Microsoft 70-744 Exam Practice Test Instant Access

Question 1

Note: This question Is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Server1 has a shared folder named Share1.

You need to encrypt the contents of Share1.

Which tool should you use?

AFile Explorer

BShared Folders

CServer Manager

DDisk Management

EStorage Explorer

FComputer Management

GSystem Configuration

HFile Server Resource Manager (FSRM)

Answer : A

Question 2

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. You need to prevent NTLM authentication on Server1.

Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet. Does this meet the goal?

AYes

BNo

Answer : B

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ On Client, the PowerShell approach (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol) Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

However, the question asks about Server! On Server, the PowerShell approach (Remove-WindowsFeature FS-SMB1): Remove-WindowsFeature FS-SMB1

Even if SMB1 is removed, SMB2 and SMB3 could still run NTLM authentication! Therefore, answer is a ''NO''.

Question 3

Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines.

You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.

You need to ensure that you can host shielded virtual machines on Server1. What should you install on Server1?

AHost Guardian Hyper-V Support

BBitLocker Network Unlock

Cthe Windows Biometric Framework (WBF)

DVM Shielding Tools for Fabric Management

Answer : A

This questions mentions ''The domain contains several shielded virtual machines.'', which indicates a working Host Guardian Service deployment was completed. https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricguarded-host-prerequisites For a new Hyper-V server to utilize an existing Host Guardian Service, install the ''Host Guardian Hyper-V Support''.

Question 4

Your network contains an Active Directory domain named contoso.com.

The domain contains 10 computers that are in an organizational unit (OU) named OU1.

You deploy the Local Administrator Password Solution (LAPS) client to the computers.

You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy

settings in GPO1.

You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.

Which two actions should you perform? Each correct answer presents part of the solution.

ARestart the domain controller that hosts the PDC emulator role.

BUpdate the Active Directory Schema.

CEnable LDAP encryption on the domain controllers.

DRestart the computers.

EModify the permissions on OU1.

Answer : B, E

Question 5

Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.

You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.

What should you include in the recommendation?

AProvide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to the contoso.com domain.

BProvide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest Join each PAW to the contoso.com domain.

CProvide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.

DProvide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.

Answer : D

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilegedaccess-reference-material

Question 6

Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-of-business applications to the network; to meet the following requirements:

*The resources of the applications must be isolated from the physical host.

*Each application must be prevented from accessing the resources of the other applications.

*The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy a separate Windows container for each application.

Does this meet the goal?

AYes

BNo

Answer : A

By using Windows Container

-The resources of the applications must be isolated from the physical host (ACHIEVED, as a single container could only access its own resources, but not others)

-Each application must be prevented from accessing the resources of the other applications. (ACHIEVED, as a single container could only access its own

resources, but not others)

-The configurations of the applications must be accessible only from the operating system that hosts the

application. (ACHIEVED, you can use DockerFile or

DockerRun to push configurations to containers from the Container Host OS)References:

https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/

Question 7

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.

You need to ensure that the BitLocker recovery keys are stored in Active Directory.

Which Group Policy setting should you configure?

ASystem cryptography; Force strong key protection (or user keys stored on the computer

BStore Bittocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)

CSystem cryptography: Use FIPS compliant algorithms for encryption, hashing and signing

DChoose how BitLocker-protected operating system drives can be recovered

Answer : D

https://technet.microsoft.com/en-us/library/jj679890%28v=ws.11%29.aspx?f=255&MSPPError=- 2147217396#BKMK_rec1

Microsoft Securing Windows Server 2016 70-744 Exam Practice Test