Your network contains an Active Directory forest named contoso.com. The forest contains three domains
named contoso.com, corp.contoso.com, and ext.contoso.com. The forest contains three Active Directory sites
named Site1, Site2, and Site3.
You have the three administrators as described in the following table.

You create a Group Policy object (GPO) named GPO1.
Which administrator or administrators can link GPO1 to Site2?

You deploy a new enterprise certification authority (CA) named CA1.
You plan to issue certificates based on the User certificate template.
You need to ensure that the issued certificates are valid for two years and support autoenrollment.
What should you do first?

Your network contains an enterprise root certification authority (CA) named CA1.
Multiple computers on the network successfully enroll for certificates that will expire in one year. The certificates
are based on a template named Secure_Computer. The template uses schema version 2.
You need to ensure that new certificates based on Secure_Computer are valid for three years.
What should you do?

Your network contains an Active Directory forest named contoso.com. The forest contains several domains.
An administrator named Admin01 installs Windows Server 2016 on a server named Server1 and then joins
Server1 to the contoso.com domain.
Admin01 plans to configure Server1 as an enterprise root certification authority (CA).
You need to ensure that Admin01 can configure Server1 as an enterprise CA. The solution must use the
principle of least privilege.
To which group should you add Admin01?

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The
domain contains a server named Server1.
An administrator named Admin01 plans to configure Server1 as a standalone certification authority (CA).
You need to identify to which group Admin01 must be a member to configure Server1 as a standalone CA. The
solution must use the principle of least privilege.To which group should you add Admin01?

You network contains an Active Directory domain named contoso.com. The domain contains an enterprise
certification authority (CA) named CA1.
You have a test environment that is isolated physically from the corporate network and the Internet.
You deploy a web server to the test environment. On CA1, you duplicate the Web Server template, and you
name the template Web_Cert_Test.
For the web server, you need to request a certificate that does not contain the revocation information of CA1.
What should you do first?

You have users that access web applications by using HTTPS. The web applications are located on the servers
in your perimeter network. The servers use certificates obtained from an enterprise root certification authority
(CA). The certificates are generated by using a custom template named WebApps. The certificate revocation
list (CRL) is published to Active Directory.When users attempt to access the web applications from the Internet, the users report that they receive a
revocation warning message in their web browser. The users do not receive the message when they access
the web applications from the intranet.
You need to ensure that the warning message is not generated when the users attempt to access the web
applications from the Internet.
What should you do?

Note: This question is part of a series of questions that use the same or similar answer choices. An answer
choice may be correct for more than one question in the series. Each question is independent of the other
questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows
Server 2012 R2.
You need to ensure that a domain administrator can recover a deleted Active Directory object quickly.
Which tool should you use?

Note: This question is part of a series of questions that use the same or similar answer choices. An answer
choice may be correct for more than one question in the series. Each question is independent of the other
questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com.You need to limit the number of Active Directory Domain Services (AD DS) objects that a user can create in the
domain.
Which tool should you use?

Note: This question is part of a series of questions that use the same or similar answer choices. An answer
choice may be correct for more than one question in the series. Each question is independent of the other
questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named Server1.
You recently restored a backup of the Active Directory database from Server1 to an alternate Location.
The restore operation does not interrupt the Active Directory services on Server1.
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access
Protocol (LDAP).
Which tool should you use?