Microsoft 70-744 Exam Practice Test Instant Access

Question 1

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

Multiple resource properties are defined in the domain.

Server1 has a volume named Volume1.

You need to view the classification properties that have been configured on Volume1.

Which tool should you use?

AFile Explorer

BShared Folders

CServer Manager

DDisk Management

EStorage Explorer

FComputer Management

GSystem Configuration

HFile Server Resource Manager (FSRM)

Answer : A

References:

https://blog.netwrix.com/2018/05/22/microsoft-file-classification-infrastructure-fci-explained/

Question 2

Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.

OU1 contains a server named Server1. The properties of Server1 are shown in the Server1 exhibit. (Click the Server1 tab.)

You create a Group Policy object (GPO) linked to OU1. You configure the GPO as shown in the LAPS exhibit. (Click the LAPS tab.)

You need to ensure that the password of the local Administrator of Server1 is managed by using Local Administrator Password Solution (LAPS).

Which cmdlet should you run?

AReset-AdmPwdPassword

BSet-AdmPwdComputerSelfPermission

CUpdate-AdmPwdADschema

DSet-AdmPwdResetPasswordPermission

Answer : C

References:

http://techgenix.com/deploying-laps/

Question 3

You have a server named Server1 that runs Windows Server 2016. Server1 contains a folder named Folder1.

Folder1 is shared as Share1.

You need to enable SMB encryption for Share1.

What should you do?

AFrom Shared Folders, modify the Security settings of Share1

BFrom File and Storage Services in Server Manager, modify the properties of Share1

CFrom File Explorer, modify the Advanced Sharing settings of Share1

DFrom File Explorer, modify the Security settings of Folder1

Answer : B

References:

https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-security

Question 4

You have a server named Server1.

You need to configure Windows Defender to perform a full scan every day at 21:00.

What should you do?

AFrom Control Panel, configure the Security and Maintenance settings

BRun the Set-ScheduledJob cmdlet

CFrom the Setting app, modify the Windows Defender settings

DRun the Set-MpPreference cmdlet

Answer : D

References:

https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps

Question 5

You have several servers that run Windows Server 2016. All the servers were recently configured 10 use a new Windows Server Update Services (WSUS) server named WSUS1. WSUSI is configured to download updates as shown in the exhibit. {Click the Exhibit tab.)

You discover that the servers have out-of-date Windows Defender definitions. The servers receive security updates from WSUSI.

You need to ensure that the servers receive the latest Windows Defender definitions.

What should you do?

ACreate a new computer group in WSUS.

BCreate an auto-approval rule in WSUS-

CModify the products and classifications m WSUS.

DCreate a new Group Policy object (GPO) that contains the Automatic Updates settings.

Answer : D

References:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus

Question 6

Your network contains an Active Directory domain named contoso.com.

All DNS servers host an Active Directory-integrated zone for the domain that is DNSSEC-signed. All the DNS servers have a trust anchor installed for a DNS zone named fabrikam.com.

For all the computers in the domain, you configure a name resolution policy that enforces DNSSEC validation for the contoso.com and fabrikam.com DNS namespaces.

You need to verify whether the trust anchor is valid.

What should you do?

AOn a domain-joined computer, run Resolve-DnsName to query a DNS server that hosts the fabrikam.com zone for a DNS record in the fabrikam.com zone.

BOn a domain-joined computer, run Resolve-DnsName to query a domain controller for a DNS record in the fabrikam.com zone.

COn a domain-joined computer, run Get-DnsServerZone.

DOn a domain controller, run Get-DnsServerDnsZoneSetting.

Answer : A

References:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn593652(v%3Dws.11)

Question 7

You have server named Server1.

You need to configured PowerShell logging to capture dynamic code generation. the solution must minimize the number of events that are logged.

What should you configured?

ASystem-wide transcription

BProtected event logging

CScript block logging

DModule logging

Answer : D

References:

https://www.rootusers.com/enable-and-configure-module-script-block-and-transcription-logging-in-windows-powershell/

Microsoft 70-744 Securing Windows Server 2016 Exam Practice Test