READ Free Dumps For Microsoft- 70-410
| Question ID 9259 | Your network contains two Active Directory forests named contoso.com and adatum.com. All servers run Windows Server 2012 R2. A one-way external trust exists
between contoso.com and adatum.com.
Adatum.com contains a universal group named Group1. You need to prevent Group1 from being used to provide access to the resources in contoso.com.
What should you do?
|
| Option A | Change the scope of Group1 to domain local.
|
| Option B | Modify the Allowed to Authenticate permissions in adatum.com.
|
| Option C | Enable SID quarantine on the trust between contoso.com and adatum.com.
|
| Option D | Modify the Allowed to Authenticate permissions in contoso.com.
|
| Correct Answer | D |
Explanation Explanation/Reference: * Accounts that require access to the customer Active Directory will be granted a special right called Allowed to Authenticate. This right is then applied to computer objects (Active Directory domain controllers and AD RMS servers) within the customer Active Directory to which the account needs access. * For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside in the trusting domain or forest.
| Question ID 9260 | Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows
Server 2012 R2 and are configured as global catalog servers. The corp.contoso.com domain contains a domain controller named DC1.
You need to disable the global catalog on DC1.
What should you do?
|
| Option A | From Active Directory Users and Computers, modify the properties of the DC1 computer account.
|
| Option B | From Active Directory Administrative Center, modify the properties of the DC1 computer account.
|
| Option C | From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.
|
| Option D | From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.
|
| Correct Answer | C |
Explanation Explanation/Reference: To add or remove the global catalog Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. To open Active Directory Sites and Services in Windows Server® 2012, click Start, type dssite.msc. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. Where? Active Directory Sites and Services\Sites\SiteName\Servers In the details pane, right-click NTDS Settings of the selected server object, and then click Properties. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.