The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
Vendor: Microsoft Exam Code: 70-744 Exam Name: Securing Windows Server 2016 Version: 13.03 Q & As: 154
Guaranteed Success with EnsurePass VCE Software & PDF File
Why do you choose EnsurePass.com for your exam Preparation: 1. Real Exam Questions and Answers with PDF and VCE Files. 2. Free VCE Software 3. We do provide Personal Consulting Services. 4. Money Back Guarantee.
How to buy: 70-744 Exam Questions & Answers http://www.ensurepass.com/70-744.html
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
QUESTION 1 Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. You deploy five servers to the perimeter network. All of the servers run Windows Server 2016 and are the members of a workgroup. You need to apply a security baseline named Perimeter.inf to the servers in the perimeter network. What should you use to apply Perimeter.inf? A. B. C. D.
Local Computer Policy Security Configuration Wizard (SCW) Group Policy Management Server Manager
Correct Answer: A Explanation: https://docs.microsoft.com/en-us/windows-server/get-started/deprecated-features https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-objectutility-v1-0/ https://msdn.microsoft.com/en-us/library/bb742512.aspx
Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
QUESTION 2 The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2. Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
All computers receive updates from Server1. You create an update rule named Update1. You need to create a Role Capability file on Server3. Which file should you create? A. B. C. D.
File1.xml File1.ini File1.ps1 File1.psrc
Correct Answer: D
QUESTION 3 You deploy the Host Guardian Service (HGS). You have several Hyper-V hosts that have older hardware and Trusted Platform Modules (TPMs) version 1.2. You discover that the Hyper-V hosts cannot start shielded virtual machines. You need to configure HGS to ensure that the older Hyper-V hosts can host shielded virtual machines. What should you do? A. B. C. D. E.
Run the Set-HgsServer cmdlet and specify the -TrustTpm parameter. Run the Set-HgsServer cmdlet and specify the -TrustActiveDirectory parameter. Run the Clear-HgsServer cmdlet and specify the -Clustername parameter Run the Clear-HgsServer cmdlet and specify the -Force parameter. It is not possible to enable older Hyper-V hosts to run Shielded virtual machines
Correct Answer: E Explanation: Requirements and LimitationsThere are several requirements for using Shielded VMs and the HGS:One bare metal host: You can deploy the Shielded VMs and the HGS with just one host. However, Microsoftrecommends that you cluster HGS for high availability.Windows Server 2016 Datacenter Edition: The ability to create and run Shielded VMs and the HGS is only supported by Windows Server 2016 Datacenter Edition. For Admin-trusted attestation mode: You only need to have server hardware capable of running Hyper-V inWindows Server 2016 TP5 or higher. For TPM-trusted attestation: Your servers must have TPM 2.0 and UEFI 2.3.1 and they must boot in UEFImode. The hosts must also have secure boot enabled. Hyper-V role: Must be installed on the guarded host. HGS Role: Must be added to a physical host.Generation 2 VMs.A fabric AD domain.An HGS AD, which in Windows Server 2016 TP5 is a separate AD infrastructure from your fabric AD.
QUESTION 4 Note: This question b part of a series of questions that use the same or simitar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question. Your network contains an Active Directory domain named contoso.com The domain contains a server named Server1 that runs Windows Server 2016. Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
Server1 has a shared folder named Share1. You need to ensure that all access to Share1 uses SMB Encryption. Which tool should you use? A. B. C. D. E. F. G. H.
File Explorer Shared Folders Server Manager Disk Management Storage Explorer Computer Management System Configuration File Server Resource Manager (FSRM)>
Correct Answer: C Explanation: https://blogs.technet.microsoft.com/filecab/2012/05/03/smb-3-security-enhancements-inwindows-server-2012/
QUESTION 5 Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Servers that runs Windows Server 2016. You need to configure Servers as a Just Enough Administration (JEA) endpoint. Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
Which two actions should you perform? Each correct answer presents part of the solution. A. B. C. D. E.
Create and export a Windows PowerShell session. Deploy Microsoft Identity Manager (MIM) 2016 Create a maintenance Role Capability file Generate a random Globally Unique Identifier (GUID) Create and register a session configuration file.
Correct Answer: CE Explanation: https://docs.microsoft.com/en-us/powershell/jea/role-capabilities https://docs.microsoft.com/en-us/powershell/jea/register-jea
QUESTION 6 HOTSPOT You have a Hyper-V host named Server1 that runs Windows Server 2016. A new security policy states that all the virtual machines must be encrypted. Server1 hosts the virtual machines configured as shown in the following table.
An administrator runs the following commands. Get -VM | Stop-VM Get -VM | Update-VMVersion Get -VM | Start-VM For each of the following statements, Select Yes, if the statement is true. Otherwise Select No.
Correct Answer:
Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
QUESTION 7 Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016. A new secunty policy states that you must modify the infrastructure to meet the following requirements: Limit the nghts of administrators. Minimize the attack surface of the forest. Support Multi-Factor authentication for administrators. You need to recommend a solution that meets the new secunty policy requirements. What should you recommend deploying? A. B. C. D.
an administrative forest domain isolation an administrative domain in contoso.com the Local Administrator Password Solution (LAPS)
Correct Answer: A Explanation: You have to "-Minimize the attack surface of the forest", then you must create another forest for administrators. https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securingprivilegedaccess-reference-material#ESAE_BM This section contains an approach for an administrative forest based on the Enhanced Security AdministrativeEnvironment (ESAE) reference architecture deployedby Microsoft's cybersecurity professional services teams to protect customers against cybersecurity attacks.Dedicated administrative forests allow organizations to host administrative accounts, workstations, and groups in an environment that has stronger security controlsthan the production environment.
QUESTION 8 You have a server named Server1 that runs Windows Server 2016. You need to identify whether any inbound rules on Server1 require that users be authenticated before they can connect to the server. Which cmdlet should you use? A. Get-NetIPSecRule Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
B. C. D. E. F. G.
Get-NetFirewallRule Get-NetFirewallProfile Get-NetFirewallSetting Get-NetFirewallPortFilter Get-NetFirewallAddressFilter Get-NetFirewallApplicationFilter
Correct Answer: B Explanation: The complete cmdlet to perform the required action:-
QUESTION 9 DRAG DROP Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2. Which four actions should you perform in sequence?
Correct Answer:
Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
QUESTION 10 Your network contains an Active Directory forest named conloso.com. The network is connected to the Internet. You have 100 point-of-sale (POS) devices that run Windows 10. The devices cannot access the Internet. You deploy Microsoft Operations Management Suite (OMS). You need to use OMS to collect and analyze data from the POS devices. What should you do first? A. B. C. D. E.
Deploy Windows Server Gateway to the network. Install the OMS Log Analytics Forwarder on the network. Install Microsoft Data Management Gateway on the network. Install the Simple Network Management Protocol (SNMP) feature on the devices. Add the Microsoft NDJS Capture service to the network adapter of the devices.
Correct Answer: B Explanation: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway OMS Log Analytics Forwarder = OMS GatewayIf your IT security policies do not allow computers on your network to connect to the Internet, such as point ofsale (POS) devices, or servers supporting IT services,but you need to connect them to OMS to manage and monitor them, they can be configured to communicatedirectly with the OMS Gateway (previous called "OMSLog Analytics Fowarder") to receive configuration and forward data on their behalf.
QUESTION 11 Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts. You plan to deploy guarded hosts.
Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
You deploy a new server named Server22 to a workgroup. You need to configure Server22 as a Host Guardian Service server. What should you do before you initialize the Host Guardian Service on Server22? A. B. C. D.
Install the Active Directory Domain Services server role on Server22. Obtain a certificate. Raise the forest functional level. Join Server22 to the domain.
Correct Answer: D Explanation: https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/guarded-fabricchoose-where-to-install-hgs The only technical requirement for installing HGS in an existing forest is that it be added to the root domain;non-root domains are not supported.
QUESTION 12 You have the Windows Server 2016 operating system images as following table.
Your company's security policy states that you must minimize the attack surface when provisioning new servers. You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment? A. B. C. D.
image1 image2 image3 image4
Correct Answer: C Explanation: https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/guarded-fabricprepare-for-hgs PrerequisitesHardware: HGS can be run on physical or virtual machines, but physical machines Guaranteed Success with EnsurePass VCE Software & PDF File
The Latest 70-744 Exam ☆ Instant Download ☆ Free Update for 180 Days
are recommended.If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers.(As a best practice for clustering, the three serversshould have very similar hardware.)Operating system: Windows Server 2016, Standard or Datacenter edition. <--- so you cannot useServer Core or Nano Server for running HostGuardian Service.Server Roles: Host Guardian Service and supporting server roles. Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwardingbetween the fabric (host) domain and the HGS domain.If you are using Admin- trusted attestation (AD mode), you will need to configure an Active Directory trustbetween the fabric domain and the HGS domain.
QUESTION 13 Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series. Start of repeated scenario Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10. You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install Windows Defender on Nano1. End of repeated scenario You need to ensure that when a configuration change is made on Nano2, Nano2 will revert back to the original configuration automatically. What should you do first? A. Enable File History for all volumes. Guaranteed Success with EnsurePass VCE Software & PDF File
EnsurePass.com Members Features: 1. 2. 3. 4. 5.
Verified Answers researched by industry experts. Q&As are downloadable in PDF and VCE format. 98% success Guarantee and Money Back Guarantee. Free updates for 180 Days. Instant Access to download the Items
View list of All Exam provided: http://www.ensurepass.com/certfications?index=A To purchase Lifetime Full Access Membership click here: http://www.ensurepass.com/user/register
Valid Discount Code 20% OFF for 2019: MMJ4-IGD8-X3QW To purchase the HOT Exams: Vendors Cisco Cisco Cisco Cisco Cisco Cisco Cisco Cisco Cisco Cisco CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA CompTIA Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft ISC
Hot Exams 100-105 200-105 200-125 200-310 200-355 300-101 300-115 300-135 300-320 400-101 220-1001 220-1002 220-901 220-902 CAS-003 LX0-103 LX0-104 N10-007 PK0-004 SK0-004 SY0-501 70-410 70-411 70-412 70-740 70-741 70-742 70-761 70-762 CISSP
Download http://www.ensurepass.com/100-105.html http://www.ensurepass.com/200-105.html http://www.ensurepass.com/200-125.html http://www.ensurepass.com/200-310.html http://www.ensurepass.com/200-355.html http://www.ensurepass.com/300-101.html http://www.ensurepass.com/300-115.html http://www.ensurepass.com/300-135.html http://www.ensurepass.com/300-320.html http://www.ensurepass.com/400-101.html http://www.ensurepass.com/220-1001.html http://www.ensurepass.com/220-1002.html http://www.ensurepass.com/220-901.html http://www.ensurepass.com/220-902.html http://www.ensurepass.com/CAS-003.html http://www.ensurepass.com/LX0-103.html http://www.ensurepass.com/LX0-104.html http://www.ensurepass.com/N10-007.html http://www.ensurepass.com/PK0-004.html http://www.ensurepass.com/SK0-004.html http://www.ensurepass.com/SY0-501.html http://www.ensurepass.com/70-410.html http://www.ensurepass.com/70-411.html http://www.ensurepass.com/70-412.html http://www.ensurepass.com/70-740.html http://www.ensurepass.com/70-741.html http://www.ensurepass.com/70-742.html http://www.ensurepass.com/70-761.html http://www.ensurepass.com/70-762.html http://www.ensurepass.com/CISSP.html
Cisco Exam Dumps CCDA
CCIE Security
200-310
300-101
300-701
400-251
CCDE
CCIE Service Provider
352-001
300-501 400-201
CCDP
CCIE Wireless
300-115
300-320
400-351
CCENT
CCNA
100-105
200-301
CCIE Collaboration
CCNA Cloud
300-801
400-051
CCIE Data Center 300-601
400-151
CCIE Enterprise Infrastructure 300-401
CCIE Enterprise Wireless 300-401
210-451
210-455
CCNA Collaboration 210-060
210-065
CCNA Cyber Ops 210-250
210-255
CCNA Data Center 200-150
200-155
CCIE Routing and Switching
CCNA Industrial
400-101
200-601
CCNA Routing & Switching 100-105
200-105
CCNP Routing & Switching 300-101 300-115
200-125
300-135
CCNA Security
CCT Data Center
210-260
010-151
CCNA Service Provider
CCT Routing & Switching
640-875
640-878
640-692
CCNA Wireless
Cisco Certified DevNet Associate
200-355
200-901
CCNP Cloud
Cisco Network Programmability Design and
300-460
300-465
Implementation Specialist
300-470
300-475
300-550
CCNP Collaboration
CCNP Enterprise
300-070 300-075
300-080
300-401
300-410
300-415
300-085 300-801
300-810
300-420
300-425
300-430
300-815 300-820
300-835
CCNP Data Center
300-435
CCNP Security
300-160 300-165
300-170
300-206
300-208
300-209
300-175 300-180
300-601
300-210
300-701
300-710
300-610 300-615
300-620
300-715
300-720
300-725
300-625
300-635
300-730 300-735
CCNP Service Provider 300-501 300-510
300-515
642-883 642-885
642-887
642-889
300-535
CCNP Wireless 300-360
300-365
300-370
300-375
Cisco Certified DevNet Professional 300-435 300-535
300-635
300-735 300-835
300-901
300-910 300-915
300-920
Cisco Certified DevNet Specialist 300-435 300-535
300-635
300-735
300-835
300-901
300-910 300-915
300-920
Cisco Network Programmability Developer Specialist 300-560
Role-based Exams Dumps Azure Security Engineer Associate
Microsoft 365 Certified Fundamentals
AZ-500
MS-900
Dynamics 365 Fundamentals
Messaging Administrator Associate
MB-900
Dynamics 365 for Marketing Functional Consultant Associate MB-200
MS-200
MS-201
MS-202
Modern Desktop Administrator Associate MD-100
MD-101
MB-220
Dynamics 365 for Field Ser vice Functional
Security Administrator Associate
Consultant Associate
MS-500
MB-200
MB-240
Dynamics 365 for Finance and Operations, Financials Functional Consultant Associate MB-300
Teamwork Administrator Associate MS-300
MS-301
MS-302
MB-310
Dynamics 365 for Finance and Operations,
Azure Administrator Associate
Manufacturing Functional Consultant
AZ-103
Associate MB-300
MB-320
Dynamics 365 for Finance and Operations,
Azure AI Engineer Associate
Supply Chain Management Functional
AI-100
Consultant Associate MB-300
MB-330
Azure Data Engineer Associate DP-200
DP-201
Azure Data Scientist Associate DP-100
Microsoft Certified Azure Fundamentals AZ-900
Azure Solutions Architect Expert AZ-300
AZ-301
Azure Developer Associate
Dynamics 365 for Customer Ser vice
AZ-203
Functional Consultant Associate MB-200
MB-230
Azure DevOps Engineer Expert
Dynamics 365 for Sales Functional Consultant
AZ-400
Associate MB-200
MB-210
MCSA Exams Dumps
BI Reporting
SQL Ser ver 2012/2014
70-778
70-461
70-779
70-462 70-463
Microsoft Dynamics 365 for Operations
Universal Windows Platform
70-764
70-483
70-765
70-357
MB6-894
SQL 2016 BI Development
Web Applications
70-767
70-480
70-768
70-483 70-486
SQL 2016 Database Administration
Windows Ser ver 2012
70-764
70-410
70-765
70-411 70-412
SQL 2016 Database Development
Windows Ser ver 2016
70-761
70-740
70-762
70-741 70-742
MCSE Exams Dumps
Business Applications
Data Management and Analytics
MB2-716
70-464
MB2-718
70-465
MB2-719
70-466
MB6-895
70-467
MB6-896
70-762
MB6-897
70-767
MB6-898
70-768 70-777
Core Infrastructure
MCSE Productivity Solutions Expert
70-744
70-345
70-745
70-339
70-413
70-333
70-414
70-334
70-537
MCSD Exams Dumps
70-357
70-486
70-487
MTA Exams Dumps
Exam 98-349
Exam 98-369
Exam 98-361
Exam 98-375
Exam 98-364
Exam 98-380
Exam 98-365
Exam 98-381
Exam 98-366
Exam 98-382
Exam 98-367
Exam 98-383
Exam 98-368
Exam 98-388
CompTIA Exam Dumps CompTIA A+ 2019
220-1001
CompTIA A+ 2019
220-1002
CompTIA A+ 2019
220-901
CompTIA A+ 2019
220-902
CompTIA Advanced Security Practitioner
CAS-003
CompTIA Cloud Essentials
CLO-001
CompTIA Cloud Essentials
CLO-002
CompTIA CySA+
CS0-001
CompTIA Cloud+
CV0-002
CompTIA IT Fundamentals
FC0-U51
CompTIA IT Fundamentals
FC0-U61
CompTIA Linux+
LX0-103
CompTIA Linux+
LX0-104
CompTIA Network+
N10-007
CompTIA Project+
PK0-004
CompTIA PenTest+
PT0-001
CompTIA Security+
SY0-501
CompTIA CTT+
TK0-201
CompTIA CTT+
TK0-202
CompTIA CTT+
TK0-203
CompTIA Linux+
XK0-004
