70-744 Practice Test Questions – Securing Windows Server 2016

There are many ways to help you pass Microsoft 70-744 exam and selecting a good pathway is a good protection. PassQuestion can provide you a good training tool and high-quality reference information for you to participate in the Microsoft 70-744 exam. PassQuestion 70-744 Practice Test Questions are based on the research of Microsoft 70-744 examination Outline. Therefore, the high quality and high authoritative information provided by PassQuestion can definitely do our best to help you pass Microsoft 70-744 exam.

70-744 Practice Test Questions – Securing Windows Server 2016

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized Windows image.

Does this meet the goal?

Yes

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure each one as a virtualization host. You deploy the operating system on each host by using the customized Windows image. On each host, you create a guest virtual machine and configure the virtual machine as a PAW.

Does this meet the goal?

Yes

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy one physical computer and configure it as Hyper-V host that runs Windows Server 2016. You create 10 virtual machines and configure each one as a PAW.

Does this meet the goal?

Yes

4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contain an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management, you create an AppLocker rule.

Does this meet the goal?

Yes

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management, you create software restriction policy.

Does this meet the goal?

Yes

6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Windows Firewall in the Control Panel, you add an application and allow the application to communicate through the firewall on a Private network.

Does this meet the goal?

Yes

7. Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.

A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

What should you recommend?

Instruct all users to sign in to a client computer by using a Microsoft account.

Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

Instruct all administrators to use a local Administrators account when they sign in to a client computer.

Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

8. Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.

You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.

You need to implement a Privileged Access Management (PAM) solution.

Which two actions should you perform? Each correct answer presents part of the solution.

Raise the forest functional level of admin.contoso.com.

Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.

Configure contoso.com to trust admin.contoso.com.

Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.

Raise the forest functional level of contoso.com.

Configure admin.contoso.com to trust contoso.com.

9. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

Server1 is configured as a domain controller. You configure Server1 as a Just Enough Administration (JEA) endpoint. You configure the required JEA rights for a user named User1.

You need to tell User1 how to manage Active Directory objects from Server2.

What should you tell User1 to do first on Server2?

From a command prompt, runntdsutil.exe.

From Windows PowerShell, run the Import-Module cmdlet.

From Windows PowerShell, run the Enter-PSSession cmdlet.

Install the management consoles for Active Directory, and then launch Active Directory Users and Computers.

10. Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. You deploy the Local Administrator Password Solution (LAPS) to the network. You deploy a new server named FinanceServer5, and join FinanceServer5 to the domain. You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS administrators.

What should you do?

On FinanceServer5, register AdmPwd.dll.

On FinanceServer5, install the LAPS Windows PowerShell module.

In the domain, modify the permissions for the computer account of FinanceServer5.

In the domain, modify the permissions of the Domain Controllers organizational unit (OU).

11. Your network contains an Active Directory domain named contoso.com. The domain contains four servers.

The servers are configured as shown in the following table.

You need to manage FS1 and FS2 by using Just Enough Administration (JEA).

What should you do before you can implement JEA?

Install Microsoft.NET Framework 4.6.2 on FS2.

Install Microsoft.NET Framework 4.6.2 on FS1.

Install Windows Management Framework 5.0 on FS2.

Upgrade DC1 to Windows Server 2016.

12. Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016.

A new security policy states that you must modify the infrastructure to meet the following requirements:

* Limit the nghts of administrators.

* Minimize the attack surface of the forest

* Support Multi-Factor authentication for administrators.

You need to recommend a solution that meets the new security policy requirements.

What should you recommend deploying?

an administrative forest

domain isolation

an administrative domain in contoso.com

the Local Administrator Password Solution (LAPS)

13. Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.

You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.

What should you include in the recommendation?

Provide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to the contoso.com domain.

Provide a Privileged Access Workstation (PAW) for each user in the contoso.com forest. Join each PAW to the contoso.com domain.

Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.

Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.

14. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2016.

The domain contains a server named Server1.

You export the security baseline shown in the following exhibit.

You have a server named Server2 that is a member of a workgroup.

You copy the {2617e9b1-9672-492b-aefa-0505054848c2} folder to Server2.

You need to deploy the baseline settings to Server2.

What should you do?

Download and then run the Lgpo.exe command.

From Group Policy Management, import a Group Policy object (GPO).

From Windows PowerShell, run the Restore-GPO cmdlet.

From Windows PowerShell, run the Import-GPO cmdlet.

From a command prompt, run the secedit.exe command and specify the /import parameter.

15. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

A technician is testing the deployment of Credential Guard on Server1.

You need to verify whether Credential Guard is enabled on Server1.

What should you do?

From a command prompt, run the credwiz.exe command.

From Task Manager, review the processes listed on the Details tab.

From Server Manager, click Local Server, and review the properties of Server1.

From Windows PowerShell, run the Get-WsManCredSSP cmdlet.

From a command prompt, run the tsecimp.exe command.

From Control Panel, open Credential Manager, and review the list of Windows Credentials.

16. Your network contains an Active Directory domain named contoso.com. You install the Windows Server Update Services server role on a member server named Server1. Server1 runs Windows Server 2016.

You need to ensure that a user named User1 can perform the following tasks:

* View the Windows Server Update Services (WSUS) configuration.

* Generate WSUS update reports.

The solution must use the principle of least privilege.

What should you do on Server1?

Modify the permissions of the ReportWebService virtual folder from the WSUS Administration website.

Add User1 to the WSUS Reporters local group.

Add User1 to the WSUS Administrators local group.

Run wsusutil.exe and specify the postinstall parameter.

17. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server5 that has the Windows Server Update Services server role installed.

You need to configure Windows Server Update Services (WSUS) on Server5 to use SSL.

You install a certificate in the local Computer store.

Which two tools should you use? Each correct answer presents part of the solution.

Wsusutil

Netsh

Internet Information Services (IIS) Manager

Server Manager

Update Services

18. Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 8.1 and 1,000 client computers that run Windows 10.

You deploy a Windows Server Update Services (WSUS) server. You create a computer group for each organizational unit (OU) that contains client computers. You configure all of the client computers to receive updates from WSUS.

You discover that all of the client computers appear in the Unassigned Computers computer group in the Update Services console.

You need to ensure that the client computers are added automatically to the computer group that corresponds to the location of the computer account in Active Directory.

Which two actions should you perform? Each correct answer presents part of the solution.

From Group Policy objects (GPOs), configure the Enable client-side targeting setting.

From the Update Services console, configure the Computers option.

From Active Directory Users and Computers, create a domain local distribution group for each WSUS computer group.

From Active Directory Users and Computers, modify the flags attribute of each OU.

19. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a volume named Volume1.

A central access policy named Policy1 is deployed to the domain.

You need to apply Policy1 to Volume1.

Which tool should you use?

File Explorer

Shared Folders

Server Manager

Disk Management

Storage Explorer

Computer Management

System Configuration

File Server Resource Manager (FSRM)

20. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a shared folder named Share1.

You need to encrypt the contents to Share1.

Which tool should you use?

File Explorer

Shared Folders

Server Manager

Disk Management

Storage Explorer

Computer Management

System Configuration

File Server Resource Manager (FSRM)

70-744 Practice Test Questions – Securing Windows Server 2016

70-744 Practice Test Questions – Securing Windows Server 2016

Leave a Reply Cancel reply