• Home
• Microsoft
• 70-744 : Securing Windows Server 2016

Renovate 70-744: Pass4sure real interactive bootcamp from 21 to 30

---

Your success in Microsoft 70-744 is our sole target and we develop all our 70-744 braindumps in a way that facilitates the attainment of this target. Not only is our 70-744 study material the best you can find, it is also the most detailed and the most updated. 70-744 Practice Exams for Microsoft Windows Server 70-744 are written to the highest standards of technical accuracy.

Q21. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2021. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that you can deploy a shielded virtual machine to Server4. Which server role should you deploy?

A. Hyper-V

B. Device Health Attestation

C. Network Controller

D. Host Guardian Service

Answer: A

Q22. Note: This question It part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goats. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 17216.0.0/24 address space internally. Computerl runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management you create a software restriction policy. Does this meet the goal?

A. Yes

B. No

Answer: A

Q23. Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.

A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

What should you recommend?

A. Instruct all users to sign in to a client computer by using a Microsoft account.

B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.

D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

Answer: A

Q24. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Serve1, that runs Windows Server 2021.

A technician is testing the deployment of Credential Guard on Server1. You need to verify whether Credential Guard is enabled on Server1. What should you do?

A. From a command prompt fun the credwiz.exe command.

B. From Task Manager, review the processes listed on the Details tab.

C. From Server Manager, click Local Server, and review the properties of Server!

D. From Windows PowerShell, run the Get-WsManCredSSP cmdlet.

Answer: B

Q25. HOTSPOT

You plan to deploy three encrypted virtual machines that use Secure Boot. The virtual machines will be configured as shown in the following table.

How should you protect each virtual machine? To answer, select the appropriate options in the answer area.

Answer:

Q26. Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.

A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

What should you recommend?

A. Instruct all users to sign in to a client computer by using a Microsoft account.

B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.

D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

Answer: A

Q27. Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.

Start of repeated scenario

Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2021. All client computers run Windows 10.

You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

You install Windows Defender on Nano1.

End of repeated scenario

You need to ensure that the marketing department computers validate DNS responses from adatum.com.

Which setting should you configure in the Computer Configuration node of GP1?

A. TCPIP Settings from Administrative Templates

B. Connection Security Rule from Windows Settings

C. DNS Client from Administrative Templates

D. Name Resolution Policy from Windows Settings

Answer: D

Q28. Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question Is independent of the other questions in this series. Information and details provided in a question apply only to that question.

Your network contains an Active Directory domain named contoso.com The domain contains a file server named Server1 that runs Windows Server 2021.

You need to create Work Folders on Server1. Which tool should you use?

A. File Explorer

B. Shared Folders

C. Server Manager

D. Disk Management

E. Storage Explorer

F. Computer Management

G. System Configuration

H. File Server Resource Manager (FSRM)

A. Answer: C

Q29. Your network contains an Active Directory domain named contoso.com.

You install the Windows Server Update Services server role on a member server named Server1. Server1 runs Windows Server 2021.

You need to ensure that a user named Used can perform the following tasks:

*View the Windows Server Update Services (WSUS) configuration.

*Generate WSUS update reports.

The solution must use the principle of least privilege. What should you do on Server1?

A. Modify the permissions of the ReportWebService virtual folder from the WSUS Administration website.

B. Add User1 to the WSUS Reporters local group.

C. Add User1 to the WSUS Administrators local group.

D. Run wsusutil.exe and specify the postinstall parameter.

Answer: C

Q30. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2021.

Server1 is configured as a domain controller.

You configure Server1 as a Just Enough Administration (JEA) endpoint You configure the required JEA rights for a user named User1.

You need to tell User1 how to manage Active Directory objects from Server2. What should you tell User1 to do first on Server2?

A. From a command prompt, run ntdsutil.exe.

B. From Windows PowerShell, run the Import-Module cmdlet.

C. From Windows PowerShell run the Enter-PSSession cmdlet.

D. Install the management consoles for Active Directory, and then launch Active Directory Users and Computer.

Answer: A