Microsoft Securing Windows Server 2016 70-744 Exam Questions

Page: 1 / 14
Total 245 questions
Question 1

The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.

All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.

An OU named OU2 contains the computer accounts of the computers in the marketing department.

A Group Policy object (GPO) named GP1 is linked to OU1.

A GPO named GP2 is linked to OU2.

All computers receive updates from Server1.

You create an update rule named Update1.

You need to create a Role Capability file on Server3. Which file should you create?



Answer : D


Question 2

Your network contains several secured subnets that are disconnected from the Internet.

One of the secured subnets contains a server named Server1 that runs Windows Server 2016.

You implement Log Analytics in Microsoft Operations Management Suite (OMS) for the servers that connect to the Internet.

You need to ensure that Log Analytics can collect logs from Server1.

Which two actions should you perform? Each correct answer presents part of the solution.



Answer : A, E

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway

OMS Log Analytics Forwarder = OMS Gateway

If your IT security policies do not allow computers on your network to connect to the Internet, such as point of sale (POS) devices, or servers supporting IT services,

but you need to connect them to OMS to manage and monitor them, they can be configured to communicate directly with the OMS Gateway (previous called ''OMS

Log Analytics Fowarder'') to receive configuration and forward data on their behalf.

You have to also install Microsoft Monitoring Agent on Server1 to generate and send events to the OMS

Gateway,since Server1 does not have direct Internet connectivity.


Question 3

Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines.

You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.

You need to ensure that you can host shielded virtual machines on Server1. What should you install on Server1?



Answer : A

This questions mentions ''The domain contains several shielded virtual machines.'', which indicates a working Host Guardian Service deployment was completed. https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricguarded-host-prerequisites For a new Hyper-V server to utilize an existing Host Guardian Service, install the ''Host Guardian Hyper-V Support''.


Question 4

You have a server named Server1 that runs Windows Server 2016.

You need to identify whether ICMP traffic is exempt from IPsec on Server1.

Which cmdlet should you use?



Answer : D

The Get-NetFirewallSetting cmdlet retrieves the global firewall settings of the target computer.

The NetFirewallSetting object specifies properties that apply to the firewall and IPsec settings, no matter which network profile is currently in use.

The global configurations include viewing the active profile, exemptions, specified certification validation levels,

and user and computer authorization lists.


Question 5

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.

Which cmdlet should you run?



Answer : C

https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference


Question 6

Your network contains an Active Directory domain named contoso.com. The domain contains servers that run Windows Server 2016.

You enable Remote Credential Guard on a server named Server1.

You have an administrative computer named Computer1 that runs Windows 10.

Computer1 is configured to require Remote Credential Guard.

You sign in to Computer1 as Contoso\\User1.

You need to establish a Remote Desktop session to Server1 as Contoso\\ServerAdmin1.

What should you do first?



Answer : D

When Computer1 is configured to require Remote Credential Guard, you cannot use NTLM authentication to

specify (or impersonate) another user account when

connecting to Server1.

Therefore, you have to sign in to Computer1 as ''ServerAdmin1'' and use Kerberos for authenticating to RDP

server ''Server1'' when Remote Credential Guard is required.


Question 7

Your network contains an Active Directory domain named contoso.com.

The domain contains a server named Server1 that runs Windows Server 2016.

You need to prevent NTLM authentication on Server1.

Solution: From a Group Policy, you configure the Security Options.

Does this meet the goal?



Answer : A


Page:    1 / 14   
Total 245 questions