Download Securing Windows Server 2016.70-744.BrainDumps.2017-10-17.135q.vcex

Vendor: Microsoft
Exam Code: 70-744
Exam Name: Securing Windows Server 2016
Date: Oct 17, 2017
File Size: 17 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
You network contains an Active Directory forest named contoso.com. 
All domain controllers run Windows Server 2016 Member servers run either Windows Server 2012 R2 or Windows Server 2016. 
Client computers run either Windows 8.1 or Windows 10. 
You need to ensure that when users access files in shared folders on the network, the files are encrypted when they are transferred over the network. 
Solution: You enable access-based enumeration on all the file shares. Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
Access-Based Enumeration does not help encrypting network file transfer.
Access-Based Enumeration does not help encrypting network file transfer.
Question 2
You network contains an Active Directory forest named contoso.com. 
All domain controllers run Windows Server 2016 Member servers run either Windows Server 2012 R2 or Windows Server 2016. 
Client computers run either Windows 8.1 or Windows 10. 
You need to ensure that when users access files in shared folders on the network, the files are encrypted when they are transferred over the network. 
Solution: You enable SMB encryption on all the computers in domain. Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
SMB Encryption could be enabled on a per-computer wide basis, after you have enabled SMB encryption on a server-level basis, you could not disable encryption for any specific shared folder. To enable Global level encryption on the server:Set-SmbServerConfiguration -EncryptData 1
SMB Encryption could be enabled on a per-computer wide basis, after you have enabled SMB encryption on a server-level basis, you could not disable encryption for any specific shared folder. 
To enable Global level encryption on the server:
Set-SmbServerConfiguration -EncryptData 1
Question 3
Your network contains an Active Directory domain named contoso.com. 
The domain contains a computer named Computer1 that runs Windows 10. 
Computer1 connects to a home network and a corporate network. 
The corporate network uses the 172.16.0.0/24 address space internally. 
Computer1 runs an application named App1 that listens to port 8080. 
You need to prevent connections to App1 when Computer1 is connected to the home network. 
Solution: From Group Policy Management, you create a software restriction policy.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
Software Restriction Policy does not filter incoming network traffic, what you actually need is Windows Firewall Inbound Rule on the Private profile
Software Restriction Policy does not filter incoming network traffic, what you actually need is Windows Firewall Inbound Rule on the Private profile
Question 4
Your network contains an Active Directory domain named contoso.com. 
The domain contains a computer named Computer1 that runs Windows 10. 
Computer1 connects to a home network and a corporate network. 
The corporate network uses the 172.16.0.0/24 address space internally. 
Computer1 runs an application named App1 that listens to port 8080. 
You need to prevent connections to App1 when Computer1 is connected to the home network. 
Solution: From Group Policy Management, you create an AppLocker rule.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
AppLocker does not filter incoming network traffic, what you actually need is Windows Firewall Inbound Rule on the Private profile.
AppLocker does not filter incoming network traffic, what you actually need is Windows Firewall Inbound Rule on the Private profile.
Question 5
Your network contains an Active Directory domain named contoso.com. 
The domain contains a computer named Computer1 that runs Windows 10. 
Computer1 connects to a home network and a corporate network. 
The corporate network uses the 172.16.0.0/24 address space internally. 
Computer1 runs an application named App1 that listens to port 8080. 
You need to prevent connections to App1 when Computer1 is connected to the home network. 
Solution: From Windows Firewall with Advanced Security, you create an inbound rule.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Question 6
Your network contains an Active Directory domain named contoso.com. 
The domain contains a server named Server1 that runs Windows Server 2016. 
You need to prevent NTLM authentication on Server1. 
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: B
Explanation:
ADDS Authentication Policy does not provide ability to prevent the use of NTLM authentication. 
ADDS Authentication Policy does not provide ability to prevent the use of NTLM authentication. 
Question 7
Your network contains an Active Directory domain named contoso.com. 
The domain contains a server named Server1 that runs Windows Server 2016. 
You need to prevent NTLM authentication on Server1. 
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?
  1. Yes
  2. No
Correct answer: A
Explanation:
  
  
Question 8
Your network contains an Active Directory domain named contoso.com. 
The domain contains two DNS servers that run Windows Server 2016. 
The servers host two zones named contoso.com and admin.contoso.com. 
You sign both zones. 
You need to ensure that all client computers in the domain validate the zone records when they query the zone. 
What should you deploy?
  1. a Microsoft Security Compliance Manager (SCM) policy
  2. a zone transfer policy
  3. a Name Resolution Policy Table (NRPT)
  4. a connection security rule
Correct answer: C
Explanation:
You should use Group Policy NRPT to for a DNS Client to perform DNSSEC validation of DNS zone records.   
You should use Group Policy NRPT to for a DNS Client to perform DNSSEC validation of DNS zone records. 
  
Question 9
You have 10 Hyper-V hosts that run Windows Server 2016. 
Each Hyper-V host has eight virtual machines that run a distributed web application named App1. 
You plan to implement a Software Load Balancing (SLB) solution for client access to App1. 
You deploy two new virtual machines named SLB1 and SLB2. 
You need to install the required components on the Hyper-V hosts and the new servers for the planned implementation. 
Which components should you install? Choose Two.
  1. Component to install on SLB1 and SLB2: SLB Host Agent 
  2. Component to install on SLB1 and SLB2: Network Load Balancing (NLB)
  3. Component to install on SLB1 and SLB2: SLB Multiplexer (MUX)
  4. Component to install on each Hyper-V host:SLB Host Agent
  5. Component to install on each Hyper-V host:SLB Multiplexer (MUX)
  6. Component to install on each Hyper-V host:Host Guardian Service server role
Correct answer: CD
Explanation:
https://blogs.technet.microsoft.com/tip_of_the_day/2016/06/28/tip-of-the-day-demystifying-software-defined-networking-terms-the-components/https://technet.microsoft.com/en-us/library/mt632286.aspxSLB Host Agent - When you deploy SLB, you must use System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every Hyper-V host computer. You can install the SLB Host Agent on all versions of Windows Server 2016 that provide Hyper-V support, including Nano Server. SLB MUX – Part of the Software Load Balancer (SLB on Windows Server 2016, the SLB MUX processes inbound network traffic and maps VIPs (virtual IPs) to DIPs (datacenter IPs), then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. BGP Keep Alive notifies MUXes when a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure - essentially providing load balancing for the load balancers.    
https://blogs.technet.microsoft.com/tip_of_the_day/2016/06/28/tip-of-the-day-demystifying-software-defined-networking-terms-the-components/
https://technet.microsoft.com/en-us/library/mt632286.aspx
SLB Host Agent - When you deploy SLB, you must use System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every Hyper-V host computer. 
You can install the SLB Host Agent on all versions of Windows Server 2016 that provide Hyper-V support, including Nano Server. 
SLB MUX – Part of the Software Load Balancer (SLB on Windows Server 2016, the SLB MUX processes inbound network traffic and maps VIPs (virtual IPs) to DIPs (datacenter IPs), then forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIP routes to edge routers. BGP Keep Alive notifies MUXes when a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure - essentially providing load balancing for the load balancers. 
   
Question 10
You have the Windows Server 2016 operating system images as described in the answer choices. 
Your company's security policy states that you must minimize the attack surface when provisioning new servers. 
You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment?
  1. A Nano Server that runs the Standard edition of Windows Server
  2. A Server Core installation that runs the Datacenter edition of Windows Server
  3. A Full installation that runs the Standard edition of Windows Server
  4. A Nano Server that runs the Datacenter edition of Windows Server
Correct answer: C
Explanation:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-prepare-for-hgs Prerequisites Hardware: HGS can be run on physical or virtual machines, but physical machines are recommended.If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers. (As a best practice for clustering, the three servers should have very similar hardware.) Operating system: Windows Server 2016, Standard or Datacenter edition. <---- so you cannot use Server Core or Nano Server for running Host Guardian Service. Server Roles: Host Guardian Service and supporting server roles.Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwarding between the fabric (host) domain and the HGS domain.If you are using Admin-trusted attestation (AD mode), you will need to configure an Active Directory trust between the fabric domain and the HGS domain.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-prepare-for-hgs 
Prerequisites 
Hardware: HGS can be run on physical or virtual machines, but physical machines are recommended.
If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers. (As a best practice for clustering, the three servers should have very similar hardware.) 
Operating system: Windows Server 2016, Standard or Datacenter edition. <---- so you cannot use Server Core or Nano Server for running Host Guardian Service. 
Server Roles: Host Guardian Service and supporting server roles.
Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwarding between the fabric (host) domain and the HGS domain.
If you are using Admin-trusted attestation (AD mode), you will need to configure an Active Directory trust between the fabric domain and the HGS domain.
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!