Microsoft 70-744 Exam Practice Test Instant Access

Question 1

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that the marketing department computers validate DNS responses from adatum.com.

Which setting should you configure in the Computer Configuration node of GP1?

ATCPIP Settings from Administrative Templates

BConnection Security Rule from Windows Settings

CDNS Client from Administrative Templates

DName Resolution Policy from Windows Settings

Answer : D

The NRPT is a table that contains rules that you can configure to specify DNS settings or special behavior for names or namespaces.

The NRPT can be configured using the Group Policy Management Editor under Computer Configuration

\\Policies\\Windows Settings\\Name Resolution Policy, or with

Windows PowerShell.

If a DNS query matches an entry in the NRPT, it is handled according to settings in the policy.

Queries that do not match an NRPT entry are processed normally.

You can use the NRPT to require that DNSSEC validation is performed on DNS responses for queries in

the namespaces that you specify.

Question 2

Your network contains an Active Directory domain. All the computers in the domain are configured for the Local Administrator Password Solution (LAPS). The Group Policy object (GPO) settings for LAPS are configured as shown in the exhibit. (Click the Exhibit tab.)

You provide a technician with the local administrator password for a computer named Computer1.

What is the maximum amount of time the password will be valid?

A30 minutes

B3 days

C30 days

D365 days

Answer : C

References:

https://www.reddit.com/r/sysadmin/comments/712049/laps_password_expiration_time_password_age/

Question 3

Your network contains an Active Directory domain named contoso.com.

The domain contains a server named Server1 that runs Windows Server 2016.

The local administrator credentials of Server1 are managed by using the Local Administrator Password Solution (LAPS).

You need to retrieve the password of the Administrator account on Server1.

What should you do?

AFrom Windows PowerShell on Server1, run the Get-ADFineGrainedPasswordPolicy cmdlet and specify the -Credential parameter.

BFrom Windows PowerShell on Server1, run the Get-ADUser cmdlet and specify the -Credential parameter.

CFrom Active Directory Users and Computers, open the properties at Server1 and view the value at the msMcs-AdmPwd attribute

DFrom Active Directory Users and Computers, open the properties of Administrator and view the value of the userPassword attribute

Answer : C

The ''ms-Mcs-AdmPwd'' attribute of a computer account in Active Directory Users and Computers stores the local Administrator password of a computer, which is configured by LAPS.

Question 4

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

The Microsoft Advanced Threat Analytics (ATA) Center service is installed on Server1. The domain contains the users shown in the following table.

You are installing ATA Gateway on Server2.

You need to specify a Gateway Registration account. Which account should you use?

AUser1

BUser2

CUser3

DUser4

EUser5

FUser6

GUser7

HUser8

Answer : F

https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-role-groups

The user who installed ATA will be able to access the management portal (ATA Center) as members of the

''Microsoft Advanced Threat Analytics Administrators''

local group on the ATA Center server.

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear i n the review screen.

You deploy Windows Server 2016 to a server named Server1,

You need to ensure that you can run Windows Containers on Server1.

Solution: On Server1, you enable the Containers feature, and then you install the PowerShell for Docker module. You restart the server.

Does this meet the goal?

AYes

BNo

Answer : A

References:

https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/deploy-containers-on-server

Question 6

Your network contains an Active Directory domain named contoio.com. The domain contains a server named Server1 that runs Windows Server 2016.

You have an organizational unit (OU) named Administration that contains the computer account of Server1.

You import the Active Directory module to Served1.

You create a Group Policy object (GPO) named GPO1 You link GPO1 to the Administration OU.

You need to log an event each time an Active Directory cmdlet is executed successfully from Server1.

What should you do?

AFrom Advanced Audit Policy in GPO1 configure auditing for directory service changes.

BRun the (Get-Module ActiveDirectory).LogPipelineExecutionDetails - $false command.

CRun the (Get-Module ArtiveDirectory).LogPipelineExecutionDetails = $true command.

DFrom Advanced Audit Policy in GPO1 configure auditing for other privilege use events.

Answer : C

Question 7

Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10.

You plan to deploy a Remote Desktop connection solution for the client computers.

You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.

You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.

Solution: You deploy the Remote Desktop connection solution by using Server3.

Does this meet the goal?

AYes

BNo

Answer : A

Yes, since all client computers run Windows 10, and Server2 is Windows Server 2016 which fulfills the

following requirements of using Remote Credential Guard.

https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard

Remote Credential Guard requirements

To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements:

The Remote Desktop client device:

Must be running at least Windows 10, version 1703 to be able to supply credentials.

Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user's signed-in

credentials. This requires the user's account be able to

Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows

Defender Remote Credential Guard.

Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM.

Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose

credentials to risk.

The Remote Desktop remote host:

Must be running at least Windows 10, version 1607 or Windows Server 2016.

Must allow Restricted Admin connections.

Must allow the client's domain user to access Remote Desktop connections.

Must allow delegation of non-exportable credentials.

Microsoft 70-744 Securing Windows Server 2016 Exam Practice Test