We provide which are the best for clearing 70-744 test, and to get certified by Microsoft Securing Windows Server 2016. The covers all the knowledge points of the real 70-744 exam. Crack your Microsoft 70-744 Exam with latest dumps, guaranteed!
Free 70-744 Demo Online For Microsoft Certifitcation:
NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account. Which information must you use to configure the Honeytoken account?
- A. the SAM account name of User1
- B. the Globally Unique Identifier (GUID) of User1
- C. the SID of User1
- D. the UPN of User1
Explanation: https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-prerequisites A user account of a user who has no network activities.
This account is configured as the ATA Honeytoken user.
To configure the Honeytoken user you need the SID of the user account, not the username.
ATA also enables the configuration of a Honeytoken user, which is used as a trap for malicious actors
authentication associated with this (normally dormant) account will trigger an alert.
NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The services on Server1 are shown in the following output.
Server1 has the AppLocker rules configured as shown in the exhibit (Click the Exhibit button.)
Rule1 and Rule2 are configured a$ shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Explanation: On Server1, User1 can run D:\\Folder2\\App1.exe : Yes On Server1, User1 can run D:\\Folder1\\Program1.exe : Yes
If Program1 is copied from D:\\Folder1 to D:\\Folder2, User1 can run Program1.exe on Server1 : NO
The Application Identity service determines and verifies the identity of an app. Stopping this service will
prevent AppLocker policies from being enforced.
In this question, Server1’s Application Identity service is stopped, therefore, no more enforcement on
AppLocker rules, everyone could run everything on Server1.
NEW QUESTION 3
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that you can implement the Local Administrator Password Solution (LAPS) (or the finance department computers.
What should you do in the contoso.com forest? To answer, select the appropriate options in the answer area.
NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain. What should you recommend?
- A. Instruct all users to sign in to a client computer by using a Microsoft account.
- B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
- C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.
- D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
NEW QUESTION 5
Your network contains an Active Directory domain named contoso.com.
The domain contains 10 servers that run Windows Server 2016 and 800 client computers that run Windows 10.
You need to configure the domain to meet the following requirements:
-Users must be locked out from their computer if they enter an incorrect password twice.
-Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile phone.
You deploy all the components of Microsoft Identity Manager (MIM) 2016.
Which three actions should you perform before you deploy the MIM add-ins and extensions? Each correct answer presents part of the solution.
- A. From a Group Policy object (GPO), configure Public Key Policies
- B. Deploy a Multi-Factor Authentication provider and copy the required certificates to the MIM server.
- C. From the MIM Portal, configure the Password Reset AuthN Workflow.
- D. Deploy a Multi-Factor Authentication provider and copy the required certificates to the client computers.
- E. From a Group Policy object (GPO), configure Security Setting
Explanation: -Users must be locked out from their computer if they enter an incorrect password twice. (E)
-Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile phone. (B and C), detailed configuration process in the following web page.
NEW QUESTION 6
Read the following statement carefully and answer YES or NO.
You create a rule “Allow Everyone to run Windows except Registry Editor” that allows everyone in the organization to run Windows but does not allow anyone to run Registry Editor.
The effect of this rule would prevent users such as help desk personnel from running a program that is necessary for their support tasks.
To resolve this problem, you create a second rule that applies to the Helpdesk user group: “Allow Helpdesk to run Registry Editor.”
However, if you created a deny rule that did not allow any users to run Registry Editor, would the deny rule override the second rule that allows the Helpdesk user group to run Registry Editor?
- A. NO
- B. YES
NEW QUESTION 7
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
You need to prepare the environment to support applying Update1 to the laptops only. What should you do? Choose Two.
- A. Tool to use: Active Directory Administrative Center
- B. Tool to use: Active Directory Users and Computers
- C. Tool to use: Microsoft Intune
- D. Tool to use: Update Services
- E. Type of object to create: A computer group
- F. Type of object to create: A distribution group
- G. Type of object to create: A mobile device group
- H. Type of object to create: A security group
- I. Type of object to create: An OU
NEW QUESTION 8
Your network contains an Active Directory domain named contoso.com. The domain contains two
servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a domain controller.
You configure Server1 as a Just Enough Administration (JEA) endpoint You configure the required JEA rights for a user named User1.
You need to tell User1 how to manage Active Directory objects from Server2. What should you tell User1 to do first on Server2?
- A. From a command prompt, run ntdsutil.exe.
- B. From Windows PowerShell, run the Import-Module cmdlet.
- C. From Windows PowerShell run the Enter-PSSession cmdlet.
- D. Install the management consoles for Active Directory, and then launch Active Directory Users and Computer.
NEW QUESTION 9
You have a file server named Server1 that runs Windows Server 2016. A new policy states that ZIP files must not be stored on Server1.
An administrator creates a file screen filter as shown in the following output
You need to prevent users from storing ZIP files on Server1, what should you do?
- A. Enable Quota Management on all the drives.
- B. Add a template to the filter.
- C. Change the filter to active.
- D. Configure File System (Global Object Access Auditing).
Explanation: “Active : False”, then it is a Passive Filescreen filther which will not block unwanted file types.
NEW QUESTION 10
Your network contains an Active Directory domain.
You install Security Compliance Manager (SCM) 4.0 on a server that runs Windows Server 2016. You need to modify a baseline, and then make the baseline available as a domain policy.
Which four actions should you perform in sequence?
NEW QUESTION 11
You have the Windows Server 2016 operating system images as following table.
Your company’s security policy states that you must minimize the attack surface when provisioning new servers.
You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment?
- A. image1
- B. image2
- C. image3
- D. image4
Explanation: https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/ guarded-fabricprepare-for-hgs
Hardware: HGS can be run on physical or virtual machines, but physical machines are recommended. If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers.
(As a best practice for clustering, the three servers should have very similar hardware.)
Operating system: Windows Server 2016, Standard or Datacenter edition. <—- so you cannot use Server Core or Nano Server for running Host
Server Roles: Host Guardian Service and supporting server roles.
Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwarding
between the fabric (host) domain and the HGS domain.
If you are using Admin-trusted attestation (AD mode), you will need to configure an Active Directory trust
between the fabric domain and the HGS domain.
NEW QUESTION 12
Vout network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2016.
The domain contains a server named Serverl that has Microsoft Security Compliance Manager (SCM)
You export the baseline shown in the following exhibit.
You have a server named Server2 that is a member of a workgroup.
You copy the (2617e9b1-9672-492b-aefa-0505054848c2) folder to Server2. You need to deploy the baseline settings to Server2.
What should you do?
- A. Download, install, and then fun the Lgpo.exe command.
- B. From Group Policy Management import a Group Policy object (GPO).
- C. From Windows PowerShell, run the Restore-GPO cmdlet.
- D. From Windows PowerShell, run the Import-GPO cmdlet.
- E. From a command prompt run the secedit.exe command and specify the /import paramete
NEW QUESTION 13
You have a file server named FS1 that runs Windows Server 2016. You plan to disable SMB 1.0 on the server.
You need to verify which computers access FS1 by using SMB 1.0. What should you run first?
- A. Debug-FileShare
- B. Set-FileShare
- C. Set-SmbShare
- D. Set-SmbServerConfiguration
- E. Set-SmbClientConfiguration
NEW QUESTION 14
You have a server named Server1 that runs Windows Server 2016.
You need to identify the default action for the inbound traffic when Server1 connects to the domain. Which cmdlet should you use?
- A. Get-NetIPSecRule
- B. Get-NetFirewallRule
- C. Get-NetFirewallProfile
- D. Get-NetFirewallSetting
- E. Get-NetFirewallPortFilter
- F. Get-NetFirewallAddressFilter
- G. Get-NetFirewallApplicationFilter
NEW QUESTION 15
Your network contains an Active Directory domain named contoio.com. The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Served1.
You create a Group Policy object (GPO) named GPO1 You link GPO1 to the Administration OU. You need to log an event each time an Active Directory cmdlet is executed successfully from Server1. What should you do?
- A. From Advanced Audit Policy in GPO1 configure auditing for directory service changes.
- B. Run the (Get-Module ActiveDirectory).LogPipelineExecutionDetails - $false command.
- C. Run the (Get-Module ArtiveDirectory).LogPipelineExecutionDetails = $true command.
- D. From Advanced Audit Policy in GPO1 configure auditing for other privilege use event
NEW QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The domain contains a member server named Servers that runs Windows Server 2016. You need to configure Servers as a Just Enough Administration (JEA) endpoint.
Which two actions should you perform? Each correct answer presents part of the solution.
- A. Create and export a Windows PowerShell session.
- B. Deploy Microsoft Identity Manager (MIM) 2016
- C. Create a maintenance Role Capability file
- D. Generate a random Globally Unique Identifier (GUID)
- E. Create and register a session configuration file.
Explanation: https://docs.microsoft.com/en-us/powershell/jea/role-capabilities https://docs.microsoft.com/en-us/powershell/jea/register-jea
NEW QUESTION 17
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run multiple applications.
Domain user accounts are used to authenticate access requests to the servers. You plan to prevent NTLM from being used to authenticate to the servers. You start to audit NTLM authentication events for the domain.
You need to view all of the NTLM authentication events and to identify which applications authenticate by using NTLM.
On which computers should you review the event logs and which logs should you review?
- A. Computers on which to review the event logs: Only client computers
- B. Computers on which to review the event logs: Only domain controllers
- C. Computers on which to review the event logs: Only member servers
- D. Event logs to review: Applications and Services Logs\\Microsoft\\Windows\\Diagnostics- Networking\\Operational
- E. Event logs to review: Applications and Services Logs\\Microsoft\\Windows\\NTLM\\Operational
- F. Event logs to review: Applications and Services Logs\\Microsoft\\Windows\\SMBClient\\Security
- G. Event logs to review: Windows Logs\\Security
- H. Event logs to review: Windows Logs\\System
Explanation: Do not confuse this with event ID 4776 recorded on domain controller’s security event log!!!
This question asks for implementing NTLM auditing when domain clients is connecting to member servers! See below for further information.
Via lab testing, most of the NTLM audit logs are created on Windows 10 clients, except that you use Windows
Server 2016 OS as clients (but this is unusual)
100% Valid and Newest Version 70-744 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/70-744/ (New 176 Q&As)