70-744 Exam Details

  • Exam Code
    :70-744
  • Exam Name
    :Securing Windows Server 2016
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :258 Q&As
  • Last Updated
    :Feb 16, 2021

Microsoft 70-744 Online Questions & Answers

  • Question 181:

    Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server 2016.

    You deploy a new forest named Priv and set the forest functional level to Windows Server 2016.

    You need to implement Privileged Access Management (PAM).

    What should you do next?

    A. Install Microsoft Identity Manager (MIM) on a server in the Priv forest.
    B. Install Microsoft Identity Manager (MIM) in the Corp forest.
    C. Create shadow accounts in the Priv forest.
    D. Create shadow accounts in the Corp forest.

  • Question 182:

    You network contains an Active Directory forest named contoso.com.

    All domain controllers run Windows Server 2016 Member servers run either Windows Server 2012 R2 or Windows Server 2016.

    Client computers run either Windows 8.1 or Windows 10.

    You need to ensure that when users access files in shared folders on the network, the files are encrypted when they are transferred over the network.

    Solution: You enable SMB encryption on all the computers in domain. Does this meet the goal?

    A. Yes
    B. No

  • Question 183:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows

    image.

    You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

    Solution: You deploy 10 physical computers and configure them as virtualization hosts. You configure the operating system on each host as a PAW. You create a guest virtual machine by using the customized Windows image.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 184:

    Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.

    You need to manage FS1 and FS2 by using Just Enough Administration (JEA). What should you do before you can implement JEA?

    A. Install Microsoft .NET Framework 4.6.2 on FS1
    B. Upgrade DC1 to Windows Server 2016
    C. Install Windows Management Framework 5.0 on FS2.
    D. Deploy Microsoft Identity Manager (MIM) 2016 to the domain.

  • Question 185:

    Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016.

    You need to prevent direct .NET scripts invoked by interactive Windows PowerShell sessions from running on the servers.

    What should you do for each server?

    A. Create an AppLocker rule.
    B. Create a Code Integrity rule.
    C. Disable PowerShell Remoting.
    D. Modify the local Kerberos policy settings.

  • Question 186:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

    A technician is testing the deployment of Credential Guard on Server1.

    You need to verify whether Credential Guard is enabled on Server1.

    What should you do?

    A. From a command prompt, run the credwiz.exe command.
    B. From Task Manager, review the processes listed on the Details tab.
    C. From Server Manager, click Local Server, and review the properties of Server1.
    D. From Windows PowerShell, run the Get-WsManCredSSP cmdlet.
    E. From a command prompt, run the tsecimp.exe command.
    F. From Control Panel, open Credential Manager, and review the list of Windows Credentials.

  • Question 187:

    Your network contains an Active Directory domain named conioso.com. The domain contains 1,000 client computers that run Windows 8.1 and 1,000 client computers that run Windows 10.

    You deploy a Windows Server Update Services (WSUS) server. You create a computer group tor each organizational unit (OU) that contains client computers. You configure all of the client computers to receive updates from WSUS.

    You discover that all of the client computers appear m the Unassigned Computers computer group in the Update Services console.

    You need to ensure that the client computers are added automatically to the computer group that corresponds to the location of the computer account in Active Directory.

    Which two actions should you perform? Each correct answer presents part of the solution.

    A. From Group Policy objects (GPOs), configure the Enable client-side targeting setting.
    B. From the Update Services console, configure the Computers option.
    C. From Active Directory Users and Computers, create a domain local distribution group for each WSUS computer group.
    D. From Active Directory Users and Computers, modify the flags attnbute of each OU.
    E. From the Update Services console, run the WSUS Server Configuration Wizard.

  • Question 188:

    HOTSPOT

    You have a client computer named Computer1 that runs Windows 10 Enterprise.

    You plan to implement Windows Defender Device Guard.

    You enable Device Guard on Computer1, and you create a code integrity policy.

    You need to audit the code integrity policy.

    What should you do? To answer select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 189:

    Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. You create a new bastion forest named admin.contoso.com. The forest

    functional level of admin.contoso.com is Windows Server 2012 R2.

    You need to implement a Privileged Access Management (PAM) solution.

    Which two actions should you perform? Each correct answer presents part of the solution.

    A. Raise the forest functional level of admm.contoso.com.
    B. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
    C. Configure contoso.com to trust admin.contoso.com.
    D. Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
    E. Raise the forest functional level of contoso.com.
    F. Configure admin.contoso.com to trust contoso.com.

  • Question 190:

    You work for a hosting company named Contoso, Ltd.

    Contoso has multiple Hyper-V hosts that run Windows Server 2016.

    You are configuring Software Defined Networking (SDN).

    You need to configure Datacenter Firewall to control the traffic to virtual machines.

    Which cmdlet should you use?

    A. Set-Acl
    B. Grant-VMConnectAccess
    C. New-NetworkControllerAccessControlList
    D. New-NetFirewallRule

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.