Microsoft 70-744 Dumps Questions 2019

70-744 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

https://www.2passeasy.com/dumps/70-744/

Your success in is our sole target and we develop all our in a way that facilitates the attainment of this target. Not only is our material the best you can find, it is also the most detailed and the most updated. for Microsoft 70-744 are written to the highest standards of technical accuracy.

Microsoft 70-744 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Server Update Services server role installed.
Windows Server Update Services (WSUS) updates for Server1 are stored on a volume named D. The hard disk that contains volume D fails.
You replace the hard disk. You recreate volume D and the WSUS folder hierarchy in the volume. You need to ensure that the updates listed in the WSUS console are available in the WSUS folder. What should you run?

  • A. wsusutil.exe /import
  • B. wsusutil.exe /reset
  • C. Set-WsusServerSynchronization
  • D. Invoke-WsusServerCleanup

Answer: B

Explanation: https://technet.microsoft.com/en-us/library/cc720466%28v=ws.10%29.aspx?f=255&MSPPError=- 2147217396
WSUSutil.exe is a tool that you can use to manage your WSUS server from the command line.
WSUSutil.exe
is located in the %drive%\\Program Files\\Update Services\\Tools folder on your WSUS server.
You can run specific commands with WSUSutil.exe to perform specific functions, as summarized in the
following table.
The syntax you would use to run WSUSutil.exe with specific commands follows the table.
70-744 dumps exhibit

NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You run the command New-NetFirewallRule -DisplayName “Rule1” -Direction Inbound - Program “D:\\Apps\\App1.exe” –Action Allow -Profile Domain
Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation: Tested correct cmdlet, worked, and the profile “Domain” for corporate network is also correct.
70-744 dumps exhibit

NEW QUESTION 3
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options. Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

NEW QUESTION 4
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016.
You implement a single-domain administrative forest named admin.contoso.com that has Enhanced Security Administrative Environment (ESAE) deployed.
You have an administrative user named Admin1 in admin.contoso.com.
You need to ensure that Admin1 can manage the domain controllers in contoso.com. To which group should you add Admin1?

  • A. Contoso\\Domain Admins
  • B. Admin\\Administrators
  • C. Admin\\Domain Admins
  • D. Contoso\\Administrators

Answer: D

Explanation: admin.contoso.com (NetBIOS domain name “ADMIN\\”) is the administrative domain. contoso.com (NetBIOS domain name “CONTOSO\\” ) is the corporate resource domain. See below.
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securingprivilegedaccess- reference-material
70-744 dumps exhibit

NEW QUESTION 5
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.
70-744 dumps exhibit
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
You need to ensure that you can view Windows PowerShell code that was generated dynamically and executed on the computers in OU1.
What would you configure in GP1?

  • A. Object Access\\Audit Application Generated from the advanced audit policy
  • B. Turn on PowerShell Script Block Logging from the PowerShell settings
  • C. Turn on Module Logging from the PowerShell settings
  • D. Object Access\\Audit Other Object Access Events from the advanced audit policy

Answer: B

Explanation: https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_script
While Windows PowerShell already has the LogPipelineExecutionDetails Group Policy setting to log the
invocation of cmdlets, PowerShell’s scripting language has plenty of features that you might want to log and/or audit.
The new Detailed Script Tracing feature lets you enable detailed tracking and analysis of Windows PowerShell scripting use on a system.
After you enable detailed script tracing, Windows PowerShell logs all script blocks to the ETW event log,
Microsoft-Windows-PowerShell/Operational.
If a script block creates another script block (for example, a script that calls the Invoke-Expression cmdlet on a string), that resulting script block is logged as well.
Logging of these events can be enabled through the Turn on PowerShell Script Block Logging Group Policy
setting (in Administrative Templates -> Windows Components -> Windows PowerShell).

NEW QUESTION 6
You have a server named Server1 that runs Windows Server 2016.
You need to identify whether ICMP traffic is exempt from IPsec on Server1. Which cmdlet should you use?

  • A. Get-NetIPSecRule
  • B. Get-NetFirewallRule
  • C. Get-NetFirewallProfile
  • D. Get-NetFirewallSetting
  • E. Get-NetFirewallPortFilter
  • F. Get-NetFirewallAddressFilter
  • G. Get-NetFirewallSecurityFilter
  • H. Get-NetFirewallApplicationFilter

Answer: D

Explanation: The Get-NetFirewallSetting cmdlet retrieves the global firewall settings of the target computer. The NetFirewallSetting object specifies properties that apply to the firewall and IPsec settings, no matter which
network profile is currently in use.
The global configurations include viewing the active profile, exemptions, specified certification validation levels, and user and computer authorization lists.
70-744 dumps exhibit

NEW QUESTION 7
Your network contains an Active Directory domain named contoso.com. The domain contains two DNS servers that run Windows Server 2016. The servers host two zones named contoso.com and admin.contoso.com. You sign both zones.
You need to ensure that all client computers in the domain validate the zone records when they query the zone.
What should you deploy?

  • A. a Microsoft Security Compliance Manager (SCM) policy
  • B. a zone transfer policy
  • C. a Name Resolution Policy Table (NRPT)
  • D. a connection security rule

Answer: C

Explanation: You should use Group Policy NRPT to for a DNS Client to perform DNSSEC validation of DNS zone records.
70-744 dumps exhibit

NEW QUESTION 8
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The hardware configuration on Server1 meets the requirements for Credential Guard. You need to enable Credential Guard on Server1.
What should you do? To answer, select the appropriate options in the answer area.
70-744 dumps exhibit

    Answer:

    Explanation: References:
    https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guardrequirements https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guardmanage# hardware-readiness-tool
    70-744 dumps exhibit
    70-744 dumps exhibit
    70-744 dumps exhibit

    NEW QUESTION 9
    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
    You need to allow network administrators to use Just Enough Administration (JEA) to change the
    TCP/IP settings on Server1. The solution must use the principle of least privilege. How should you configure the session configuration file?

    • A. Set RunAsVirtualAccount to $false and set RunAsVirtualAccountGroups to Contoso\Network Configuration Operators.
    • B. Set RunAsVirtualAccount to $true and set RunAsVirtualAccountGroups to Contoso\Network Configuration Operators.
    • C. Set RunAsVirtualAccount to $false and set RunAsVirtualAccountGroups to Network Configuration Operators.
    • D. Set RunAsVirtualAccount to $true and set RunAsVirtualAccountGroups to Network Configuration Operators.

    Answer: D

    Explanation:
    References:
    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/newpssessionconfigurationfile? view=powershell-6

    NEW QUESTION 10
    HOTSPOT
    You manage a guarded fabric in TPM-trusted attestation mode.
    You plan to create a virtual machine template disk for shielded virtual machines. You need to create the virtual machine disk that you will use to generate the template.
    How should you configure the disk? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
    70-744 dumps exhibit

      Answer:

      Explanation: References:
      https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/ guarded-fabric-configuration-scenarios-for-shielded-vms-overview
      https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801

      NEW QUESTION 11
      You have a Hyper-V host named Hyperv1 that has a virtual machine named FS1. FS1 is a file server that contains sensitive data.
      You need to secure FS1 to meet the following requirements:
      -Prevent console access to FS1.
      -Prevent data from being extracted from the VHDX file of FS1.
      Which two actions should you perform? Each correct answer presents part of the solution.

      • A. Enable BitLocker Drive Encryption (BitLocker) for all the volumes on FS1
      • B. Disable the virtualization extensions for FS1
      • C. Disable all the Hyper-V integration services for FS1
      • D. On Hyperv1, enable BitLocker Drive Encryption (BitLocker) for the drive that contains the VHDX file for FS1.
      • E. Enable shielding for FS1

      Answer: AE

      Explanation: -Prevent console access to FS1. –> Enable shielding for FS1
      -Prevent data from being extracted from the VHDX file of FS1. –> Enable BitLocker Drive Encryption (BitLocker) for all the volumes on FS1

      NEW QUESTION 12
      The Job Title attribute for a domain user named User1 has a value of Sales Manager. User1 runs whoami /claims and receives the following output:
      70-744 dumps exhibit
      Kerberos support for Dynamic Access Control on this device has been disabled.
      You need to ensure that the security token of User1 has a claim for Job Title. What should you do?

      • A. From Windows PowerShell, run the New-ADClaimTransformPolicy cmdlet and specify the -Name parameter
      • B. From Active Directory Users and Computers, modify the properties of the User1 account.
      • C. From Active Directory Administrative Center, add a claim type.
      • D. From a Group Policy object (GPO), configure KDC support for claims, compound authentication, and Kerberos armoring.

      Answer: C

      Explanation: From the output, obviously, a claim type is missing (or disabled) so that the domain controller is not issuing
      tickets with the “Job Title” claim type.

      NEW QUESTION 13
      You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.
      You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C: on VM1. What should you do?

      • A. From Server1, install the BitLocker feature.
      • B. From Server1, enable nested virtualization for VM1.
      • C. From VM1, configure the Require additional authentication at startup Group Policy setting.
      • D. From VM1, configure the Enforce drive encryption type on fixed data drives Group Policy settin

      Answer: C

      Explanation: https://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
      If you don’t use TPM for protecting a drive, there is no such Virtual TPM or VM Generation, or VM Configuration
      version requirement, you can even use Bitlocker without TPM Protector with earlier versions of Windows. How to Use BitLocker Without a TPM
      You can bypass this limitation through a Group Policy change. If your PC is joined to a business or school
      domain, you can’t change the Group Policy setting
      yourself. Group policy is configured centrally by your network administrator.
      To open the Local Group Policy Editor, press Windows+R on your keyboard, type “gpedit.msc” into the Run
      dialog box, and press Enter.
      Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating
      System Drives in the left pane.
      70-744 dumps exhibit
      Double-click the “Require additional authentication at startup” option in the right pane.
      70-744 dumps exhibit
      Select “Enabled” at the top of the window, and ensure the “Allow BitLocker without a compatible TPM
      (requires a password or a startup key on a USB flash drive)” checkbox is enabled here.
      Click “OK” to save your changes. You can now close the Group Policy Editor window. Your change takes effect immediately—you don’t even need to reboot.

      NEW QUESTION 14
      DRAG DROP
      Your network contains an Active Directory domain named contoso.com. The domain contains several Hyper-V hosts.
      You deploy a server named Server22 to a workgroup. Server22 runs Windows Server 2016. You need to configure Server22 as the primary Host Guardian Service server.
      Which three cmdlets should you run in sequence? To answer move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
      70-744 dumps exhibit

        Answer:

        Explanation: References:
        https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/ guarded-fabric-setting-up-the-host-guardian-service-hgs

        NEW QUESTION 15
        Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run either Windows Server 2012 or Windows Server 2012 R2.
        You plan to implement Just Enough Administration (JEA) to manage all of the servers.
        What should you install on each server to ensure that the servers can be managed by using JEA?

        • A. Remote Server Administration Tools (RSAT)
        • B. Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
        • C. Management Odata Internet Information Services (IIS) Extension
        • D. Windows Management Framework 5.0

        Answer: D

        Explanation: https://msdn.microsoft.com/en-us/library/dn896648.aspx Get JEA
        The current release of JEA is available on the following platforms: Windows Server
        Windows Server 2016 Technical Preview 5 and higher
        Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2* with Windows Management Framework 5.0 installed

        NEW QUESTION 16
        Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
        After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
        Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.
        You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.
        Solution: You deploy one physical computer and configure it as a Hyper-V host that runs Windows Server 2016. You create 10 virtual machines and configure each one as a PAW.
        Does this meet the goal?

        • A. Yes
        • B. No

        Answer: B

        Explanation: References:
        https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privilegedaccess/privileged-access-workstations

        NEW QUESTION 17
        ____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

        • A. Network Unlock
        • B. EFS recovery agent
        • C. JEA
        • D. Credential Guard

        Answer: A

        Explanation: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enablenetwork- unlock

        Recommend!! Get the Full 70-744 dumps in VCE and PDF From Certleader, Welcome to Download: https://www.certleader.com/70-744-dumps.html (New 176 Q&As Version)