Microsoft 70-744 Securing Windows Server 2016 Exam Practice Test

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-of-business applications to the network to meet the following requirements:

The resources of the applications must be isolated from the physical host.

Each application must be prevented from accessing the resources of the other applications.

The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy one Hyper-V container to host all of the applications.

Does this meet the goal?

Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).

You need to implement code integrity policies and sign them by using certificates issued by the CA.

You plan to use the same certificate to sign policies on multiple computers.

You duplicate the Code Signing certificate template and name the new template Codeintegrity.

How should you configure the CodeIntegrity template?

A shielding data file (also called a provisioning data file or PDK file) is an encrypted file that a tenant or VM owner creates to protect important VM configuration information.

A fabric administrator uses the shielding data file when creating a shielded VM, but is unable to view or use the information contained in the file.

Which information can be stored in the shielding data file?

Your network contains an Active Directory domain named contoso.com.

You are deploying Microsoft Advanced Threat Analytics (ATA).

You create a user named User1.

You need to configure the user account of User1 as a Honeytoken account.

Which information must you use to configure the Honeytoken account?

You have the servers configured as shown in the following table.

You purchase a Microsoft Azure subscription, and you create three Microsoft Operations Management Suite (OMS) workspaces named Workspace1, Workspace2, and Workspace3

You need to deploy Microsoft Monitoring Agent to the servers to meet the following requirements: -Antimalware data from all the servers must be visible in Workspace1. -Security and audit data from the domain controllers and the virtualization hosts must be visible in Workspace2. -System update data from all the servers in all the workgroups must be visible in Workspace&

How many OMS agents should you deploy?

Your network contains an Active Directory domain named contoso.com.

The domain contains two DNS servers that run Windows Server 2016.

The servers host two zones named contoso.com and admin.contoso.com.

You sign both zones.

You need to ensure that all client computers in the domain validate the zone records when they query the zone.

What should you deploy?

Your network contains an Active Directory domain named contoso.com.

The domain contains a computer named Computer1 that runs Windows 10.

Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Windows Firewall with Advanced Security, you create an inbound rule.

Does this meet the goal?