70-744 Exam Details

  • Exam Code
    :70-744
  • Exam Name
    :Securing Windows Server 2016
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :258 Q&As
  • Last Updated
    :Feb 16, 2021

Microsoft 70-744 Online Questions & Answers

  • Question 231:

    Your network contains an Active Directory domain named contoso.com. The domain contains a file server named FS1 that runs Windows Server 2016. FS1 has a share named SecureFolder.

    You need to track all users who access the contents of SecureFolder.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. From the Default Domain Controller Group Policy object (GPO), enable Audit object access,
    B. From File Explorer, modify the Advanced sharing settings of SecureFolder.
    C. Create a Group Policy object (GPO) and enable Audit object access.
    D. From File Explorer, modify the Advanced security settings of SecureFolder.

  • Question 232:

    Your network contains an Active Directory domain named contoso.com. The domain contains servers that run

    Windows Server 2016.

    You enable Remote Credential Guard on a server named Server1.

    You have an administrative computer named Computer1 that runs Windows 10.

    Computer1 is configured to require Remote Credential Guard.

    You sign in to Computer1 as Contoso\\User1.

    You need to establish a Remote Desktop session to Server1 as Contoso\\ServerAdmin1.

    What should you do first?

    A. Install the Universal Windows Platform (UWP) Remote Desktop application
    B. Turn on virtualization based security
    C. Run the mstsc.exe /remoteGuard
    D. Sign in to Computer1 as Contoso\\ServerAdmin1

  • Question 233:

    HOTSPOT

    Your network contains an Active Directory domain named adatum.com.

    You have a backup of a Group Policy object (GPO) named GPO1 that has the following settings:

    1. Change the system time: User1

    2. Minimum password length: 12 characters

    3. Password must meet complexity requirements: Disabled

    You have a backup of a GPO named GPO2 that has the following settings:

    1. Change the system time: User2

    2. Minimum password length: 7 characters

    3. Password must meet complexity requirements: Not Defined

    You create a GPO named GP03 that has the following settings:

    1. Change the system time: User3

    2. Minimum password length: 9 characters

    3. Password must meet complexity requirements: Enabled

    You import the GPO1 settings into GP03, and then you import the GPO2 settings into GPO3. You need to identify the GPO3 settings after the imports.

    What should you identity? To answer. select the appropriate options of the answer area.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 234:

    Your company has an accounting department.

    The network contains an Active Directory domain named contoso.com. the domain contains 10 servers.

    You deploy a new server named Server11 that runs Windows Server 2016. Server11 will host several network applications and network shares used by the accounting department.

    You need to recommend a solution for Server11 that meets the following requirements:

    1.

    Protects Server11 from address spoofing and session hijacking

    2.

    Allows only the computers in the accounting department to connect to Server11 What should you recommend implementing?

    A. AppLocker rules
    B. Just Enough Administration (JEA)
    C. connection security rules
    D. Privileged Access Management (PAM)

  • Question 235:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.

    On Server1, administrators plan to use several scripts that have the .ps1 extension.

    You need to ensure that when code is generated from the scripts, an event containing the details of the code is logged in the Operational log.

    Which Group Policy setting or settings should you configure?

    A. Enable Protected Event Logging
    B. Audit Process Creation and Audit Process Termination
    C. Turn on PovverShell Script Block Logging
    D. Turn on PowerShell Transcription

  • Question 236:

    Your network contains an Active Directory domain named contoso.com.

    The network contains a server named Server1. Server1 is in a workgroup. Server1 contains sensitive data and will be accessed by a domain-joined computer named Computer1.

    You need to create connection security rules to encrypt the data sent between Server1 and Computer1.

    You need to identify which authentication method to use for the connection security rules. The solution must use the most secure method possible.

    Which authentication method should you identify?

    A. Kerberos V5
    B. a computer certificate
    C. a preshared key
    D. NTLMv2

  • Question 237:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server5 that has the Windows Server Update Services server role installed.

    You need to configure Windows Server Update Services (WSUS) on Server5 to use SSI.

    You install a certificate in the local Computer store.

    Which two tools should you use? Each correct answer presents part of the solution.

    A. Wsusutil
    B. Netsh
    C. Internet Information Services (IIS) Manager
    D. Server Manager
    E. Update Services

  • Question 238:

    You are creating a Nano Server image for the deployment of 10 servers.

    You need to configure the servers as guarded hosts that use Trusted Platform Module (TPM) attestation.

    Which three packages should you include in the Nano Server image? Each correct answer presents part of the solution.

    A. Microsoft-NanoServer-SecureStartup-Package
    B. Microsoft-NanoServer-ShieldedVM-Package
    C. Microsoft-NanoServer-Storage-Package
    D. Microsoft-NanoServer-SCVMM-Compute-Package
    E. Microsoft-NanoServer-SCVMM-Package
    F. Microsoft-NanoServer-Compute-Package

  • Question 239:

    You are building a guarded fabric. You need to configure Admin-trusted attestation. Which cmdlet should you use?

    A. Add-HgsAttestationHostGroup
    B. Add-HgsAttestationTpmHost
    C. Add-HgsAttestationCIPolicy
    D. Add-HgsAttestationTpmPolicy

  • Question 240:

    Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.

    You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.

    What should you include in the recommendation?

    A. Provide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to the contoso.com domain.
    B. Provide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest Join each PAW to the contoso.com domain.
    C. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.
    D. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.