You have two servers named Server1 and Server2 that run Windows Server 2016. The servers are in a workgroup.
You need to create a security template that contains the security settings of Server1 and to apply the template to Server2. The solution must minimize administrative effort.
Which snap-in should you use for each server? To answer, drag the appropriate snap-ins to the correct servers. Each snap-in may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers
that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that when a configuration change is made on Nano2, Nano2 will revert back to the original configuration automatically.
What should you do first?
A. Enable File History for all volumes.Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario b repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
All servers run Windows Server 2016. All client computers run Windows 10.
The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers
that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to disable SMB 1.0 on Server2.
What should you do?
A. From File Server Resource Manager, create a classification rule.Your network contains an Active Directory domain.
You plan to implement Dynamic Access Control.
You need to create a central access rule that will grant permissions to users who have the Department attribute set to Finance. The users must have access to resources that have the Department property set to Finance.
Which two actions should you perform before you create the central access rule? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Enable a claim typeYour network contains an Active Directory domain named contoso.com.
The domain contains a computer named Computer1 that runs Windows 10.
The network uses the 172.16.0.0/16 address space.
Computer1 has an application named App1.exe that is located in D:\\Apps\\.
App1.exe is configured to accept connections on TCP port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You run the New-NetFirewallRule -DisplayName "Rule1" -Direction Inbound -LocalPort 8080 -Protocol TCP -Action allow -Profile Domain Command.
Does this meet the goal?
A. YesYour network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1. OU1 contains a server named Server1. The properties of Server1 are shown in the Server1 exhibit. (Click the Server1 tab.)

You create a Group Policy object (GPO) linked to OU1. You configure the GPO as shown in the LAPS exhibit. (Click the LAPS tab.)

You need to ensure that the password of the local Administrator of Server1 is managed by using Local Administrator Password Solution (LAPS). Which cmdlet should you run?
A. Reset-AdmPwdPasswordHOTSPOT
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named OU1 that contains Server1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit. (Click the Exhibit button.)

User1 has permissions to two files on Server1 configured as shown in the following table.

From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is
exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named constoso.com. The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO)
named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?
A. From the properties of OU2, modify the Security settings.Your network contains an Active Directory forest named corp.contoso.com.
You are implementing Privileged Access Management (PAM) by using a bastion forest named priv.contoso.com.
You need to create shadow groups in priv.contoso.com.
Which cmdlet should you use?
A. New-RoleGroupYour network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?
A. YesNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.