70-744 Exam Details

  • Exam Code
    :70-744
  • Exam Name
    :Securing Windows Server 2016
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :258 Q&As
  • Last Updated
    :Feb 16, 2021

Microsoft 70-744 Online Questions & Answers

  • Question 31:

    HOTSPOT

    Your network contains an Active Directory named contoso.com

    The domain contains the computers configured as shown in the following table.

    Server1 has a share named Share1 that has the following configurations.

    Server1, Computer1, and Computer2 have the connection security rules configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    Hot Area:

  • Question 32:

    HOTSPOT

    Your network contains an Active Directory domain named contoso.com.

    You plan to deploy an application named App1.exe.

    You need to verify whether Control Flow Guard is enabled for App1.exe.

    Which command should you run? To answer, select the appropriate options in the answer area.

    Hot Area:

  • Question 33:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contain an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

    The corporate network uses the 172.16.0.0/24 address space internally.

    Computer1 runs an application named App1 that listens to port 8080.

    You need to prevent connections to App1 when Computer1 is connected to the home network.

    Solution: From Group Policy Management, you create software restriction policy.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 34:

    Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2016.

    You deploy a second Active Directory forest named admin.contoso.com.

    The forest contains a domain member server named Server1. Server1 has Microsoft Identity Manager (MIM) 2016 deployed.

    You need to implement Privileged Access Management (PAM) and to use admin.contoso.com as an administrative forest.

    Which two actions should you perform? Each correct answers presents part of the solution.

    A. From a domain controller in contoso.com. run the New-PAMTrust cmdlet.
    B. From Server1, run the New-PAMDomainConfiguration cmdlet
    C. From a domain controller in admin.contoso.com, run the New-PAMTrust cmdlet.
    D. From a domain controller in contoso.com, run the New-PAMDomainConfiguration cmdlet.
    E. From a domain controller in admin.contoso.com, run the New-PAMDomainConfiguration cmdlet
    F. From Server1, run the New-PAMTrust cmdlet

  • Question 35:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10.

    You plan to deploy a Remote Desktop connection solution for the client computers.

    You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.

    You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.

    Solution: You deploy the Remote Desktop connection solution by using Server4.

    Does this meet the goal?

    A. Yes
    B. No

  • Question 36:

    Your network contains an Active Directory domain.

    Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.

    A database administrator named DBA1 suspects that her user account was compromised.

    Which three events can you identify by using ATA? Each correct answer presents a complete solution.

    A. Spam messages received by DBA1.
    B. Phishing attempts that targeted DBA1
    C. The last time DBA1 experienced a failed logon attempt
    D. Domain computers into which DBA1 recently signed.
    E. Servers that DBA1 recently accessed.

  • Question 37:

    Your network contains an Active Directory domain. All the computers in the domain are configured for the Local Administrator Password Solution (LAPS). The Group Policy object (GPO) settings for LAPS are configured as shown in the exhibit. (Click the Exhibit tab.)

    You provide a technician with the local administrator password for a computer named Computer1. What is the maximum amount of time the password will be valid?

    A. 30 minutes
    B. 3 days
    C. 30 days
    D. 365 days

  • Question 38:

    Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. A user named User1 is a member of the local Administrators group. Server1 has the AppLocker rules configured as shown in follow:

    Rule1 and Rule2 are configured as shown in the following table:

    You verify that User1 is unable to run App2.exe on Server1.

    Which changes will allow User1 to run D:\\Folder1\\Program.exe and D:\\Folder2\\App2.exe? Choose Two.

    A. User1 can run D:\\Folder1\\Program.exe if Program.exe is moved to another folder
    B. User1 can run D:\\Folder1\\Program.exe if Program.exe is renamed
    C. User1 can run D:\\Folder1\\Program.exe if Program.exe is updated
    D. User1 can run D:\\Folder2\\App2.exe if App2.exe is moved to another folder
    E. User1 can run D:\\Folder2\\App2.exe if App2.exe is renamed
    F. User1 can run D:\\Folder2\\App2.exe if App2.exe is upgraded

  • Question 39:

    Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is

    exactly the same in each question in this series.

    Start of repeated scenario

    Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.

    The domain contains the servers configured as shown in the following table.

    All servers run Windows Server 2016. All client computers run Windows 10.

    You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers

    that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.

    You install Windows Defender on Nano1.

    End of repeated scenario

    You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.

    Which cmdlet should you run?

    A. Set-StorageSetting
    B. Set-FsrmFileScreenException
    C. Set-MpPreference
    D. Set-DtcAdvancedSetting

  • Question 40:

    Your network has an internal network and a perimeter network. Only the servers on the perimeter network can access the Internet. You create a Microsoft Operations Management Suite (OMS) instance in Microsoft Azure.

    You deploy Microsoft Monitoring Agent to all the servers on both the networks.

    You discover that only the servers on the perimeter network report to OMS.

    You need to ensure that all the servers report to OMS.

    What should you do?

    A. Install a Web Application Proxy on the perimeter network and install an OMS Gateway on the internal network. Publish the OMS Gateway from the Web Application Proxy.
    B. Install a Web Application Proxy and an OMS Gateway on the perimeter network. Publish the OMS Gateway from the Web Application Proxy.
    C. Configure the network firewalls to allow the internal servers to access the IP addresses of the Azure OMS instance by using TCP port 443.
    D. On the internal servers, run the Add-AzureRmUsageConnect cmdlet and specify the -AdminUri parameter.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 70-744 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.