Implementing Microsoft Identity Manager (MIM) 2016 Quiz Questions and Answers
You are planning to deploy Forefront Identity Manager (MIM) 2010 in your company network. You want to provide identity management between a Human Resources application and Active Directory Domain Services (AD DS). You need to ensure that the synchronization service instance can be returned if the primary server fails. What should you implement?
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.
Answer :
Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com
Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.
A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.
You need to prevent the other domain controllers from attempting to replicate to lon-dc1.
Solution: From Active Directory Sites and Services, you remove the object of lon-dc1.
Does this meet the goal?
Answer :
YES
Your network contains an Active Directory forest named contoso.com. The forest contains 10 domains. The root domain contains a global catalog server named
DC1.
You remove the global catalog server role from DC1.
You need to decrease the size of the Active Directory database on DC1.
Solution: You restart DC1 in Directory Services Repair Mode. You run compact.exe, and then restart DC1.
Does this meet the goal?
Answer :
NO
Your network contains an Active Directory forest named contoso.com. The forest contains 10 domains.
The root domain contains a global catalog server named DC1.
You remove the global catalog server role from DC1.
You need to decrease the size of the Active Directory database on DC1.
Solution: You restart DC1 in Safe Mode. You run ntdsutil.exe, use the files option, and then restart DC1.
Does this meet the goal?
Answer :
NO
Your network contains an Active Directory domain named contoso.com.
You discover that users can use passwords that contain only numbers.
You need to ensure that all the user passwords in the domain contain at least three of the following types of characters:
Numbers
Uppercase letters
Lowercase letters
Special characters
What should you edit?
Answer :
The Default Domain Policy
Your network contains an Active Directory forest named contoso.com The forest contains a member server named Server1.
Server1 has several line-of-business applications. Each application runs as a service that uses the Network Service account.
You need to configure the line-of-business applications to run by using a virtual account.
What should you do?
Answer :
From the Services console, modify the Log On properties of the services.
Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2.
DC1 holds the RID master operations role. DC1 fails and cannot be repaired. You need to move the RID role to DC2.
Solution: On DC2, you open the command prompt, run dsmgmt.exe, connect to DC2, and use the Seize RID master opinion.
Does this meet the goal?
Answer :
NO
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named Server1.
You recently restored a backup of the Active Directory database from Server1 to an alternate Location. The restore operation does not interrupt the Active
Directory services on Server1.
You need to make the Active Directory data in the backup accessible by using Lightweight Directory Access Protocol (LDAP).
Which tool should you use?
Answer :
Dsamain
Your network contains an Active Directory domain named contoso.com.
You have a Group Policy object (GPO) named GPO1. GPO1 is linked to an organizational unit (OU) named OU1.
GPO1 contains several corporate desktop restrictions that apply to all computers.
You plan to deploy a printer to the computers in OU1.
You need to ensure that any user who signs in to a computer that runs Windows 10 in OU1 receives the new printer. All of the computers in OU1 must continue to
apply the corporate desktop restrictions from GPO1.
What should you configure?
Answer :
a computer preference that uses item-level targeting
