Microsoft Securing Windows Server 2016 (070-744) Free Practice Test
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear i n the review screen.
You deploy Windows Server 2016 to a server named Server1,
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you install the PowerShell for Docker module. You restart the server.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear i n the review screen.
You deploy Windows Server 2016 to a server named Server1,
You need to ensure that you can run Windows Containers on Server1.
Solution: On Server1, you enable the Containers feature, and then you install the PowerShell for Docker module. You restart the server.
Does this meet the goal?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 2
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to allow network administrators to use Just Enough Administration (JEA) to change the TCP/IP settings on Server1. The solution must use the principle of least privilege.
How should you configure the session configuration file?
You need to allow network administrators to use Just Enough Administration (JEA) to change the TCP/IP settings on Server1. The solution must use the principle of least privilege.
How should you configure the session configuration file?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
You plan to enable Credential Guard on four servers. Credential Guard secrets will be bound to the TPM.
The servers run Windows Server 2016 and are configured as shown in the following table.
Which of the above server you could enable Credential Guard?
The servers run Windows Server 2016 and are configured as shown in the following table.
Which of the above server you could enable Credential Guard?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 4
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2.
Which four actions should you perform in sequence?
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2.
Which four actions should you perform in sequence?
Correct Answer:
Explanation
Correct Order of Actions:-1. Install ATA Center (on Server1 for example)2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1's ATA Center)4. Install the ATA Lightweight Gateway.Since there are not switch-based port mirroring choice used to capture domain controller's inbound andoutbound traffic, installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.
Correct Order of Actions:-1. Install ATA Center (on Server1 for example)2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1's ATA Center)4. Install the ATA Lightweight Gateway.Since there are not switch-based port mirroring choice used to capture domain controller's inbound andoutbound traffic, installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.
Question 5
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1 that runs Windows Server 2016.
A domain-based Group Policy object (GPO) is used to configure the security policy of Server1.
You plan to use Security Compliance Manager (SCM) 4.0 to compare the security policy of Server1 to the WS2012 DNS Server Security 1.0 baseline.
You need to import the security policy into SCM. What should you do first?
A domain-based Group Policy object (GPO) is used to configure the security policy of Server1.
You plan to use Security Compliance Manager (SCM) 4.0 to compare the security policy of Server1 to the WS2012 DNS Server Security 1.0 baseline.
You need to import the security policy into SCM. What should you do first?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer 1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally. Computer runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Group Policy Management you create an AppLocket rule. Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer 1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally. Computer runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Group Policy Management you create an AppLocket rule. Does this meet the goal?
Correct Answer: A
Question 7
Your network has an internal network and a perimeter network. Only the servers on the perimeter network can access the internet.
You create a Microsoft Operations Management Suite (OMS) instance in Microsoft Azure.
You deploy Microsoft Monitoring Agent to all the servers on both the networks.
You discover that only the servers on the perimeter network report to OMS, You need to ensure that all the servers report to OMS.
What should you do?
You create a Microsoft Operations Management Suite (OMS) instance in Microsoft Azure.
You deploy Microsoft Monitoring Agent to all the servers on both the networks.
You discover that only the servers on the perimeter network report to OMS, You need to ensure that all the servers report to OMS.
What should you do?
Correct Answer: B
Question 8
You have two computers configured as shown in the following table.
You need to ensure that the credentials that you use to establish Remote Desktop sessions from Client1 to Server1 are protected by using Remote CredentialGuard.
You need to ensure that the credentials that you use to establish Remote Desktop sessions from Client1 to Server1 are protected by using Remote CredentialGuard.
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 9
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Server1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to the Administration OU.
You need to log an event each time an Active Directory cmdlet executed successfully from Server1.
What should you do?
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Server1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to the Administration OU.
You need to log an event each time an Active Directory cmdlet executed successfully from Server1.
What should you do?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 10
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 11
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The services on Server1 are shown in the following output.
Server1 has the AppLocker rules configured as shown in the exhibit (Click the Exhibit button.)
Rule1 and Rule2 are configured a$ shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
The services on Server1 are shown in the following output.
Server1 has the AppLocker rules configured as shown in the exhibit (Click the Exhibit button.)
Rule1 and Rule2 are configured a$ shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Correct Answer:
Explanation
On Server1, User1 can run D:\\Folder2\\App1.exe : Yes
On Server1, User1 can run D:\\Folder1\\Program1.exe : Yes
If Program1 is copied from D:\\Folder1 to D:\\Folder2, User1 can run Program1.exe on Server1 : NO
https://docs.microsoft.com/en-us/windows/device-security/applocker/configure-the-application-identity-service The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced.In this question, Server1's Application Identity service is stopped, therefore, no more enforcement onAppLocker rules, everyone could run everything on Server1.
On Server1, User1 can run D:\\Folder2\\App1.exe : Yes
On Server1, User1 can run D:\\Folder1\\Program1.exe : Yes
If Program1 is copied from D:\\Folder1 to D:\\Folder2, User1 can run Program1.exe on Server1 : NO
https://docs.microsoft.com/en-us/windows/device-security/applocker/configure-the-application-identity-service The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced.In this question, Server1's Application Identity service is stopped, therefore, no more enforcement onAppLocker rules, everyone could run everything on Server1.
Question 12
Your network contains an Active Directory domain named contoso.com. The domain contains several Hyper-V hosts.
You deploy a server named Server22 to a workgroup. Server22 runs Windows Server 2016.
You need to configure Server22 as the primary Host Guardian Service server.
Which three cmdlets should you run in sequence? To answer move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
You deploy a server named Server22 to a workgroup. Server22 runs Windows Server 2016.
You need to configure Server22 as the primary Host Guardian Service server.
Which three cmdlets should you run in sequence? To answer move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Correct Answer:
Explanation
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-settin
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-settin