70-744 Exam Details

  • Exam Code
    :70-744
  • Exam Name
    :Securing Windows Server 2016
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :258 Q&As
  • Last Updated
    :Feb 16, 2021

Microsoft 70-744 Online Questions & Answers

  • Question 241:

    You have two servers named Server1 and Server2 that run Windows Server 2016. The servers are in a workgroup.

    You need to create a security template that contains the security settings of Server1 and to apply the template to Server2. The solution must minimize administrative effort.

    Which snap-in should you use for each server? To answer, drag the appropriate snap-ins to the correct servers. Each snap-in may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to

    view content.

    NOTE: Each correct selection is worth one point.

    Select and Place:

  • Question 242:

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is

    exactly the same in each question in this series.

    Start of repeated scenario

    Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

    The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10.

    You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers

    that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

    You install Windows Defender on Nano1.

    End of repeated scenario

    You need to ensure that when a configuration change is made on Nano2, Nano2 will revert back to the original configuration automatically.

    What should you do first?

    A. Enable File History for all volumes.
    B. Install the Microsoft-NanoServer-DSC-Package optional package
    C. Install the Microsoft-NanoServer-DCB-Package optional package
    D. Enable System Protection on all volumes
    E. Deploy Microsoft System Center 2016 ?Data Protection Manager (DPM)

  • Question 243:

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario b repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is

    exactly the same in each question in this series.

    Start of repeated scenario

    Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

    All servers run Windows Server 2016. All client computers run Windows 10.

    The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10.

    You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers

    that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

    You install Windows Defender on Nano1.

    End of repeated scenario

    You need to disable SMB 1.0 on Server2.

    What should you do?

    A. From File Server Resource Manager, create a classification rule.
    B. From the properties of each network adapter on Server2. modify the bindings.
    C. From Windows PowerShell, run the Set -SmbClientConfiguration cmdlet.
    D. From Server Manager, remove a Windows feature.

  • Question 244:

    Your network contains an Active Directory domain.

    You plan to implement Dynamic Access Control.

    You need to create a central access rule that will grant permissions to users who have the Department attribute set to Finance. The users must have access to resources that have the Department property set to Finance.

    Which two actions should you perform before you create the central access rule? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    A. Enable a claim type
    B. Create a central access policy
    C. Create a resource property list
    D. Enable a resource property
    E. Create a claim type

  • Question 245:

    Your network contains an Active Directory domain named contoso.com.

    The domain contains a computer named Computer1 that runs Windows 10.

    The network uses the 172.16.0.0/16 address space.

    Computer1 has an application named App1.exe that is located in D:\\Apps\\.

    App1.exe is configured to accept connections on TCP port 8080.

    You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.

    Solution: You run the New-NetFirewallRule -DisplayName "Rule1" -Direction Inbound -LocalPort 8080 -Protocol TCP -Action allow -Profile Domain Command.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 246:

    Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1. OU1 contains a server named Server1. The properties of Server1 are shown in the Server1 exhibit. (Click the Server1 tab.)

    You create a Group Policy object (GPO) linked to OU1. You configure the GPO as shown in the LAPS exhibit. (Click the LAPS tab.)

    You need to ensure that the password of the local Administrator of Server1 is managed by using Local Administrator Password Solution (LAPS). Which cmdlet should you run?

    A. Reset-AdmPwdPassword
    B. Set-AdmPwdComputerSelfPermission
    C. Update-AdmPwdADschema
    D. Set-AdmPwdResetPasswordPermission

  • Question 247:

    HOTSPOT

    Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.

    You have an organizational unit (OU) named OU1 that contains Server1.

    You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.

    A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit. (Click the Exhibit button.)

    User1 has permissions to two files on Server1 configured as shown in the following table.

    From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit. (Click the Exhibit button.)

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    Hot Area:

  • Question 248:

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is

    exactly the same in each question in this series.

    Start of repeated scenario.

    Your company has a marketing department.

    The network contains an Active Directory domain named constoso.com. The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).

    You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO)

    named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.

    All computers receive updates from Server1. You create an update rule named Update1.

    End of repeated scenario.

    You need to ensure that AppLocker rules will apply to the marketing department computers. What should you do?

    A. From the properties of OU2, modify the Security settings.
    B. In GP2, configure the Startup type for the Application Identity service.
    C. From the properties of OU2, modify the COM+ partition Set
    D. In GP2, configure the Startup type for the Application Management service.

  • Question 249:

    Your network contains an Active Directory forest named corp.contoso.com.

    You are implementing Privileged Access Management (PAM) by using a bastion forest named priv.contoso.com.

    You need to create shadow groups in priv.contoso.com.

    Which cmdlet should you use?

    A. New-RoleGroup
    B. New-ADGroup
    C. New-PamRole
    D. New-PamGroup

  • Question 250:

    Your network contains an Active Directory domain named contoso.com.

    The domain contains a server named Server1 that runs Windows Server 2016.

    You need to prevent NTLM authentication on Server1.

    Solution: From a Group Policy, you configure the Security Options.

    Does this meet the goal?

    A. Yes
    B. No

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.