Securing Windows Server 2016 Exam 70-744 Practice Questions

Candidates who are familiar with the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric can take 70-744 exam to secure Windows Server 2016 environments. New Securing Windows Server 2016 Exam 70-744 Practice Questions are online for helping you pass Microsoft MCSE 70-744 exam smoothly. 

Read 70-744 Securing Windows Server 2016 Exam Free Dumps Online

1. Note: The question is part of a series of questions th« present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized Windows image.

Does this meet the goal?

 
 

2. Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2#W client computers that run Windows 10. All client computers are deployed (rom a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure each will as a virtualization host. You deploy the operating system on each host by using the customized Windows image. On each host you create a guest virtual machine and configure the virtual machine as a PAW.

Does this meet the goal?

 
 

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy one physical computer and configure it as a Hyper-V host that runs Windows Server 2016. You create 10 virtual machines and configure each one as a PAW.

Does this meet the goal?

 
 

4. Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to It. As a result, these

questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080. You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management, You create an Applocker rule.

 
 

5. Note: This question It part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goats. Some question sets

might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains a

computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network. The corporate network uses the 17216.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080. You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management you create a software restriction policy.

Does this meet the goal?

 
 

6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Windows Firewall in the Control Panel, you add an application and allow the application to communicate through the firewall on a Private network.

Does this meet the goal?

 
 

7. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client computers run Windows 10.

The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1 and Server2.

Solution: You create a Group Policy object (GPO), you link the GPO to the Servers OU, and then you modify the Users Rights Assignment in the GPO.

Does this meet the goat?

 
 

8. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client computers run Windows 10.

The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1 and Server2.

Solution: You add User1 to the Backup Operators group in contoso.com.

Does this meet the goal?

 
 

9. Note: This question b part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear In the review screen.

Your network contains an Active Directory domain named contow.com. All servers run Windows Server 2016. All client computers run Windows 10.

The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1 and Server2.

Solution: You create a Group Policy object (GPO), link it to the Operations Users OU, and modify the Users Rights Assignment in the GPO.

Does this meet the goal?

 
 

10. Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to It. As a result, these

questions will not appear In the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-of-business applications to the network; to meet the following requirements: *The resources of the applications must be isolated from the physical host.

*Each application must be prevented from accessing the resources of the other applications. *The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy a separate Windows container for each application.

Does this meet the goal?

 
 

11. Note: This question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It, As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-to-business applications to the network to meet the following requirements:

* The resources of the applications must be isolated (rom the physical host.

* Each application must be prevented from accessing the resources of the other applications.

* The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy a separate Hyper-V container for each application.

Does this meet the goal?

 
 

12. Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these

questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-of-business applications to the network to meet the following requirements:

* The resources of the applications must be isolated from the physical host

* Each application must be prevented from accessing the resources of the other applications.

* The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy one Windows container to host all of the applications.

Does this meet the goal?

 
 

13. Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.

A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

What should you recommend?

 
 
 
 

14. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.

You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.

You need to implement a Privileged Access Management (PAM) solution.

Which two actions should you perform? Each correct answer presents part of the solution.

 
 
 
 
 
 

15. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 is configured as a domain controller. You configure Server1 as a Just Enough Administration (JEA) endpoint You configure the required JEA rights for a user named User1.

You need to tell User1 how to manage Active Directory objects from Server2.

What should you tell User1 to do first on Server2?

 
 
 
 

16. Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. You deploy the Local Administrator Password Solution (LAPS) to the network.

You deploy a new server named FinanceServer5, and join FinanceServerS to the domain. You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS administrators.

What should you do?

 
 
 
 

17. Your network contains an Active Directory domain named contoso.com. The domain contains four servers.

The servers are configured as shown in the following table.

You need to manage FS1 and FS2 by using Just Enough Administration (JEA).

What should you do before you can implement JEA?

 
 
 
 

18. HOTSPOT

Your network contains an Active Directory forest named contoso.com. The forest has Microsoft Identity Manager (MIM) 2016 deployed. You implement Privileged Access Management (PAM). You need to request privileged access from a client computer in contoso.com by using PAM.

How should you complete the Windows PowerShell script? To answer, select the appropriate

options in the answer area.

19. Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016.

A new secunty policy states that you must modify the infrastructure to meet the following requirements:

* Limit the nghts of administrators.

* Minimize the attack surface of the forest

* Support Multi-Factor authentication for administrators.

You need to recommend a solution that meets the new secunty policy requirements.

What should you recommend deploying?

 
 
 
 

20. Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.

You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.

What should you include in the recommendation?

 
 
 
 

21. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2016.

The domain contains a server named Serverl that has Microsoft Security Compliance Manager (SCM) 4.0 installed.

You export the baseline shown in the following exhibit.

You have a server named Server2 that is a member of a workgroup.

You copy the (2617e9b1-9672-492b-aefa-0505054848c2) folder to Server2.

You need to deploy the baseline settings to Server2.

What should you do?

 
 
 
 
 

22. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Serve1, that runs Windows Server 2016.

A technician is testing the deployment of Credential Guard on Server1.

You need to verify whether Credential Guard is enabled on Server1.

What should you do?

 
 
 
 

23. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

The services on Server1 are shown in the following output.

Server1 has the AppLocker rules configured as shown in the exhibit (Click the Exhibit button.)

Rule1 and Rule2 are configured a$ shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

24. Your network contains an Active Directory domain named contoso.com.

You install the Windows Server Update Services server role on a member server named Server1. Server1 runs Windows Server 2016.

You need to ensure that a user named Used can perform the following tasks:

* View the Windows Server Update Services (WSUS) configuration.

* Generate WSUS update reports.

The solution must use the principle of least privilege.

What should you do on Server1?

 
 
 
 

25. HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You have an organizational unit (OU) named Secure that contains all servers.

You install Microsoft Security Compliance Manager (SCM) 4.0 on a server named Server1.

You need to export the SCM Pnnt Server Secunty baseline and to deploy the baseline to a server named Server2.

What should you do? To answer, select the appropnate options in the answer area.

26. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server5 that has the Windows Server Update Services server role installed.

You need to configure Windows Server Update Services (WSUS) on Server5 to use SSI.

You install a certificate in the local Computer store.

Which two tools should you use? Each correct answer presents part of the solution.

 
 
 
 
 

27. Your network contains an Active Directory domain named conioso.com. The domain contains 1,000 client computers that run Windows 8.1 and 1,000 client computers that run Windows 10.

You deploy a Windows Server Update Services (WSUS) server. You create a computer group tor each organizational unit (OU) that contains client computers. You configure all of the client computers to receive updates from WSUS.

You discover that all of the client computers appear m the Unassigned Computers computer group in the Update Services console.

You need to ensure that the client computers are added automatically to the computer group that corresponds to the location of the computer account in Active Directory.

Which two actions should you perform? Each correct answer presents part of the solution.

 
 
 
 
 

28. Note: This question Is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a volume named Volume1.

A central access policy named Policy1 is deployed to the domain.

You need to apply Policy1 to Volume1.

Which tool should you use?

 
 
 
 
 
 
 
 

29. Note: This question Is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a shared folder named Share1.

You need to encrypt the contents of Share1.

Which tool should you use?

 
 
 
 
 
 
 
 

30. Note: This question b part of a series of questions that use the same or simitar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a shared folder named Share1.

You need to ensure that all access to Share1 uses SMB Encryption.

Which tool should you use?

 
 
 
 
 
 
 
 

31. Note: This question is port of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question In the series. Each question is Independent of the other questions In this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016 and a Nano Server named Nano1.

Nano1 has two volumes named C and D.

You are signed in to Server1.

You need to configure Data Deduplication on Nano1.

Which tool should you use?

 
 
 
 
 
 
 
 

32. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question Is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com The domain contains a file server named Server1 that runs Windows Server 2016.

You need to create Work Folders on Server1.

Which tool should you use?

 
 
 
 
 
 
 
 

33. Note: This question is part of a series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2016.

Server1 has a volume named Volume1.

Dynamic Access Control is configured. A resource property named Property1 was created in the domain.

You need to ensure that Property1 is set to a value of Big for all of the files in Volume1 that are larger than 10 MB.

Which tool should you use?

 
 
 
 
 
 
 
 

34. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to exclude D:Folder1 on Nano1 from being scanned by Windows Defender.

Which cmdlet should you run?

 
 
 
 

35. HOTSPOT

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that you can implement the Local Administrator Password Solution (LAPS) (or the finance department computers.

What should you do in the contoso.com forest? To answer, select the appropriate options in the answer area.

36. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that the marketing department computers validate DNS responses from adatum.com.

Which setting should you configure in the Computer Configuration node of GP1?

 
 
 
 

37. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that you can deploy a shielded virtual machine to Server4.

Which server role should you deploy?

 
 
 
 

38. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario b repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown m the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to disable SMB 1.0 on Server2.

What should you do?

 
 
 
 

39. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.

You need to ensure that the BitLocker recovery keys are stored in Active Directory.

Which Group Policy setting should you configure?

 
 
 
 

40. Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA). You create a user named User1. You need to configure the user account of User1 as a Honeytoken account.

Which information must you use to configure the Honeytoken account?

 
 
 
 

41. Your network contains an Active Directory domain named contoso.com. You create a Microsoft Operations Management Suite (OMS) workspace. You need to connect several computers directly to the workspace.

Which two pieces of information do you require? Each correct answer presents part of the

solution.

 
 
 
 

42. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.

Server1 is configured as shown in the following table.

You plan to create a pilot deployment of Microsoft Advanced Threat Analytics (ATA).

You need to install the ATA Center on Server1.

What should you do first?

 
 
 
 

43. Your network contains an Active Directory domain named contoso.com The domain contains five file servers that run Windows Server 2016. You have an organizational unit (OU) named Finance that contains all of the servers.

You create a Group Policy object (GPO) and link the GPO to the Finance OU. You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged. The solution must log only users who have a manager attribute of Ben Smith.

Which audit policy setting should you configure in the GPO?

 
 
 
 

44. Your network contains an Active Directory domain named contoio.com. The domain contains a

server named Server1 that runs Windows Server 2016. You have an organizational unit (OU) named Administration that contains the computer account of Server1.

You import the Active Directory module to Served1. You create a Group Policy object (GPO) named GPO1 You link GPO1 to the Administration OU. You need to log an event each time an Active Directory cmdlet is executed successfully from Server1.

What should you do?

 
 
 
 

45. HOTSPOT

Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016. You have an organizational unit (OU) named OU1 that contains Server1.

You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1. A user named User1 is a member of group named Group1.

The properties of User1 are shown in the User1 exhibit (Click the Exhibit button.)

User1 has permissions to two files on Server1 configured as shown in the following table.

From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

46. Your network contains an Active Directory domain named contoso.com.

You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain.

You install the ATA Center on server named Server1 and the ATA Gateway on a server named Served.

You need to ensure that Server2 can collect NTLM authentication events.

What should you configure?

 
 
 
 

47. Your network contains an Active Directory forest named conloso.com. The network is connected to the Internet. You have 100 point-of-sale (POS) devices that run Windows 10. The devices cannot access the

Internet. You deploy Microsoft Operations Management Suite (OMS). You need to use OMS to collect and analyze data from the POS devices.

What should you do first?

 
 
 
 
 

48. HOTSPOT

You plan to deploy three encrypted virtual machines that use Secure Boot.

The virtual machines will be configured as shown in the following table.

How should you protect each virtual machine? To answer, select the appropriate options in the answer area.

49. HOTSPOT

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2. Server1 and Server2 run Windows Server 2016.

Contoso.com trusts adatum.com. You plan to deploy shielded virtual machines to Server1.

Which component should you install and which cmdlet should you run on Server1? To answer,

select the appropriate options in the answer area.

50. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts.

You plan to deploy guarded hosts. You deploy a new server named Server22 to a workgroup. You need to configure Server22 as a Host Guardian Service server.

What should you do before you initialize the Host Guardian Service on Server22?

 
 
 
 

51. The New-CIPolicy cmdlet creates a Code Integrity policy as an .xml file. If you do NOT supply either driver files or rules what will happen?

 
 
 
 

52. Read the following statement carefully and answer YES or NO.

You create a rule “Allow Everyone to run Windows except Registry Editor” that allows everyone in the organization to run Windows but does not allow anyone to run Registry Editor.

The effect of this rule would prevent users such as help desk personnel from running a program that is necessary for their support tasks.

To resolve this problem, you create a second rule that applies to the Helpdesk user group: “Allow Helpdesk to run Registry Editor.”

However, if you created a deny rule that did not allow any users to run Registry Editor, would the deny rule override the second rule that allows the Helpdesk user group to run Registry Editor?

 
 

53. A shielding data file (also called a provisioning data file or PDK file) is an encrypted file that a tenant or VM owner creates to protect important VM configuration information.

A fabric administrator uses the shielding data file when creating a shielded VM, but is unable to view or use the information contained in the file.

Which information can be stored in the shielding data file?

 
 
 
 

54. Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.

Windows Defender comes with a number of different Defender-specific cmdlets that you can run through PowerShell to automate common tasks.

Which Cmdlet would you run first if you wanted to perform an offline scan?

 
 
 
 

55. _____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

 
 
 
 

56. This question relates to Windows Firewall and related technologies.

These rules use IPsec to secure traffic while it crosses the network.

You use these rules to specify that connections between two computers must be authenticated or encrypted.

What is the name for these rules?

 
 
 
 

57. Windows Firewall rules can be configured using PowerShell.

The “Set-NetFirewallProfile” cmdlet configures settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.

What is the default setting for the AllowInboundRules parameter when managing a GPO?

 
 

58. The “Network Security: Restrict NTLM: NTLM authentication in this domain” policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller.

Which value would you choose so that the domain controller will deny all NTLM authentication logon attempts using accounts from this domain to all servers in the domain.

The NTLM authentication attempts will be blocked and will return an NTLM blocked error unless the server name is on the exception list in the Network security: Restrict NTLM: Add server exceptions in this domain policy setting.

 
 
 
 

59. Encryption-supported VMs are intended for use where the fabric administrators are fully trusted.

For example, an enterprise might deploy a guarded fabric in order to ensure VM disks are encrypted at-rest for compliance purposes.

Shielded VMs are intended for use in fabrics where the data and state of the VM must be protected from both fabric administrators and untrusted software that might be running on the Hyper-V hosts.

Is the Virtual Machine Connection (Console), HID devices (e.g. keyboard, mouse) ON or OFF for Encryption Supported VM’s?

 
 

60. HOTSPOT

Your network contains an Active Directory domain named contoso.com.

You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain. You install the ATA Gateway on a server named Server1. To assist in detecting Pass-the-Hash attacks, you plan to configure ATA Gateway to collect events. You need to configure the query filter for event subscriptions on Server1.

How should you configure the query filter? To answer, select the appropriate options in the answer are.


Real Microsoft Exchange Server 2016 70-345 Exam Dumps
Microsoft 365 Certification MS-201 Practice Exam Questions