an organizational unit (OU) named OU1 in the contoso.com domain, and then you create a contact named Contact1 in OU1.
An administrator of the adatum.com domain runs the Set-ADUser cmdlet to configure a user named User1 to have a user logon name of [email protected].

You need to ensure that Admin1 can convert Group1 to a global group.
What should you do?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.
You have a branch office that has a local support technician named Tech1. Tech1 installs Windows Server 2016 on a server named RODC1 in a workgroup.
You need Tech1 to deploy RODC1 as a read-only domain controller (RODC) in the contoso.com domain.
Which three actions should you perform? Each correct answer presents part of the solution.

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2012 R2.
Your company hires a new security administrator to manage sensitive user data. You create a user account named Security1 for the security administrator.
You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days. The solution must apply to Security1 only.
Which tool should you use?