- Home
- Server Administration
- Windows
- Identity with Windows server 2016 (70-742)
56.
You are the system administrator at JavaCup, which hosts a web RMS-aware application
that the JavaCup forest and Boston Tea Company forest users need to access. You deploy a
single AD FS server in the JavaCup forest. Which of the following is a true statement about
your AD FS implementation? (Choose all that apply.)
- A.You will configure a relying-party server on the JavaCup AD FS server.
- B.The AD FS server in the Boston Tea Company forest functions as the claims provider.
- C.The AD FS server in the Boston Tea Company forest functions as the relying-party server.
- D.You will configure a claims provider trust on the JavaCup AD FS server.
- Answer & Explanation
- Report
Answer : [A, B]
Explanation :
Explanation :
| The relying-party server is a member of the Active Directory forest that hosts resources that a user in the partner organization wants to access. In this case, the relying party server should be the JavaCup AD FS server. A claims provider provides users with claims. These claims are stored within digitally encrypted and signed tokens. In this case, Boston Tea Party is the claims provider. |
57.
You store AD FS servers in an OU named Federation Servers. You want to auto-enroll the
certificates used for AD FS. Which certificates should you add to the GPO?
- A.The CA certificate of the forest
- B.The third-party (VeriSign, Entrust) CA certificate
- C.The SSL certificate assigned to the AD FS servers
- D.The Token Signing certificate assigned to the AD FS Servers
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The Forest CA certificate is the only certificate that is automatically trusted, does not require user interaction and digital signature does not change in this scenario. |
58.
You plan to implement Active Directory Rights Management Services (AD RMS) across
the enterprise. You need to plan the AD RMS cluster installations for the forest. Users in
all domains will access AD RMS–protected documents. You need to minimize the number
of AD RMS clusters. Which of the following will help you determine how many AD RMS
root clusters you require?
- A.You need at least one AD RMS root cluster for the enterprise.
- B.You need at least one AD RMS root cluster per forest.
- C.You need at least one AD RMS root cluster per domain.
- D.You need at least one AD RMS root cluster per Active Directory site.
- E.An AD RMS root cluster is not required.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Licensing Server/Cluster is the component in charge of delivering publishing and use licenses. Several clusters can be installed per forest depending on the technical needs (servers’ workload and bandwidth constraints). |
59.
You have a server named Server1 that runs Windows Server 2016. You need to configure Server1
as a Web Application Proxy. Which server role or role service should you install on Server1?
- A.Remote Access
- B.Active Directory Federation Services
- C.Web Server (IIS)
- D.DirectAccess and VPN (RAS)
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| To use the Web Application Proxy, you must install the Remote Access role. |
60.
Your network contains an Active Directory forest named WillPanek.com. The forest contains
a member server on the perimeter network named Server1 that runs Windows Server
2016. The administrator installs the Active Directory Federation Services server role on
Server1 along with the Web Application Proxy. Which two inbound TCP ports should you
open on the firewall? Each correct answer presents part of the solution. (Choose two.)
- A.443
- B.390
- C.8443
- D.49443
- Answer & Explanation
- Report
Answer : [A, D]
Explanation :
Explanation :
| To use a Web Application Proxy and AD FS, you should set your firewall to allow for ports 443 and 49443. |
|
|
||||||||||||||||||||||||||||
