Note: This question is part of a series of questions that use the same or similar answer choices. An
answer choice may be correct for more than one question in the series. Each question is independent
of the other questions in this series. Information and details provided in a question apply only to that
question.
Your network contains an Active Directory domain named contoso.com.The domain functional level is Windows Server 2012 R2.
Your company hires a new security administrator to manage sensitive user data.
You create a user account named Security1 for the security administrator.
You need to ensure that the password for Security1 has at least 12 characters and is modified every 10 days.
The solution must apply to Security1 only.
Which tool should you use?

Your network contains an Active Directory forest. The forest functional level is Windows Server 2016.
You have a failover cluster named Cluster1. Cluster1 has two nodes named Server1 and Server2. All the
optional features in Active Directory are enabled.
A junior administrator accidentally deletes the computer object named Cluster1.
You discover that Cluster1 is offline.
You need to restore the operation of Cluster1 in the least amount of time possible.
What should you do?

Your network contains an Active Directory domain named contoso.com.
The domain contains five domain controllers.
You have a branch office that has a local support technician named Tech1.
Tech1 installs Windows Server 2016 on a server named RODC1 in a workgroup.
You need Tech1 to deploy RODC1 as a read-only domain controller (RODC) in the contoso.com domain.
Which three actions should you perform? Each correct answer presents part of the solution.

You network contains an Active Directory domain named contoso.com.
The domain contains an Active Directory Federation Services (AD FS) server named ADFS1, a Web
Application Proxy server named WAP1, and a web server named Web1.
You need to publish a website on Web1 by using the Web Application Proxy.
Users will authenticate by using OAuth2 preauthentication.
What should you do first?

Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the
fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table
(NRPT).
Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member
servers.
Solution: You configure Kerberos constrained delegation on the computer account of each member server.
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com.
The domain contains a user named User1 and an organizational unit (OU) named OU1.
You create a Group Policy object (GPO) named GPO1.
You need to ensure that User1 can link GPO1 to OU1.
What should you do?

Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You have a server named Web1 that runs Windows Server 2016.
You need to list all the SSL certificates on Web1 that will expire during the next 60 days.
Solution: You run the following command.
Get-ChildItem Cert:\\LocalMachine\\My |? { $_.NotAfter –It (Get-Date).AddDays( 60 ) }
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com.
The domain contains an enterprise certification authority (CA) named CA1.
You duplicate the Computer certificate template, and you name the template Cont_Computers.
You need to ensure that all of the certificates issued based on Cont_Computers have a key size of 4,096 bits.
What should you do?

Note: This question is part of a series of questions that use the same or similar answer choices. An
answer choice may be correct for more than one question in the series. Each question is independent
of the other questions in this series. Information and details provided in a question apply only to that
question.
Your network contains an Active Directory domain named contoso.com.
You recently deleted 5,000 objects from the Active Directory database.
You need to reduce the amount of disk space used to store the Active Directory database on a domain
controller.
Which tool should you use?