Jrocam shares online exam exercise questions all year round! Microsoft MCSE 70-744 exam “Securing Windows Server 2016”
https://www.leads4pass.com/70-744.html (224 Q&As).Continue to study and we provide an updated cisco 70-744 exam practice questions and answers. You can practice the test online!
Table of Contents:
- Latest Microsoft MCSE 70-744 pdf
- Test your Microsoft MCSE 70-744 exam level
- Related 70-744 Popular Exam resources
- Get Lead4Pass Coupons (12% OFF)
- What are the advantages of Lead4pass?
Latest Microsoft MCSE 70-744 pdf
[PDF] Free Microsoft MCSE 70-744 pdf dumps download from Google Drive: https://drive.google.com/open?id=1Jx2haiw2G8Vl2xgjukmxtIB5Xvw7K0L7
Exam 70-744: Securing Windows Server 2016 – Microsoft:https://www.microsoft.com/en-us/learning/exam-70-744.aspx
Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
- Implement Server Hardening Solutions (25-30%)
- Secure a Virtualization Infrastructure (5-10%)
- Secure a Network Infrastructure (10-15%)
- Manage Privileged Identities (25-30%)
- Implement Threat Detection Solutions (15-20%)
- Implement Workload-Specific Security (5-10%)
Who should take this exam?
Candidates for this exam secure Windows Server 2016 environments. Candidates are familiar with the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric.
Candidates manage the protection of Active Directory and Identity infrastructures and manage privileged identities using Just in Time (JIT) and Just Enough Administration (JEA) approaches, as well as implement Privileged Access Workstations (PAWs) and secure servers using the Local Administrator Password Solution (LAPS).
Candidates should also be able to use threat detection solutions such as auditing access, implementing Advanced Threat Analytics (ATA), deploying Operations Management Suite (OMS) solutions, and identifying solutions for specific workloads.
Microsoft MCSE 70-744 Exam Practice Questions
QUESTION 1
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Servers that runs Windows Server 2016.
You need to configure Servers as a Just Enough Administration (JEA) endpoint.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Create and export a Windows PowerShell session.
B. Deploy Microsoft Identity Manager (MIM) 2016
C. Create a maintenance Role Capability file
D. Generate a random Globally Unique Identifier (GUID)
E. Create and register a session configuration file.
Correct Answer: CE
https://docs.microsoft.com/en-us/powershell/jea/role-capabilities https://docs.microsoft.com/en-us/powershell/jea/register-jea
QUESTION 2
You manage a guarded fabric in TPM-trusted attestation mode.
You plan to create a virtual machine template disk for shielded virtual machines.
You need to create the virtual machine disk that you will use to generate the template.
How should you configure the disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References: https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-configuration-scenarios-for-shielded-vms-overview https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801
QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers
run Windows Server 2016.
A new secunty policy states that you must modify the infrastructure to meet the following requirements:
*Limit the nghts of administrators.
*Minimize the attack surface of the forest
*Support Multi-Factor authentication for administrators.
You need to recommend a solution that meets the new secunty policy requirements.
What should you recommend deploying?
A. an administrative forest
B. domain isolation
C. an administrative domain in contoso.com
D. the Local Administrator Password Solution (LAPS)
Correct Answer: A
You have to “-Minimize the attack surface of the forest”, then you must create another forest for administrators. https://d
ocs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilegedaccess-reference-
material#ESAE_BM This section contains an approach for an administrative forest based on the Enhanced Security
Administrative Environment (ESAE) reference architecture deployedby Microsoft\\’s cybersecurity professional services
teams to protect customers against cybersecurity attacks.Dedicated administrative forests allow organizations to host
administrative accounts, workstations, and groups in an environment that has stronger security controls than the
production environment.
QUESTION 4
You have a Hyper-V host named Hyperv1 that has a virtual machine named FS1. FS1 is a file server that contains
sensitive data.
You need to secure FS1 to meet the following requirements:
-Prevent console access to FS1.
-Prevent data from being extracted from the VHDX file of FS1.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Enable BitLocker Drive Encryption (BitLocker) for all the volumes on FS1
B. Disable the virtualization extensions for FS1
C. Disable all the Hyper-V integration services for FS1
D. On Hyperv1, enable BitLocker Drive Encryption (BitLocker) for the drive that contains the VHDX file for FS1.
E. Enable shielding for FS1
Correct Answer: AE
-Prevent console access to FS1. -> Enable shielding for FS1-Prevent data from being extracted from the VHDX file of
FS1. -> Enable BitLocker Drive Encryption(BitLocker) for all the volumes on FS1
QUESTION 5
Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in
the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following requirements:
*The resources of the applications must be isolated from the physical host
*Each application must be prevented from accessing the resources of the other applications.
*The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy one Windows container to host all of the applications.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
References: https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/
QUESTION 6
_____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing
automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This
feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
A. Network Unlock
B. EFS recovery agent
C. JEA
D. Credential Guard
Correct Answer: A
https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock
QUESTION 7
HOTSPOT
Your network contains an Active Directory domain named adatum.com.
The domain contains a server named Server1 that runs Windows Server 2016. The domain contains two users named
User1 and User2.
On Server1, you create two files named File1.doc and File2.doc in a folder named C:\Folder1.
The Audit Entry for File1.doc is configured as shown in the File1 exhibit. (Click the File1 tab.)
File2.doc has an empty auditing entry list.
The Auditing Entry for Global File SACL that applies to Server1 is configured as shown in the SACL exhibit. (Click the
SACL tab.)
The Advanced Audit Policy Configuration for Server1 is configured as shown in the Audit Policy exhibit. (Click the Audit
Policy tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 8
The New-CIPolicy cmdlet creates a Code Integrity policy as an .xml file. If you do NOT supply either driver files or rules
what will happen?
A. The cmdlet performs a system scan
B. An exception/warning is shown because either one is required
C. Nothing
D. The cmdlet searches the Code Integrity Audit log for drivers
Correct Answer: A
If you do not supply either driver files or rules, this cmdlet performs a system scan similar to the Get-SystemDriver
cmdlet.The cmdlet generates rules based on Level. If you specify the Audit parameter, this cmdlet scans the Code
Integrity Audit log instead.
QUESTION 9
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server
2016. The domain contains a member server named Server1.
You test Code Integrity on Server1 in audit mode.
You need to enforce the Code Integrity levels on all the Windows Server 2016 servers in the domain.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named
Server1 and Server2 that run Windows Server 2016.
The Microsoft Advanced Threat Analytics (ATA) Center service is installed on Server1.
The domain contains the users shown in the following table.
You are installing ATA Gateway on Server2.
You need to specify a Gateway Registration account. Which account should you use?
A. User1
B. User2
C. User3
D. User4
E. User5
F. User6
G. User7
H. User8
Correct Answer: F
https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-role-groups
The user who installed ATA will be able to access the management portal (ATA Center) as members of the “Microsoft
Advanced Threat Analytics Administrators”local group on the ATA Center server.
QUESTION 11
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.
On Server1, administrators plan to use several scripts that have the .ps1 extension.
You need to ensure that when code is generated from the scripts, an event containing the details of the code is logged
in the Operational log.
Which Group Policy setting or settings should you configure?
A. Enable Protected Event Logging
B. Audit Process Creation and Audit Process Termination
C. Turn on PovverShell Script Block Logging
D. Turn on PowerShell Transcription
Correct Answer: C
https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_scriptThe new Detailed Script Tracing feature lets you
enable detailed tracking and analysis of Windows PowerShellscripting use on a system.After you enable detailed script
tracing, Windows PowerShell logs all script blocks to the ETW event log, Microsoft-Windows-PowerShell/Operational.If
a script block creates another script block (for example, a script that calls the Invoke-Expression cmdlet on astring), that
resulting script block is logged as well.Logging of these events can be enabled through the Turn on PowerShell Script
Block Logging GroupPolicy setting(in GPO Administrative Templates -> Windows Components -> Windows
PowerShell).Answer D is incorrect, since Transcription (Start-Transcript -path ) uses a custom output locationinstead of
Event Viewer \\ Operational Log
QUESTION 12
You enable and configure PowerShell Script Block Logging.
You need to view which script blocks were executed by using Windows PowerShell scripts.
What should you do?
A. View the Microsoft-Windows-PowerShell/Operational event log.
B. Open the log files in %LocalAppData%\\Microsoft\\Windows\\PowerShell.
C. View the Windows PowerShell event log.
D. Open the log files in %SYSTEMROOT%\\Logs.
Correct Answer: A
https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_scriptAfter you enable detailed script tracing, Windows
PowerShell logs all script blocks to the event log, MicrosoftWindows-PowerShell/Operational.
QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You manage a file server that runs Windows Server 2016. The file server contains the volumes configured as shown in
the following table.
You need to encrypt DevFiles by using BitLocker Drive Encryption (ButLocker). Solution: You run the manage-bde.exe
command and specify the -on parameter. Does this meet the goal?
A. Yes
B. No
Correct Answer: A
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-on
Related 70-744 Popular Exam resources
| title | youtube | Microsoft | lead4pass | Lead4Pass Total Questions | |
|---|---|---|---|---|---|
| Microsoft MCSE | lead4pass 70-744 dumps pdf | lead4pass 70-744 youtube | Exam 70-744: Securing Windows Server 2016 – Microsoft | https://www.leads4pass.com/70-744.html | 224 Q&A |
Get Lead4Pass Coupons(12% OFF)
What are the advantages of Lead4pass?
We have a number of Cisco, Microsoft, IBM, CompTIA and other exam experts. We update exam data throughout the year.
Top exam pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!
Summarize:
The free Microsoft MCSE 70-744 exam dumps can help you improve your skills and exam experience! To pass the cisco 70-744 exam at once: https://www.leads4pass.com/70-744.html We make Microsoft 70-744 videos and 70-744 pdf for you to learn! I hope you can pass the exam easily.
![[2017 New] Latest Cisco 642-132 Dumps Exam Practice Materials Online Free Download](https://www.pursue4pass.com/wp-content/themes/instorm/img/thumb-medium.png)
