Microsoft 70-744 Online Practice Questions and Exam Preparation

Microsoft 70-744 Online Questions & Answers

• Question 151:

  Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.

  A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

  You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

  What should you recommend?

  A. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
  B. Rename the local Administrators account on the client computers.
  C. Remove all the members from the Domain Admins group, and then remove the Domain Admins group from all other groups.
  D. Instruct all administrators to use a restricted Remote Desktop connection when they sign in to a client computer.
  B. Rename the local Administrators account on the client computers.

  ---

  Reference: https://download.microsoft.com/download/7/7/a/77abc5bd-8320-41af-863c-6ecfb10cb4b9/mitigating%20pass-the-hash%20(pth)%20attacks%20and%20other%20credential%20theft%20techniques_english.pdf

• Question 152:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client computers run Windows 10.

  The relevant objects in the domain are configured as shown in the following table.

  

  You need to assign User1 the right to restore files and folders on Server1 and Server2.

  Solution: You create a Group Policy object (GPO), you link the GPO to the Servers OU, and then you modify the Users Rights Assignment in the GPO.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  References: https://technet.microsoft.com/en-us/library/cc771990(v=ws.11).aspx

• Question 153:

  Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10. A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack

  was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.

  You need to minimize the impact of another successful Pass-the-Hash attack on the domain.

  What should you recommend?

  A. Instruct all users to sign in to a client computer by using a Microsoft account.
  B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
  C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.
  D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
  C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.

  ---

  https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard

  

• Question 154:

  Your network contains two Active Directory forests named corp.contoso.com and priv.contoso.com. Both forests have only a single domain. The priv.contoso.com domain contains a server named Server1 that runs Windows Server 2016.

  You install Microsoft Identity Manager (MIM) 2016 on Server1.

  You plan to deploy MIM-based Privileged Access Management (PAM) between the two forests.

  You run New-PAMTrust in the priv.contoso.com domain.

  You need to configure the trust relationship between the forests to support the PAM deployment.

  Which three settings should you configure for the trust? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. quarantine to no
  B. enablesidhistory to yes
  C. transitive to no
  D. enablepimtrust to yes
  E. foresttransitive to no
  A. quarantine to no
  B. enablesidhistory to yes
  D. enablepimtrust to yes

  ---

  References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/step-5-establish-trust-between-priv-corp-forests

• Question 155:

  You have a file server named Server1 that runs Windows Server 2016.

  A new policy states that ZIP files must not be stored on Server1. An administrator creates a file screen filter as shown in the following output

  Active : False

  Description:

  IncludeGroup: {Compressed Files}

  MatchesTemplate: False

  Notification {MSFT FSRMAction, MSFT FSRMAction}

  Path : C:\\

  Template :

  PSComputerName:

  

  You need to prevent users from storing ZIP files on Server1, what should you do?

  A. Enable Quota Management on all the drives.
  B. Add a template to the filter.
  C. Change the filter to active.
  D. Configure File System (Global Object Access Auditing).
  C. Change the filter to active.

  ---

  "Active : False", then it is a Passive Filescreen filther which will not block unwanted file types.

• Question 156:

  Your network contains an Active Directory Domain named contoso.com. The domain contains 10 servers that run Windows Server 2016 and 800 client computers that run Windows 10. You need to configure the domain to meet the following requirements:

  1.

  Users must be locked out from their computer if they enter an incorrect password twice.

  2.

  Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile phone.

  You deploy all the components of Microsoft Identity Manager (MIM) 2016.

  Which three actions should you perform before you deploy the MIM add-ins and extensions? Each correct answer presents part of the solution.

  A. From a Group Policy object (GPO), configure Public Key Policies
  B. Deploy a Multi-Factor Authentication provider and copy the required certificates to the MIM server.
  C. From the MIM Portal, configure the Password Reset AuthN Workflow.
  D. Deploy a Multi-Factor Authentication provider and copy the required certificates to the client computers.
  E. From a Group Policy object (GPO), configure Security Settings.
  B. Deploy a Multi-Factor Authentication provider and copy the required certificates to the MIM server.
  C. From the MIM Portal, configure the Password Reset AuthN Workflow.
  E. From a Group Policy object (GPO), configure Security Settings.

  ---

  -Users must be locked out from their computer if they enter an incorrect password twice.

  (E)-Users must only be able to unlock a locked account by using a one-time password that is sent to their mobilephone.

  (B and C), detailed configuration process inthe following web page.

  https://docs.microsoft.com/en-us/microsoft-identity-manager/working-with-self-service-passwordreset#prepare-mim-to-work-with-multi-factor-authentication

• Question 157:

  HOTSPOT

  Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

  The services on Server1 are shown in the following output.

  

  Server1 has the AppLocker rules configured as shown in the exhibit. (Click the Exhibit button.)

  

  Rule1 and Rule2 are configured as shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  Hot Area:

  

  

• Question 158:

  You have the Windows Server 2016 operating system images as following table.

  

  .

  Your company's security policy states that you must minimize the attack surface when provisioning new servers.

  You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment?

  A. image1
  B. image2
  C. image3
  D. image4
  C. image3

  ---

  https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricprepare-for-hgs PrerequisitesHardware: HGS can be run on physical or virtual machines, but physical machines are recommended.If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers.(As a best practice for clustering, the three serversshould have very similar hardware.) Operating system: Windows Server 2016, Standard or Datacenter edition. <--- so you cannot useServer Core or Nano Server for running HostGuardian Service.Server Roles: Host Guardian Service and supporting server roles.Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwardingbetween the fabric (host) domain and the HGS domain.If you are using Admin-trusted attestation (AD mode), you will need to configure an Active Directory trustbetween the fabric domain and the HGS domain.

• Question 159:

  Your network contains an Active Directory forest named contoso.com.

  You deploy another Active Directory forest named admin.contoso.com.

  You create a trust relationship between the two forests. The trust relationship has the following configurations:

  SID history is disabled. SID filtering is disabled.

  You need to implement Privileged Access Management (PAM) and to specify admin.contoso.com as an administrative forest.

  What should you do?

  A. Run netdom.exe and specify the /quarantine switch.
  B. Enable SID history on the trust
  C. Run netdom.exe and specify the /transitive switch.
  D. Enable SID filtering on the trust.
  C. Run netdom.exe and specify the /transitive switch.

• Question 160:

  Your network contains an Active Directory domain named contoso.com.

  You create a Microsoft Operations Management Suite (OMS) workspace.

  You need to connect several computers directly to the workspace.

  Which two pieces of information do you require? Each correct answer presents part of the solution.

  A. the ID of the workspace
  B. the name of the workspace
  C. the URL of the workspace
  D. the key of the workspace
  A. the ID of the workspace
  D. the key of the workspace