Actual 70-744 Free Practice Questions 2019

70-744 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

https://www.2passeasy.com/dumps/70-744/

We offers . "Securing Windows Server 2016", also known as 70-744 exam, is a Microsoft Certification. This set of posts, Passing the 70-744 exam with , will help you answer those questions. The covers all the knowledge points of the real exam. 100% real and revised by experts!

Free 70-744 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
HOTSPOT
You have 100 computers that run Windows 10 and are members of a workgroup. You need to configure Windows Defender to meet the following requirements:
-Exclude a C:\\Sales\\Salesdb from malware scans.
-Configure a full scan to occur daily.
What should you run to meet each requirement?
70-744 dumps exhibit

    Answer:

    Explanation: https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference Set-MpPreference -ExclusionPath C:\\Sales\\Salesdb
    Set-MpPreference -RemediationScheduleDay Everyday

    NEW QUESTION 2
    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
    Start of repeated scenario
    Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
    The domain contains the servers configured as shown in the following table.
    70-744 dumps exhibit
    All servers run Windows Server 2016. All client computers run Windows 10.
    You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install Windows Defender on Nano1.
    End of repeated scenario
    You need to ensure that when a configuration change is made on Nano2, Nano2 will revert back to the original configuration automatically.
    What should you do first?

    • A. Enable File History for all volumes.
    • B. Install the Microsoft-NanoServer-DSC-Package optional package
    • C. Install the Microsoft-NanoServer-DCB-Package optional package
    • D. Enable System Protection on all volumes
    • E. Deploy Microsoft System Center 2016 – Data Protection Manager (DPM)

    Answer: B

    Explanation: Using PowerShell DSC (Desire State Configuration) to mitigate configuration drift on Nano Server requires
    additional steps, like installing the support package “Microsoft-NanoServer-DSC-Package” https://docs.microsoft.com/en-us/powershell/dsc/nanodsc
    DSC on Nano Server is an optional package in the NanoServer\\Packages folder of the Windows Server 2016 media.
    The package can be installed when you create a VHD for a Nano Server by specifying Microsoft-
    NanoServerDSC-Package as the value of the Packages
    parameter of the New-NanoServerImage function, or the following PowerShell cmdlets on a live Nano server
    “Nano2”.
    Import-PackageProvider NanoServerPackage
    Install-package Microsoft-NanoServer-DSC-Package -ProviderName NanoServerPackage -Force

    NEW QUESTION 3
    Your network contains an Active Directory domain named contoso.com.The domain contains 1,000 client computers that run either Windows 8.1 or Windows 10.
    You have a Windows Server Update Services (WSUS) deployment All client computers receive updates from WSUS.
    You deploy a new WSUS server named WSUS2.
    You need to configure all of the client computers that run Windows 10 to send WSUS reporting data to WSUS2.
    What should you configure?

    • A. an approval rule
    • B. a computer group
    • C. a Group Policy object (GPO)
    • D. a synchronization rule

    Answer: C

    Explanation: https://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx
    Under “Set the intranet update service for detecting updates”, type http://wsus:8530 Under “Set the intranet statistics server”, type http://wsus2:8531
    70-744 dumps exhibit

    NEW QUESTION 4
    You are creating a Nano Server image for the deployment of 10 servers.
    You need to configure the servers as guarded hosts that use Trusted Platform Module (TPM) attestation.
    Which three packages should you include in the Nano Server image? Each correct answer presents part of the solution.

    • A. Microsoft-NanoServer-SecureStartup-Package
    • B. Microsoft-NanoServer-ShieldedVM-Package
    • C. Microsoft-NanoServer-Storage-Package
    • D. Microsoft-NanoServer-SCVMM-Compute-Package
    • E. Microsoft-NanoServer-SCVMM-Package
    • F. Microsoft-NanoServer-Compute-Package

    Answer: ABF

    Explanation: https://docs.microsoft.com/en-us/system-center/vmm/guarded-deploy-host?toc=/windowsserver/virtualization/
    toc.json
    For an SCVMM Managed Nano Server Hyper-V case:
    If your host is running Nano Server Hyper-V host, it should have the Compute, SCVMM-Package,
    SCVMMCompute, SecureStartup, and ShieldedVM packages installed.
    https://docs.microsoft.com/en-us/windows-server/get-started/deploy-nano-server
    For an standalone Nano Server Hyper-V host, no SCVMM related packages are required, only Compute,
    SecureStartup, and ShieldedVM packages are required.
    This table shows the roles and features that are available in this release of Nano Server, along with the
    Windows PowerShell options that will install the packages for them.
    Some packages are installed directly with their own Windows PowerShell switches (such as -
    Compute); others you install by passing package names to the –
    Package parameter, which you can combine in a comma-separated list. You can dynamically list available
    packages using the Get-NanoServerPackage cmdlet.
    70-744 dumps exhibit

    NEW QUESTION 5
    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
    After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
    Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.
    The corporate network uses the 172.16.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080.
    You need to prevent connections to App1 when Computer1 is connected to the home network. Solution: From Windows Firewall in the Control Panel, you add an application and allow the application to communicate through the firewall on a Private network.
    Does this meet the goal?

    • A. Yes
    • B. No

    Answer: B

    Explanation: References:
    http://www.online-tech-tips.com/windows-10/adjust-windows-10-firewall-settings/

    NEW QUESTION 6
    Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
    You deploy the Local Administrator Password Solution (LAPS) to the network.
    You discover that the members of a group named FinanceAdministrators can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers. You need to prevent the FinanceAdministrators members from viewing the local administrators’ passwords on the servers in FinanceServers.
    Which permission should you remove from FinanceAdministrators?

    • A. List contents
    • B. All extended rights
    • C. Read all properties
    • D. Read permissions

    Answer: B

    Explanation: https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-solutionQuestions
    & Answers PDF P-123
    lapsimplementation-hints-and-security-nerd-commentaryincludingmini-threat-model/ Access to the password is granted via the “Control Access” right on the attribute.
    Control Access is an “Extended Right” in Active Directory, which means if a user has been granted the “All
    Extended Rights” permission they’ll be able to see passwords even if you didn’t give them permission.

    NEW QUESTION 7
    HOTSPOT
    Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.
    You have an organizational unit (OU) named OU1 that contains Server1. You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
    A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit (Click the Exhibit button.)
    70-744 dumps exhibit
    User1 has permissions to two files on Server1 configured as shown in the following table.
    70-744 dumps exhibit
    From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit (Click the Exhibit button.)
    70-744 dumps exhibit
    For each of the following statements, select Yes if the statement is true. Otherwise, select No.
    70-744 dumps exhibit

      Answer:

      Explanation: From File Explorer, when User1 double-clicks File1.doc. an event will be logged: Yes From File Explorer, when User1 double-clicks File2.doc. an event will be logged: No
      From Microsoft Word, when User1 attempts to save changes to File1.doc, an event will be logged: No
      From the SACL, only Successful operations by User1 will be logged “Type: Success”.

      NEW QUESTION 8
      You have a server named Server1 that runs Windows Server 2016.
      You need to identity whether any connection security rules are configured on Server1. Which cmdlet should you use?

      • A. Get-NetIPSecRule
      • B. Get-NetFirewallRule C.Get-NetFirewallProfile
      • C. Get-NetFirewallSetting
      • D. Get-NetFirewallPortFilter
      • E. Get-NetFirewallAddressFilter
      • F. Get-NetFirewallSecurityFilter
      • G. Get-NetFirewallApplicationFilter

      Answer: A

      Explanation: https://technet.microsoft.com/en-us/itpro/powershell/windows/netsecurity/get-netipsecrule
      Get-NetIPSecRule displays the existence and details of Connection Security Rules, as connection
      security rules implements IPsec between computers (not using tunnel endpoints) or sites (using tunnel endpoints)

      NEW QUESTION 9
      Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. You need to prevent NTLM authentication on Server1.
      Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet. Does this meet the goal?

      • A. Yes
      • B. No

      Answer: B

      Explanation: ADDS Authentication Policy does not provide ability to prevent the use of NTLM authentication.

      NEW QUESTION 10
      Your network contains an Active Directory domain named contoso.com. The domain contains a
      server named Server5 that has the Windows Server Update Services server role installed. You need to configure Windows Server Update Services (WSUS) on Server5 to use SSI. You install a certificate in the local Computer store.
      Which two tools should you use? Each correct answer presents part of the solution.

      • A. Wsusutil
      • B. Netsh
      • C. Internet Information Services (IIS) Manager
      • D. Server Manager
      • E. Update Services

      Answer: AC

      Explanation: By IIS Manager and “wsusutil configuressl” command https://technet.microsoft.com/en-us/library/bb633246.aspx To configure SSL on the WSUS server by using IIS 7.0
      1) On the WSUS server, open Internet Information Services (IIS) Manager.
      2) Expand Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS
      Administration custom Web site, but the default Web
      site might have been chosen when WSUS was being installed.
      3) Perform the following steps on the APIRemoting30, ClientWebService, DSSAuthWebService,
      ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.
      In Features View, double-click SSL Settings.
      On the SSL Settings page, select the Require SSL checkbox. Ensure that Client certificates is set to Ignore.
      In the Actions pane, click Apply.
      4) Close Internet Information Services (IIS) Manager.
      5) Run the following command from <WSUS Installation Folder>\\Tools: WSUSUtil.exe configuressl
      <Intranet
      FQDN of the software update point site system>.

      NEW QUESTION 11
      You have a server named Server1 that runs Windows Server 2016.
      You need to install Security Compliance Manager (SCM) 4.0 on Server1. What should you install on Server1 first?

      • A. the .NET Framework 3.5 Features feature
      • B. the Active Directory Rights Management Services server role
      • C. the Remote Server Administration Tools feature
      • D. the Group Policy Management feature

      Answer: A

      NEW QUESTION 12
      You have the servers configured as shown in the following table.
      70-744 dumps exhibit
      You purchase a Microsoft Azure subscription, and you create three Microsoft Operations
      Management Suite (OMS) workspaces named Workspace1, Workspace2, and Workspace3
      You need to deploy Microsoft Monitoring Agent to the servers to meet the following requirements:
      -Antimalware data from all the servers must be visible in Workspace1.
      -Security and audit data from the domain controllers and the virtualization hosts must be visible in Workspace2.
      -System update data from all the servers in all the workgroups must be visible in Workspace& How many OMS agents should you deploy?

      • A. 10
      • B. 33
      • C. 73
      • D. 45

      Answer: C

      Explanation: -Antimalware data from all the servers must be visible in Workspace1.
      -Security and audit data from the domain controllers and the virtualization hosts must be visible in Workspace2.
      -System update data from all the servers in all the workgroups must be visible in Workspace& “All the servers” mean all 5 domain controllers, plus all member servers (physical and virtual, domain and
      workgroup) and virtualization hosts, so there are no exemptions.
      All servers in the above table mentioned must install OMS Microsoft Monitoring agents

      NEW QUESTION 13
      Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines.
      You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.
      You need to ensure that you can host shielded virtual machines on Server1. What should you install on Server1?

      • A. Host Guardian Hyper-V Support
      • B. BitLocker Network Unlock
      • C. the Windows Biometric Framework (WBF)
      • D. VM Shielding Tools for Fabric Management

      Answer: A

      Explanation: This questions mentions “The domain contains several shielded virtual machines.”, which indicates a working Host Guardian Service deployment was completed.
      https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/guarded-fabricguarded-host-prerequisites
      For a new Hyper-V server to utilize an existing Host Guardian Service, install the “Host Guardian Hyper-V
      Support”.
      70-744 dumps exhibit

      NEW QUESTION 14
      HOTSPOT
      Your network contains several Windows container hosts.. You plan to deploy three custom .NET applications.
      You need to recommend a deployment solution for the applications. Each application must:
      -be accessible by using a different IP address.
      -have access to a unique file system.
      -start as quickly as possible.
      What should you recommend? To answer, select the appropriate options in the answer area.
      70-744 dumps exhibit

        Answer:

        Explanation: References:
        https://docs.microsoft.com/en-us/dotnet/standard/modernize-with-azure-andcontainers/ modernize-existing-apps-to-cloud-optimized/deploy-existing-net-apps-as-windowscontainers
        https://blogs.msdn.microsoft.com/msgulfcommunity/2015/06/20/what-is-windows-servercontainers- and-hyper-v-containers/

        NEW QUESTION 15
        Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
        You need to implement code integrity policies and sign them by using certificates issued by the CA. You plan to use the same certificate to sign policies on multiple computers.
        You duplicate the Code Signing certificate template and name the new template CodeIntegrity. How should you configure the CodeIntegrity template?

        • A. Enable the Allow private key to be exported setting and modify the Key Usage extension.
        • B. Disable the Allow private key to be exported setting and modify the Application Policies extension.
        • C. Disable the Allow private key to be exported setting and disable the Basic Constraints extension.
        • D. Enable the Allow private key to be exported setting and enable the Basic Constraints extension

        Answer: D

        NEW QUESTION 16
        You deploy the Host Guardian Service (HGS).
        You have several Hyper-V hosts that have older hardware and Trusted Platform Modules (TPMs) version 1.2.
        You discover that the Hyper-V hosts cannot start shielded virtual machines.
        You need to configure HGS to ensure that the older Hyper-V hosts can host shielded virtual machines. What should you do?

        • A. Run the Set-HgsServer cmdlet and specify the -TrustTpm parameter.
        • B. Run the Set-HgsServer cmdlet and specify the -TrustActiveDirectory parameter.
        • C. Run the Clear-HgsServer cmdlet and specify the -Clustername parameter
        • D. Run the Clear-HgsServer cmdlet and specify the -Force parameter.
        • E. It is not possible to enable older Hyper-V hosts to run Shielded virtual machines

        Answer: E

        Explanation: Requirements and Limitations
        There are several requirements for using Shielded VMs and the HGS:
        One bare metal host: You can deploy the Shielded VMs and the HGS with just one host. However,
        Microsoft
        recommends that you cluster HGS for high availability.
        Windows Server 2016 Datacenter Edition: The ability to create and run Shielded VMs and the HGS is only
        supported by Windows Server 2016 Datacenter Edition.
        For Admin-trusted attestation mode: You only need to have server hardware capable of running Hyper-V in
        Windows Server 2016 TP5 or higher.
        For TPM-trusted attestation: Your servers must have TPM 2.0 and UEFI 2.3.1 and they must boot in UEFI
        mode. The hosts must also have secure boot enabled. Hyper-V role: Must be installed on the guarded host. HGS Role: Must be added to a physical host. Generation 2 VMs.
        A fabric AD domain.
        An HGS AD, which in Windows Server 2016 TP5 is a separate AD infrastructure from your fabric AD.

        NEW QUESTION 17
        The “Network Security: Restrict NTLM: NTLM authentication in this domain” policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller.
        Which value would you choose so that the domain controller will deny all NTLM authentication logon attempts using accounts from this domain to all servers in the domain.
        The NTLM authentication attempts will be blocked and will return an NTLM blocked error unless the server name is on the exception list in the Network security: Restrict NTLM: Add server exceptions in this domain policy setting.

        • A. Deny for domain accounts
        • B. Deny for domain accounts to domain servers
        • C. Deny all
        • D. Deny for domain servers

        Answer: B

        P.S. Easily pass 70-744 Exam with 176 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy 70-744 Dumps: https://www.2passeasy.com/dumps/70-744/ (176 New Questions)