Category: Category: MCSE

As a leading IT exam study material provider, Geekcert not only provides you the Jan 15,2022 Hotest 70-744 vce exam questions and answers but also the most comprehensive knowledge of the whole MCSE Newest 70-744 vce Securing Windows Server 2016 certifications. We provide our users with the most accurate Newest 70-744 vce Securing Windows Server 2016 study material about the MCSE Newest 70-744 vce exam and the guarantee of pass. We assist you to get well prepared for MCSE Latest 70-744 study guide certification which is regarded valuable the IT sector.

free and latest Geekcert exam questions | all Geekcert latest microsoft, vmware, comptia, cisco,hp ,citrix and some other hot exams practice tests and questions and answers free download! latest 70-744 exam dumps. get your certification easily- Geekcert. Geekcert 100% real 70-744 certification exam questions and answers. easily pass with a high score.

We Geekcert has our own expert team. They selected and published the latest 70-744 preparation materials from Microsoft Official Exam-Center: https://www.geekcert.com/70-744.html

The following are the 70-744 free dumps. Go through and check the validity and accuracy of our 70-744 dumps.These questions are from 70-744 free dumps. All questions in 70-744 dumps are from the latest 70-744 real exams.

Question 1:

Your network contains an Active Directory domain named contoso.com.

The domain contains a member server named Servers that runs Windows Server 2016.

You need to configure Servers as a Just Enough Administration (JEA) endpoint.

Which two actions should you perform? Each correct answer presents part of the solution.

A. Create and export a Windows PowerShell session.

B. Deploy Microsoft Identity Manager (MIM) 2016

C. Create a maintenance Role Capability file

D. Generate a random Globally Unique Identifier (GUID)

E. Create and register a session configuration file.

Correct Answer: CE

https://docs.microsoft.com/en-us/powershell/jea/role-capabilities https://docs.microsoft.com/en-us/powershell/jea/register-jea

Your network contains an Active Directory domain named contoso.com. The domain contains several Hyper-V hosts.

You deploy a server named Server22 to a workgroup. Server22 runs Windows Server 2016.

You need to configure Server22 as the primary Host Guardian Service server.

Which three cmdlets should you run in sequence?

A. Install-HgsServer

B. Install-Module

C. Install-Package

D. Enable-WindowsOptionalFeature

E. Install-ADDSDomainController

F. Initialize-HgsServer

Correct Answer: AEF

Correct order of actions:

1.

Install-ADDSDomainController , as Server22 is a workgroup computer, create a new domain on it first.

2.

Install-HgsServer3. Initialize-HgsServer https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricsetting-up-the-host-guardian-service-hgs https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/ guarded-fabricinstall-hgs-default Install-HgsServer https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricinitialize-hgs-tpm-mode-default Initialize-HgsServer

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.

You deploy the Local Administrator Password Solution (LAPS) to the network

You need to view the password of the local administrator of a server named Server5.

Which tool should you use?

A. Active Directory Users and Computers

B. Computer Management

C. Accounts from the Settings app

D. Server Manager

Correct Answer: A

Use “Active Directory Users and Computers” to view the attribute value of “ms-MCS-adminpwd” of the Server5computer account https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-solution-lapsimplementation-hints-and-security-nerd-commentaryincludingmini-threat-model/

You have a server named Server1 that runs Windows Server 2016.

You configure Just Enough Administration (JEA) on Server1.

You need to view a list of commands that will be available to a user named User1 when User1 establishes a JEA session to Server1.

Which cmdlet should you use?

A. Trace-Command

B. Get-PSSessionCapability

C. Get-PSSessionConfiguration

D. Show-Command

Correct Answer: B

https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/get-pssessioncapability? view=powershell-5.0.The Get-PSSessionCapability cmdlet gets the capabilities of a specific user on a constrained sessionconfiguration.Use this cmdlet to audit customized session configurations for users.Starting in Windows PowerShell 5.0, you can use the RoleDefinitions property in a session configuration (.pssc)file. Using this property lets you grant users different capabilities on a single constrained endpoint based on groupmembership.The Get-PSSessionCapability cmdlet reduces complexity when auditing these endpoints by letting youdetermine the exact capabilities granted to a user.This command is used by I.T. Administrator (The “You” mention in the question) to verify configuration for aUser.

You have a file server named Server1 that runs Windows Server 2016.

A new policy states that ZIP files must not be stored on Server1. An administrator creates a file screen filter as shown in the following output

Active : False

Description:

IncludeGroup: {Compressed Files}

MatchesTemplate: False

Notification {MSFT FSRMAction, MSFT FSRMAction}

Path : C:\\

Template :

PSComputerName:

You need to prevent users from storing ZIP files on Server1, what should you do?

A. Enable Quota Management on all the drives.

B. Add a template to the filter.

C. Change the filter to active.

D. Configure File System (Global Object Access Auditing).

Correct Answer: C

“Active : False”, then it is a Passive Filescreen filther which will not block unwanted file types.

Your network contains an Active Directory domain named contoso.com.

The domain contains two DNS servers that run Windows Server 2016.

The servers host two zones named contoso.com and admin.contoso.com.

You sign both zones.

You need to ensure that all client computers in the domain validate the zone records when they query the zone.

What should you deploy?

A. a Microsoft Security Compliance Manager (SCM) policy

B. a zone transfer policy

C. a Name Resolution Policy Table (NRPT)

D. a connection security rule

Correct Answer: C

You should use Group Policy NRPT to for a DNS Client to perform DNSSEC validation of DNS zone records.

Your network contains several secured subnets that are disconnected from the Internet.

One of the secured subnets contains a server named Server1 that runs Windows Server 2016.

You implement Log Analytics in Microsoft Operations Management Suite (OMS) for the servers that connect to the Internet.

You need to ensure that Log Analytics can collect logs from Server1.

Which two actions should you perform? Each correct answer presents part of the solution.

A. Install the OMS Log Analytics Forwarder on a server that has Internet connectivity.

B. Create an event subscription on a server that has Internet connectivity.

C. Create a scheduled task on Server1.

D. Install the OMS Log Analytics Forwarder on Server1.

E. Install Microsoft Monitoring Agent on Server1.

Correct Answer: AE

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gatewayOMS Log Analytics Forwarder = OMS GatewayIf your IT security policies do not allow computers on your network to connect to the Internet, such as point ofsale (POS) devices, or servers supporting IT services,but you need to connect them to OMS to manage and monitor them, they can be configured to communicatedirectly with the OMS Gateway (previous called “OMSLog Analytics Fowarder”) to receive configuration and forward data on their behalf.You have to also install Microsoft Monitoring Agent on Server1 to generate and send events to the OMS Gateway,since Server1 does not have direct Internet connectivity.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has Microsoft Security Compliance Manager (SCM) 4.0 installed. The domain contains domain controllers that run

Windows Server 2016.

A Group Policy object (GPO) named GPO1 is applied to all of the domain controllers.

GPO1 has a Globally Unique Identifier (GUID) of 7ABCDEFG-1234-5678-90AB-005056123456.

You need to create a new baseline that contains the settings from GPO1. What should you do first?

A. Copy the \\\\contoso.com\\sysvol\\contoso.com\\Policies\\{7ABCDEFG-1234-5678-90AB-005056123456} folder to Server1.

B. From Group Policy Management, create a backup of GPO1.

C. From Windows PowerShell, run the Copy-GPO cmdlet

D. Modify the permissions of the \\\\contoso.com\\sysvol\\contoso.com\\Policies\\{7ABCDEFG-1234-5678-90AB-005056123456}

Correct Answer: B

https://technet.microsoft.com/en-us/library/hh489604.aspxImport Your GPOsYou can import current settings from your GPOs and compare these to the Microsoft recommended bestpractices.Start with a GPO backup that you would commonly create in the Group Policy Management Console(GPMC).Take note of the folder to which the backup is saved. In SCM, select GPO Backup, browse to the GPOfolder\’s Globally Unique Identifier (GUID) and select aname for the GPO when it\’s imported.SCM will preserve any ADM files and GP Preference files (those with non-security settings that SCM doesn\’tparse) you\’re storing with your GPO backups.It saves them in a subfolder within the user\’s public folder. When you export the baseline as a GPO again, italso restores all the associated files.

Your company has an accounting department.

The network contains an Active Directory domain named contoso.com. The domain contains 10 servers.

You deploy a new server named Server11 that runs Windows Server 2016.

Server11 will host several network applications and network shares used by the accounting department.

You need to recommend a solution for Server11 that meets the following requirements:

-Protects Server11 from address spoofing and session hijacking

-Allows only the computers in We accounting department to connect to Server11

What should you recommend implementing?

A. AppLocker rules

B. Just Enough Administration (JEA)

C. connection security rules

D. Privileged Access Management (PAM)

Correct Answer: C

In IPsec connection security rule, the IPsec protocol verifies the sending host IP address by utilize integrity functions like Digitally signing all packets.If unsigned packets arrives Server11, those are possible source address spoofed packets, when usingconnection security rule in-conjunction with inbound firewallrules, you can kill those un-signed packets with the action “Allow connection if it is secure” to prevent spoofingand session hijacking attacks.

Your network contains an Active Directory domain named contoso.com.

The domain contains a computer named Computer1 that runs Windows 10.

Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Windows Firewall with Advanced Security, you create an inbound rule.

Does this meet the goal?

A. Yes

B. No

Correct Answer: A

The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.

All laptops are protected by using BitLocker Drive Encryption (BitLocker).

You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.

An OU named OU2 contains the computer accounts of the computers in the marketing department.

A Group Policy object (GPO) named GP1 is linked to OU1.

A GPO named GP2 is linked to OU2.

All computers receive updates from Server1.

You create an update rule named Update1.

You need to prepare the environment to support applying Update1 to the laptops only.

What should you do? Choose Two.

A. Tool to use: Active Directory Administrative Center

B. Tool to use: Active Directory Users and Computers

C. Tool to use: Microsoft Intune

D. Tool to use: Update Services

E. Type of object to create: A computer group

F. Type of object to create: A distribution group

G. Type of object to create: A mobile device group

H. Type of object to create: A security group

I. Type of object to create: An OU

Correct Answer: DE

https://technet.microsoft.com/en-us/library/cc708458(v=ws.10).aspx

Note: The question is part of a series of questions th?present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows

image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized Windows image. Does this meet the goal?

A. Yes

B. No

Correct Answer: A

References: https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/privileged-access-workstations

Your network contains an Active Directory domain named contoso.com.

The domain contains a server named Server1 that runs Windows Server 2016.

You need to prevent NTLM authentication on Server1.

Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet.

Does this meet the goal?

A. Yes

B. No …