Microsoft Securing Windows Server 2016 (70-744) Free Practice Test
Question 1
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers.
You duplicate the Code Signing certificate template and name the new template Codeintegrity.
How should you configure the CodeIntegrity template?
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers.
You duplicate the Code Signing certificate template and name the new template Codeintegrity.
How should you configure the CodeIntegrity template?
Correct Answer: D
Question 2
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question Is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com The domain contains a file server named Server1 that runs Windows Server 2016.
You need to create Work Folders on Server1.
Which tool should you use?
Your network contains an Active Directory domain named contoso.com The domain contains a file server named Server1 that runs Windows Server 2016.
You need to create Work Folders on Server1.
Which tool should you use?
Correct Answer: F
Question 4
Your network contains an Active Directory domain named contoso.com.
The domain contains four global groups named Group].., Group2, Group3, and Group4.A user named User1 is a member of Group3.
You have an organizational unit (OU) named OU1 that contains computer accounts.
A Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table:
You need to ensure that User1 can access the shares on Computer1. What should you do?
The domain contains four global groups named Group].., Group2, Group3, and Group4.A user named User1 is a member of Group3.
You have an organizational unit (OU) named OU1 that contains computer accounts.
A Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table:
You need to ensure that User1 can access the shares on Computer1. What should you do?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers.
You duplicate the Code Signing certificate template and name the new template Codeintegrity.
How should you configure the CodeIntegrity template?
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers.
You duplicate the Code Signing certificate template and name the new template Codeintegrity.
How should you configure the CodeIntegrity template?
Correct Answer: D
Question 6
Your network contains an Active Directory forest named contoso.com.
The forest has Microsoft Identity Manager (MIM) 2016 deployed.
You implement Privileged Access Management (PAM).
You need to request privileged access from a client computer in contoso.com by using PAM.
How should you complete the Windows PowerShell script? To answer, select the appropriate options in the answer area.
The forest has Microsoft Identity Manager (MIM) 2016 deployed.
You implement Privileged Access Management (PAM).
You need to request privileged access from a client computer in contoso.com by using PAM.
How should you complete the Windows PowerShell script? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation
$PAM = Get-PAMRoleForRequest | ? {$_,DisplayName -eq "CorpAdmins" } New-PAMRequest -role $PAM References:
https://technet.microsoft.com/en-us/library/mt604089.aspx
https://technet.microsoft.com/en-us/library/mt604084.aspx
$PAM = Get-PAMRoleForRequest | ? {$_,DisplayName -eq "CorpAdmins" } New-PAMRequest -role $PAM References:
https://technet.microsoft.com/en-us/library/mt604089.aspx
https://technet.microsoft.com/en-us/library/mt604084.aspx
Question 7
The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 8
Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account.
Which information must you use to configure the Honeytoken account?
You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account.
Which information must you use to configure the Honeytoken account?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 9
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2.
Which four actions should you perform in sequence?
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2.
Which four actions should you perform in sequence?
Correct Answer:
Explanation
Correct Order of Actions:-1. Install ATA Center (on Server1 for example)2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1's ATA Center)4. Install the ATA Lightweight Gateway.Since there are not switch-based port mirroring choice used to capture domain controller's inbound andoutbound traffic, installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.
Correct Order of Actions:-1. Install ATA Center (on Server1 for example)2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1's ATA Center)4. Install the ATA Lightweight Gateway.Since there are not switch-based port mirroring choice used to capture domain controller's inbound andoutbound traffic, installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.
Question 10
HOTSPOT
You manage a guarded fabric in TPM-trusted attestation mode.
You plan to create a virtual machine template disk for shielded virtual machines.
You need to create the virtual machine disk that you will use to generate the template.
How should you configure the disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You manage a guarded fabric in TPM-trusted attestation mode.
You plan to create a virtual machine template disk for shielded virtual machines.
You need to create the virtual machine disk that you will use to generate the template.
How should you configure the disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-conf
https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-conf
https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801
Question 11
Your company has an accounting department.
The network contains an Active Directory domain named contoso.com. The domain contains 10 servers.
You deploy a new server named Server11 that runs Windows Server 2016.
Server11 will host several network applications and network shares used by the accounting department.
You need to recommend a solution for Server11 that meets the following requirements:
-Protects Server11 from address spoofing and session hijacking
-Allows only the computers in We accounting department to connect to Server11 What should you recommend implementing?
The network contains an Active Directory domain named contoso.com. The domain contains 10 servers.
You deploy a new server named Server11 that runs Windows Server 2016.
Server11 will host several network applications and network shares used by the accounting department.
You need to recommend a solution for Server11 that meets the following requirements:
-Protects Server11 from address spoofing and session hijacking
-Allows only the computers in We accounting department to connect to Server11 What should you recommend implementing?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 12
Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines.
You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.
You need to ensure that you can host shielded virtual machines on Server1.
What should you install on Server1?
You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.
You need to ensure that you can host shielded virtual machines on Server1.
What should you install on Server1?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 13
Your network contains an Active Directory domain.
You install Security Compliance Manager (SCM) 4.0 on a server that runs Windows Server 2016.
You need to modify a baseline, and then make the baseline available as a domain policy.
Which four actions should you perform in sequence?
You install Security Compliance Manager (SCM) 4.0 on a server that runs Windows Server 2016.
You need to modify a baseline, and then make the baseline available as a domain policy.
Which four actions should you perform in sequence?
Correct Answer:
Explanation
1. Duplicate a baseline.2. Modify the settings of a baseline.3. Export the baseline as a Group Policy Object (GPO) backup4. Import settings into a Group Policy object (GPO)
1. Duplicate a baseline.2. Modify the settings of a baseline.3. Export the baseline as a Group Policy Object (GPO) backup4. Import settings into a Group Policy object (GPO)
Question 14
You work for a hosting company named Contoso, Ltd.
Contoso has multiple Hyper-V hosts that run Windows Server 2016.
You are configuring Software Defined Networking (SDN).
You need to configure Datacenter Firewall to control the traffic to virtual machines.
Which cmdlet should you use?
Contoso has multiple Hyper-V hosts that run Windows Server 2016.
You are configuring Software Defined Networking (SDN).
You need to configure Datacenter Firewall to control the traffic to virtual machines.
Which cmdlet should you use?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).