70-744 Exam Details

  • Exam Code
    :70-744
  • Exam Name
    :Securing Windows Server 2016
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :258 Q&As
  • Last Updated
    :Feb 16, 2021

Microsoft 70-744 Online Questions & Answers

  • Question 221:

    Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.

    Server1 is configured as a domain controller.

    You configure Server1 as a Just Enough Administration (JEA) endpoint You configure the required JEA rights for a user named User1.

    You need to tell User1 how to manage Active Directory objects from Server2.

    What should you tell User1 to do first on Server2?

    A. From a command prompt, run ntdsutil.exe.
    B. From Windows PowerShell, run the Import-Module cmdlet.
    C. From Windows PowerShell run the Enter-PSSession cmdlet.
    D. Install the management consoles for Active Directory, and then launch Active Directory Users and Computer.

  • Question 222:

    Your network contains an Active Directory domain named contoio.com. The domain contains a server named Server1 that runs Windows Server 2016.

    You have an organizational unit (OU) named Administration that contains the computer account of Server1.

    You import the Active Directory module to Served1.

    You create a Group Policy object (GPO) named GPO1 You link GPO1 to the Administration OU.

    You need to log an event each time an Active Directory cmdlet is executed successfully from Server1.

    What should you do?

    A. From Advanced Audit Policy in GPO1 configure auditing for directory service changes.
    B. Run the (Get-Module ActiveDirectory).LogPipelineExecutionDetails - $false command.
    C. Run the (Get-Module ArtiveDirectory).LogPipelineExecutionDetails = $true command.
    D. From Advanced Audit Policy in GPO1 configure auditing for other privilege use events.
    E. From Administrative Templates in GPO1, configure an Event Logging policy.
    F. From Administrative Templates in GPO1, configure a Windows PowerShell policy.

  • Question 223:

    Your network contains an Active Directory domain named contoso.com. You plan to implement encryption on a file server named Server1. Server1 has TPM 2.0 and uses Secure Boot Server1 has the volumes configured as shown in the following table.

    You need to encrypt the contents of volumes C and G. The solution must use the highest level of security possible.

    What should you use to encrypt the contents of each volume? To answer, drag the appropriate encryption options to the correct volumes. Each encryption option may be used once, more than once, or not at all. You may need to drag the split

    bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    Select and Place:

  • Question 224:

    You have a server named Server1 that runs Windows Server 2016.

    You need to view all of the inbound rules on Server1.

    Which cmdlet should you use?

    A. Get-NetIPSecRule
    B. Get-NetFirewallRule
    C. Get-NetFirewallProfile
    D. Get-NetFirewallSetting
    E. Get-NetFirewallPortFilter
    F. Get-NetFirewallAddressFilter
    G. Get-NetFirewallSecurityFilter
    H. Get-NetFirewallApplicationFilter

  • Question 225:

    Your network contains an Active Directory forest named contoso.com. The functional level of the forest and the domain is Windows Server 2012 R2.

    You plan to use Local Administrator Password Solution (LAPS) for all member servers.

    You need to prepare the forest for LAPS.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Run the Set-AdmPwdComputerSelfPermission cmdlet.
    B. Install the LAPS client-side extension on all domain controllers.
    C. Run the Update-AdmPwdADSchema cmdlet.
    D. Run the Set-AdmPwdAuditing cmdlet.
    E. Deploy an enterprise certification authority (CA).

  • Question 226:

    Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run either Windows Server 2012 or Windows Server 2012 R2.

    You plan to implement Just Enough Administration (JEA) to manage all of the servers.

    What should you install on each server to ensure that the servers can be managed by using JEA?

    A. Remote Server Administration Tools (RSAT)
    B. Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
    C. Management Odata Internet Information Services (IIS) Extension
    D. Windows Management Framework 5.1

  • Question 227:

    Note: This question is part of a series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is Independent of the other questions in this series.

    Information and details provided in a question apply only to that question.

    Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2016.

    Server1 has a volume named Volume1.

    Dynamic Access Control is configured. A resource property named Property1 was created in the domain.

    You need to ensure that Property1 is set to a value of Big for all of the files in Volume1 that are larger than 10 MB.

    Which tool should you use?

    A. File Explorer
    B. Shared Folders
    C. Server Manager
    D. Disk Management
    E. Storage Explorer
    F. Computer Management
    G. System Configuration
    H. File Server Resource Manager (FSRM)

  • Question 228:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.

    You need to prevent NTLM authentication on Server1.

    Solution: From a Group Policy, you configure the Kerberos Policy.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 229:

    HOTSPOT

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of thescenario is exactly the same in each question in this series.

    Start of repeated scenario.

    Your company has a marketing department.

    The network contains an Active Directory domain named constoso.com. The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).

    You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO)

    named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.

    All computers receive updates from Server1. You create an update rule named Update1.

    End of repeated scenario.

    You need to create an Encrypting File System (EFS) data recovery certificate and then add the certificate as an EFS data recovery agent on Server5. What should you use on Server5? To answer, select the appropriate options in the answer area.

    Hot Area:

  • Question 230:

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is

    exactly the same in each question in this series.

    Start of repeated scenario

    Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

    The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10.

    You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers

    that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

    You install Windows Defender on Nano1.

    End of repeated scenario

    You need to ensure that you can deploy a shielded virtual machine to Server4.

    Which server role should you deploy?

    A. Hyper-V
    B. Device Health Attestation
    C. Network Controller
    D. Host Guardian Service

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.