Microsoft Securing Windows Server 2016 - 70-744 Exam Questions
QUESTION NO: 1
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a file server that runs Windows Server 2016. The file server contains the volumes configured as shown in the following table.
You need to encrypt DevFiles by using BitLocker Drive Encryption (ButLocker).
Solution: You run the manage-bde.exe command and specify the
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a file server that runs Windows Server 2016. The file server contains the volumes configured as shown in the following table.
You need to encrypt DevFiles by using BitLocker Drive Encryption (ButLocker).
Solution: You run the manage-bde.exe command and specify the
Does this meet the goal?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?
Correct Answer: A
QUESTION NO: 4
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministrators can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers.
You need to prevent the FinanceAdministrators members from viewing the local administrators' passwords on the servers in FinanceServers.
Which permission should you remove from FinanceAdministrators?
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministrators can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers.
You need to prevent the FinanceAdministrators members from viewing the local administrators' passwords on the servers in FinanceServers.
Which permission should you remove from FinanceAdministrators?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Windows Server 2016 to a server named Server1.
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you restart the server.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy Windows Server 2016 to a server named Server1.
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you restart the server.
Does this meet the goal?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run either Windows Server 2012 or Windows Server 2012 R2.
You plan to implement Just Enough Administration (JEA) to manage all of the servers.
What should you install on each server to ensure that the servers can be managed by using JEA?
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run either Windows Server 2012 or Windows Server 2012 R2.
You plan to implement Just Enough Administration (JEA) to manage all of the servers.
What should you install on each server to ensure that the servers can be managed by using JEA?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 7
Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server
2016.
You deploy a new forest named Priv and set the forest functional level to Windows Server 2016.
You need to implement Privileged Access Management (PAM).
What should you do next?
Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server
2016.
You deploy a new forest named Priv and set the forest functional level to Windows Server 2016.
You need to implement Privileged Access Management (PAM).
What should you do next?
Correct Answer: B
QUESTION NO: 8
You are implementing Privileged Access Management (PAM) for an Active Directory forest named contoso.com.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in adatum.com.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are implementing Privileged Access Management (PAM) for an Active Directory forest named contoso.com.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in adatum.com.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment Production forest is contoso.comBastion forest is adatum.com
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environmentA security group on the local domain (contoso.com)There must be a group in the existing domain, whose name is the NetBIOS domain name followed bythree dollar signs, e.g., CONTOSO$$$.The group scope must be domain local and the group type must be Security.This is needed for groups to be created in the dedicated administrative forest (adatum.com) with the sameSecurity identifier as groups in this domain(contoso.com).
Create this group with the followingNew-ADGroup -name 'CONTOSO$$$' -GroupCategory Security
-GroupScope DomainLocal -SamAccountName 'CONTOSO$$$'After this, MIM could create "Shadow Group" in bastion adatum.com forest.
References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment Production forest is contoso.comBastion forest is adatum.com
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environmentA security group on the local domain (contoso.com)There must be a group in the existing domain, whose name is the NetBIOS domain name followed bythree dollar signs, e.g., CONTOSO$$$.The group scope must be domain local and the group type must be Security.This is needed for groups to be created in the dedicated administrative forest (adatum.com) with the sameSecurity identifier as groups in this domain(contoso.com).
Create this group with the followingNew-ADGroup -name 'CONTOSO$$$' -GroupCategory Security
-GroupScope DomainLocal -SamAccountName 'CONTOSO$$$'After this, MIM could create "Shadow Group" in bastion adatum.com forest.
QUESTION NO: 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to allow network administrators to use Just Enough Administration (JEA) to change the TCP/IP settings on Server1. The solution must use the principle of least privilege.
How should you configure the session configuration file?
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to allow network administrators to use Just Enough Administration (JEA) to change the TCP/IP settings on Server1. The solution must use the principle of least privilege.
How should you configure the session configuration file?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear i n the review screen.
You deploy Windows Server 2016 to a server named Server1,
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you install the PowerShell for Docker module. You restart the server.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear i n the review screen.
You deploy Windows Server 2016 to a server named Server1,
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you install the PowerShell for Docker module. You restart the server.
Does this meet the goal?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 11
Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.
Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.
Correct Answer: A,B,D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
