Download Securing Windows Server 2016.70-744.TestKing.2018-10-30.62q.vcex

Vendor: Microsoft
Exam Code: 70-744
Exam Name: Securing Windows Server 2016
Date: Oct 30, 2018
File Size: 2 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

ProfExam Discount

Demo Questions

Question 1
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. 
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2. 
You need to implement a Privileged Access Management (PAM) solution. 
Which two actions should you perform? Each correct answer presents part of the solution.
  1. Raise the forest functional level of admin.contoso.com.
  2. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
  3. Configure contoso.com to trust admin.contoso.com.
  4. Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
  5. Raise the forest functional level of contoso.com.
  6. Configure admin.contoso.com to trustcontoso.com.
Correct answer: BC
Explanation:
References:https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/hardware-software-requirementshttps://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
References:
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/hardware-software-requirements
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. 
Server1 is configured as a domain controller. 
You configure Server1 as a Just Enough Administration (JEA) endpoint. You configure the required JEA rights for a user named User1. 
You need to tell User1 how to manage Active Directory objects from Server2. 
What should you tell User1 to do first on Server2?
  1. From a command prompt, runntdsutil.exe.
  2. From Windows PowerShell, run the Import-Module cmdlet.
  3. From Windows PowerShell, run the Enter-PSSession cmdlet.
  4. Install the management consoles for Active Directory, and then launch Active Directory Users and Computers.
Correct answer: C
Explanation:
References:https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/
References:
https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. 
You deploy the Local Administrator Password Solution (LAPS) to the network. 
You deploy a new server named FinanceServer5, and join FinanceServer5 to the domain. 
You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS administrators. 
What should you do?
  1. On FinanceServer5, register AdmPwd.dll.
  2. On FinanceServer5, install the LAPS Windows PowerShell module.
  3. In the domain, modify the permissions for the computer account of FinanceServer5.
  4. In the domain, modify the permissions of the Domain Controllers organizational unit (OU).
Correct answer: A
Explanation:
References:https://gallery.technet.microsoft.com/Step-by-Step-Deploy-Local-7c9ef772
References:
https://gallery.technet.microsoft.com/Step-by-Step-Deploy-Local-7c9ef772
Question 4
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table. 
  
You need to manage FS1 and FS2 by using Just Enough Administration (JEA). 
What should you do before you can implement JEA?
  1. Install Microsoft.NET Framework 4.6.2 on FS2.
  2. Install Microsoft.NET Framework 4.6.2 on FS1.
  3. Install Windows Management Framework 5.0 on FS2.
  4. Upgrade DC1 to Windows Server 2016.
Correct answer: C
Explanation:
References:https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/
References:
https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/
Question 5
Your network contains an Active Directory forest named contoso.com. 
The forest has Microsoft Identity Manager (MIM) 2016 deployed. 
You implement Privileged Access Management (PAM). 
You need to request privileged access from a client computer in contoso.com by using PAM. 
How should you complete the Windows PowerShell script? To answer, select the appropriate options in the answer area. 
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
References:https://technet.microsoft.com/en-us/library/mt604089.aspxhttps://technet.microsoft.com/en-us/library/mt604084.aspx
References:
https://technet.microsoft.com/en-us/library/mt604089.aspx
https://technet.microsoft.com/en-us/library/mt604084.aspx
Question 6
Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016. 
A new security policy states that you must modify the infrastructure to meet the following requirements:
  • Limit the rights of administrators. 
  • Minimize the attack surface of the forest. 
  • Support Multi-Factor authentication for administrators. 
You need to recommend a solution that meets the new security policy requirements. 
What should you recommend deploying?
  1. an administrative forest
  2. domain isolation
  3. an administrative domain in contoso.com
  4. the Local Administrator Password Solution (LAPS)
Correct answer: A
Explanation:
References:https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ESAE_BM
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ESAE_BM
Question 7
Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com. 
You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks. 
What should you include in the recommendation?
  1. Provide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to the contoso.com domain.
  2. Provide a Privileged Access Workstation (PAW) for each user in the contoso.com forest. Join each PAW to the contoso.com domain.
  3. Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.
  4. Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.
Correct answer: D
Explanation:
References:https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations
Question 8
Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2016. 
The domain contains a server named Server1 that has Microsoft Security Compliance Manager (SCM) 4.0 installed. 
You export the baseline shown in the following exhibit. 
  
You have a server named Server2 that is a member of a workgroup. 
You copy the {2617e9b1-9672-492b-aefa-0505054848c2} folder to Server2. 
You need to deploy the baseline settings to Server2. 
What should you do?
  1. Download, install, and then run the Lgpo.exe command.
  2. From Group Policy Management, import a Group Policy object (GPO).
  3. From Windows PowerShell, run the Restore-GPO cmdlet.
  4. From Windows PowerShell, run the Import-GPO cmdlet.
  5. From a command prompt, run the secedit.exe command and specify the/import parameter.
Correct answer: D
Explanation:
References:https://anytecho.wordpress.com/2015/05/22/importing-group-policies-using-powershell-almost/
References:
https://anytecho.wordpress.com/2015/05/22/importing-group-policies-using-powershell-almost/
Question 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. 
A technician is testing the deployment of Credential Guard on Server1. 
You need to verify whether Credential Guard is enabled on Server1. 
What should you do?
  1. From a command prompt, run the credwiz.exe command.
  2. From Task Manager, review the processes listed on the Details tab.
  3. From Server Manager, click Local Server, and review the properties of Server1.
  4. From Windows PowerShell, run the Get-WsManCredSSP cmdlet.
  5. From a command prompt, run the tsecimp.exe command.
Correct answer: B
Explanation:
References: https://yungchou.wordpress.com/2016/10/10/credential-guard-made-easy-in-windows-10-version-1607/
References: https://yungchou.wordpress.com/2016/10/10/credential-guard-made-easy-in-windows-10-version-1607/
Question 10
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. 
The services on Server1 are shown in the following output. 
  
Server1 has the AppLocker rules configured as shown in the exhibit. (Click the Exhibit button.) 
  
Rule1 and Rule2 are configured as shown in the following table. 
  
For each of the following statements, select Yes if the statement is true. Otherwise, select No. 
Correct answer: To work with this question, an Exam Simulator is required.
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!