Microsoft 70-743 Exam Actual Questions

Note: This question is part of a series of a questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration.

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You upgrade a domain controller to Windows Server 2016.
Does this meet the goal?

Correct Answer: B 🗳️
Device registration requires a forest functional level of Windows Server 2012 R2.
References:
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/design/ad-fs-requirements

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration:

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You raise the forest functional level to Windows Server 2012 R2.
Does this meet the goal?

Correct Answer: B 🗳️
For a Windows Server 2012 R2 AD FS server, this solution would work. However, new installations of AD FS 2016 require the Active Directory 2016 schema
(minimum version 85).
References:
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises https://docs.microsoft.com/en-gb/windows-server/identity/ad-fs/overview/ad-fs-requirements

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest contains a member server named Server1 that runs Windows Server 2016. All domain controllers run Windows Server 2012 R2.
Contoso.com has the following configuration:

You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to configure device registration.
You need to configure Active Directory to support the planned deployment.
Solution: You run adprep.exe from the Windows Server 2016 installation media.
Does this meet the goal?

Correct Answer: B 🗳️
Adprep just prepares the domain for Window Server 2016, it does not actually raise the domain functional level to Windows Server 2016, which is required for
Device Registration.
Note: Adprep.exe is a command-line tool that is included on the installation disk of each version of Windows Server. Adprep.exe performs operations that must be completed on the domain controllers that run in an existing Active Directory environment before you can add a domain controller that runs that version of Windows
Server.
Adprep.exe commands run automatically as needed as part of the AD DS installation process on servers that run Windows Server 2012 or later. The commands need to run in the following cases:
✑ Before you add the first domain controller that runs a version of Windows Server that is later than the latest version that is running in your existing domain.
✑ Before you upgrade an existing domain controller to a later version of Windows Server, if that domain controller will be the first domain controller in the domain or forest to run that version of Windows Server.
References:
https://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServertrustAnchor cmdlet.
Does this meet the goal?

Correct Answer: B 🗳️
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust "point") is a public cryptographic key for a signed zone.
Trust anchors must be configured on every non-authoritative DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.
References:
https://technet.microsoft.com/en-us/library/jj649932.aspx
https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.

You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?

Correct Answer: A 🗳️
The NRPT stores configurations and settings that are used to deploy DNS Security Extensions (DNSSEC), and also stores information related to DirectAccess, a remote access technology.
Note: The Name Resolution Policy Table (NRPT) is a new feature available in Windows Server 2008 R2. The NRPT is a table that contains rules you can configure to specify DNS settings or special behavior for names or namespaces. When performing DNS name resolution, the DNS Client service checks the
NRPT before sending a DNS query. If a DNS query or response matches an entry in the NRPT, it is handled according to settings in the policy. Queries and responses that do not match an NRPT entry are processed normally.
References: https://technet.microsoft.com/en-us/library/ee649207(v=ws.10).aspx