Work hard! It’s not hard to get certified! Share the latest Microsoft MCSE 70-744 exam dump for free. online 70-744 exam practice tests. the latest 70-744 exam questions and answers, and guarantee your skills and exam experience! “Securing Windows Server 2016 ” – 70-744 exam! pass4itsure.com expert recommendation! Top pass rate!
Get the latest Microsoft MCSE 70-744 pdf
[PDF] Free Microsoft 70-744 pdf dumps download from Google Drive: https://drive.google.com/open?id=19p8m_GLQFdWwNJt59dx7yWP25UvZsGIA
[PDF] Free Full Microsoft pdf dumps download from Google Drive: https://drive.google.com/open?id=1gdQrKIsiLyDEsZ24FxsyukNPYmpSUDDO
Valid information provided by Microsoft officials
Exam 70-744: Securing Windows Server 2016 – Microsoft: https://www.microsoft.com/en-us/learning/exam-70-744.aspx
Candidates for this exam secure Windows Server 2016 environments. Candidates are familiar with the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric.
Candidates manage the protection of Active Directory and Identity infrastructures and manage privileged identities using Just in
Time (JIT) and Just Enough Administration (JEA) approaches, as well as implement Privileged Access Workstations (PAWs) and secure servers using the Local Administrator Password Solution (LAPS).
pass4itsure 70-744 exam Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
- Implement Server Hardening Solutions (25-30%)
- Secure a Virtualization Infrastructure (5-10%)
- Secure a Network Infrastructure (10-15%)
- Manage Privileged Identities (25-30%)
- Implement Threat Detection Solutions (15-20%)
- Implement Workload-Specific Security (5-10%)
The latest Microsoft MCSE 70-744 exam practice questions test your strength
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client
computers run Windows 10. The relevant objects in the domain are configured as shown in the following table.
You need to assign User1 the right to restore files and folders on Server1 and Server2. Solution: You create a Group
Policy object (GPO), you link the GPO to the Servers OU, and then you modify the Users Rights Assignment in the
GPO. Does this meet the goat?
A. Yes
B. No
Correct Answer: B
References: https://technet.microsoft.com/en-us/library/cc771990(v=ws.11).aspx
QUESTION 2
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as
shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are
protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that you can encrypt the operating system drive of VM1 by using BitLocker.
Which Group Policy should you configure?
A. Configure use of hardware-based encryption for operating system drives
B. Configure TPM platform validation profile for native UEFI firmware configurations
C. Require additional authentication at startup
D. Configure TPM platform validation profile for BIOS-based firmware configurations
Correct Answer: C
As there is not a choice “Enabling Virtual TPM for the virtual machine VM1”, then we have to use a fall-back method for
enabling BitLocker in VM1. https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You deploy a new server named FinanceServer5, and join FinanceServerS to the domain.
You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS
administrators.
What should you do?
A. On FinanceServerS, register AdmPwd.dll.
B. On FmanceServerS, install the LAPS Windows PowerShell module.
C. In the domain, modify the permissions for the computer account of FmanceServer5.
D. In the domain, modify the permissions of the Domain Controllers organizational unit (OU).
Correct Answer: A
References: https://gallery.technet.microsoft.com/Step-by-Step-Deploy-Local-7c9ef772
QUESTION 4
Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in
the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following requirements:
*The resources of the applications must be isolated from the physical host
*Each application must be prevented from accessing the resources of the other applications.
*The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy one Windows container to host all of the applications.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
References: https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/
QUESTION 5
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Server Update Services
server role installed.
Windows Server Update Services (WSUS) updates for Server1 are stored on a volume named D. The hard disk that
contains volume D fails.
You replace the hard disk. You recreate volume D and the WSUS folder hierarchy in the volume.
You need to ensure that the updates listed in the WSUS console are available in the WSUS folder. What should you
run?
A. wsusutil.exe /import
B. wsusutil.exe /reset
C. Set-WsusServerSynchronization
D. Invoke-WsusServerCleanup
Correct Answer: B
https://technet.microsoft.com/en-us/library/cc720466%28v=ws.10%29.aspx?f=255and MSPPError=-2147217396
WSUSutil.exe is a tool that you can use to manage your WSUS server from the command line. WSUSutil.exeis located
in the % drive%\\Program Files\\UpdateServices\\Tools folder on your WSUS server.You can run specific commands
with WSUSutil.exe to perform specific functions, as summarized in thefollowing table.The syntax you would use to run
WSUSutil.exe with specific commands follows the table.
QUESTION 6
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server
2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts.
You plan to deploy guarded hosts.
You deploy a new server named Server22 to a workgroup.
You need to configure Server22 as a Host Guardian Service server.
What should you do before you initialize the Host Guardian Service on Server22?
A. Install the Active Directory Domain Services server role on Server22.
B. Obtain a certificate.
C. Raise the forest functional level.
D. Join Server22 to the domain.
Correct Answer: D
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricchoose-where-
to-install-hgs The only technical requirement for installing HGS in an existing forest is that it be added to the root
domain; non-root domains are not supported.
QUESTION 7
You have a server named Server1 that runs Windows Server 2016.
You need to identify the default action for the inbound traffic when Server1 connects to the domain.
Which cmdlet should you use?
A. Get-NetIPSecRule
B. Get-NetFirewallRule
C. Get-NetFirewallProfile
D. Get-NetFirewallSetting
E. Get-NetFirewallPortFilter
F. Get-NetFirewallAddressFilter
G. Get-NetFirewallApplicationFilter
Correct Answer: C
QUESTION 8
You implement Just Enough Administration (JEA) on several file servers that run Windows Server 2016. The Role
Capability file from a server named Server5 contains the following code.
Which action can be performed by a user who connects to Server5?
A. Create a new file share.
B. Modify the properties of any share.
C. Stop any process.
D. View the NTFS permissions of any folder.
Correct Answer: B
https://docs.microsoft.com/en-us/powershell/jea/role-capabilitiesFocus on the 3rd Visible Cmdlets in this question
`SmbShare\\Set-*\\’The PowerShell “SmbShare” module has the following “Set-*” cmdlets, as reported by “Get-
Command -ModuleSmbShare” command:
The “Set-SmbShare” cmdlet is then visible on Server5\\’s JEA endpoint, and allows JEA users to modify the properties
of any file share. https://technet.microsoft.com/en-us/itpro/powershell/windows/smbshare/set-smbshare
QUESTION 9
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as
shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to prepare the environment to support applying Update1 to the laptops only.
What should you do? Choose Two.
A. Tool to use: Active Directory Administrative Center
B. Tool to use: Active Directory Users and Computers
C. Tool to use: Microsoft Intune
D. Tool to use: Update Services
E. Type of object to create: A computer group
F. Type of object to create: A distribution group
G. Type of object to create: A mobile device group
H. Type of object to create: A security group
I. Type of object to create: An OU
Correct Answer: DE
https://technet.microsoft.com/en-us/library/cc708458(v=ws.10).aspx
QUESTION 10
You have the servers configured as shown in the following table.
You purchase a Microsoft Azure subscription, and you create three Microsoft Operations Management Suite (OMS)
workspaces named Workspace1, Workspace2, and Workspace3 You need to deploy Microsoft Monitoring Agent to the
servers to meet the following requirements:
-Antimalware data from all the servers must be visible in Workspace1.
-Security and audit data from the domain controllers and the virtualization hosts must be visible in Workspace2.
-System update data from all the servers in all the workgroups must be visible in Workspaceand
How many OMS agents should you deploy?
A. 10
B. 33
C. 73
D. 45
Correct Answer: C
-Antimalware data from all the servers must be visible in Workspace1.-Security and audit data from the domain
controllers and the virtualization hosts must be visible in Workspace2.-System update data from all the servers in all the
workgroups must be visible in Workspaceand”All the servers” mean all 5 domain controllers, plus all member servers
(physical and virtual, domain andworkgroup) and virtualization hosts, so there are noexemptions.All servers in the above
table mentioned must install OMS Microsoft Monitoring agents
QUESTION 11
_____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing
automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This
feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
A. Network Unlock
B. EFS recovery agent
C. JEA
D. Credential Guard
Correct Answer: A
https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock
QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Kerberos Policy. Does this meet the goal?
A. Yes
B. No
Correct Answer: B
References: https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/
QUESTION 13
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
ADDS Authentication Policy does not provide ability to prevent the use of NTLM authentication.
Share Pass4itsure coupons for free
Reasons to choose Pass4itsure
Pass4itsure offers the latest exam practice questions and answers free of charge! Update all exam questions throughout the year, with a number of professional exam experts! To make sure it works! Maximum pass rate, best value for money! Helps you pass the exam easily on your first attempt.
This maybe you’re interested
Summarize:
Collecting the latest and most effective Microsoft MCSE 70-744 exam practice questions to help you improve exam success, 70-744 pdf and 70-744 video learning make it easier to gain knowledge! Full 70-744 exam dump: Experts recommend real leader Pass4itsure. Click here to easily pass the 70-744