70-744 Securing Windows Server 2016 exam test questions

1. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario b repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown m the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to disable SMB 1.0 on Server2.

What should you do?

2. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.

You need to ensure that the BitLocker recovery keys are stored in Active Directory.

Which Group Policy setting should you configure?

3. Your network contains an Active Directory domain named contoso.com.

You are deploying Microsoft Advanced Threat Analytics (ATA).

You create a user named User1.

You need to configure the user account of User1 as a Honeytoken account.

Which information must you use to configure the Honeytoken account?

4. Your network contains an Active Directory domain named contoso.com.

You create a Microsoft Operations Management Suite (OMS) workspace.

You need to connect several computers directly to the workspace.

Which two pieces of information do you require? Each correct answer presents part of the solution.

5. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.

Server1 is configured as shown in the following table.

You plan to create a pilot deployment of Microsoft Advanced Threat Analytics (ATA).

You need to install the ATA Center on Server1.

What should you do first?

6. Your network contains an Active Directory domain named contoso.com The domain contains five file servers that run Windows Server 2016.

You have an organizational unit (OU) named Finance that contains all of the servers.

You create a Group Policy object (GPO) and link the GPO to the Finance OU.

You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged. The solution must log only users who have a manager attribute of Ben Smith.

Which audit policy setting should you configure in the GPO?

7. Your network contains an Active Directory domain named contoso.com.

You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain.

You install the ATA Center on server named Server1 and the ATA Gateway on a server named Served.

You need to ensure that Server2 can collect NTLM authentication events.

What should you configure?

8. Your network contains an Active Directory forest named conloso.com.

The network is connected to the Internet.

You have 100 point-of-sale (POS) devices that run Windows 10. The devices cannot access the Internet.

You deploy Microsoft Operations Management Suite (OMS).

You need to use OMS to collect and analyze data from the POS devices.

What should you do first?

9. HOTSPOT

You plan to deploy three encrypted virtual machines that use Secure Boot. The virtual machines will be configured as shown in the following table.

How should you protect each virtual machine? To answer, select the appropriate options in the answer area.

10. HOTSPOT

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2. Server1 and Server2 run Windows Server 2016.

Contoso.com trusts adatum.com.

You plan to deploy shielded virtual machines to Server1 and to configure Admin-trusted attestation on Server2.

Which component should you install and which cmdlet should you run on Server2? To answer, select the appropriate options in the answer area.

11. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts.

You plan to deploy guarded hosts.

You deploy a new server named Server22 to a workgroup.

You need to configure Server22 as a Host Guardian Service server.

What should you do before you initialize the Host Guardian Service on Server22?

12. The New-CIPolicy cmdlet creates a Code Integrity policy as an .xml file. If you do NOT supply either driver files or rules what will happen?

13. Read the following statement carefully and answer YES or NO.

You create a rule “Allow Everyone to run Windows except Registry Editor” that allows everyone in the organization to run Windows but does not allow anyone to run Registry Editor.

The effect of this rule would prevent users such as help desk personnel from running a program that is necessary for their support tasks.

To resolve this problem, you create a second rule that applies to the Helpdesk user group: “Allow Helpdesk to run Registry Editor.”

However, if you created a deny rule that did not allow any users to run Registry Editor, would the deny rule override the second rule that allows the Helpdesk user group to run Registry Editor?

14. A shielding data file (also called a provisioning data file or PDK file) is an encrypted file that a tenant or VM owner creates to protect important VM configuration information.

A fabric administrator uses the shielding data file when creating a shielded VM, but is unable to view or use the information contained in the file.

Which information can be stored in the shielding data file?

15. Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.

Windows Defender comes with a number of different Defender-specific cmdlets that you can run through PowerShell to automate common tasks.

Which Cmdlet would you run first if you wanted to perform an offline scan?

16. _____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

17. This question relates to Windows Firewall and related technologies.

These rules use IPsec to secure traffic while it crosses the network.

You use these rules to specify that connections between two computers must be authenticated or encrypted.

What is the name for these rules?

18. Windows Firewall rules can be configured using PowerShell.

The “Set-NetFirewallProfile” cmdlet configures settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.

What is the default setting for the AllowInboundRules parameter when managing a GPO?

19. The “Network Security: Restrict NTLM: NTLM authentication in this domain” policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller.

Which value would you choose so that the domain controller will deny all NTLM authentication logon attempts using accounts from this domain to all servers in the domain.

The NTLM authentication attempts will be blocked and will return an NTLM blocked error unless the server name is on the exception list in the Network security: Restrict NTLM: Add server exceptions in this domain policy setting.

20. Encryption-supported VMs are intended for use where the fabric administrators are fully trusted.

For example, an enterprise might deploy a guarded fabric in order to ensure VM disks are encrypted at-rest for compliance purposes.

Shielded VMs are intended for use in fabrics where the data and state of the VM must be protected from both fabric administrators and untrusted software that might be running on the Hyper-V hosts.

Is the Virtual Machine Connection (Console), HID devices (e.g. keyboard, mouse) ON or OFF for Encryption Supported VM’s?