How can I pass the 70-744 exam? LatestVCE shares the latest and effective
Microsoft MCSE 70-744 exam questions and answers, online practice tests,
and the most authoritative Microsoft exam experts update 70-744 exam questions throughout the year. Get the full 70-744 exam dumps selection: https://www.leads4pass.com/70-744.html (242 Q&As). Pass the exam with ease!
Table of Contents:
- Latest Microsoft MCSE 70-744 google drive
- Effective Microsoft 70-744 exam practice questions
- Related 70-744 Popular Exam resources
- Lead4Pass Year-round Discount Code
- What are the advantages of Lead4pass?
Latest Microsoft 70-744 google drive
[PDF] Free Microsoft 70-744 pdf dumps download from Google Drive: https://drive.google.com/open?id=1Jx2haiw2G8Vl2xgjukmxtIB5Xvw7K0L7
Exam 70-744: Securing Windows Server 2016 – Microsoft:https://www.microsoft.com/en-us/learning/exam-70-744.aspx
Skills measured
This exam measures your ability to accomplish the technical tasks listed below.
- Implement Server Hardening Solutions (25-30%)
- Secure a Virtualization Infrastructure (5-10%)
- Secure a Network Infrastructure (10-15%)
- Manage Privileged Identities (25-30%)
- Implement Threat Detection Solutions (15-20%)
- Implement Workload-Specific Security (5-10%)
Who should take this exam?
Candidates for this exam secure Windows Server 2016 environments. Candidates are familiar with the methods and technologies used to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines and Guarded Fabric.
Candidates manage the protection of Active Directory and Identity infrastructures and manage privileged identities using Just in Time (JIT) and Just Enough Administration (JEA) approaches, as well as implement Privileged Access Workstations (PAWs) and secure servers using the Local Administrator Password Solution (LAPS).
Candidates should also be able to use threat detection solutions such as auditing access, implementing Advanced Threat Analytics (ATA), deploying Operations Management Suite (OMS) solutions, and identifying solutions for specific workloads.
Latest updates Microsoft 70-744 exam practice questions
QUESTION 1
Your company has an accounting department.
The network contains an Active Directory domain named contoso.com. The domain contains 10 servers.
You deploy a new server named Server11 that runs Windows Server 2016.
Server11 will host several network applications and network shares used by the accounting department.
You need to recommend a solution for Server11 that meets the following requirements:
-Protects Server11 from address spoofing and session hijacking
-Allows only the computers in We accounting department to connect to Server11
What should you recommend implementing?
A. AppLocker rules
B. Just Enough Administration (JEA)
C. connection security rules
D. Privileged Access Management (PAM)
Correct Answer: C
In IPsec connection security rule, the IPsec protocol verifies the sending host IP address by utilize integrity functions like
Digitally signing all packets.If unsigned packets arrives Server11, those are possible source address spoofed packets,
when usingconnection security rule in-conjunction with inbound firewallrules, you can kill those un-signed packets with
the action “Allow connection if it is secure” to prevent spoofingand session hijacking attacks.
QUESTION 2
You have a server named Server1 that runs Windows Server 2016 and is configured as a DNS server. You deed to
ensure that Server1 can validate records from public DNSSEC-signed DNS zones. What should you do?
A. From DNS Manager, sign a zone.
B. From DNS Manager select Enable DNSSEC validation for remote responses
C. From PowerShell, run Add-DnsServerResourceRecordDnsKey.
D. From DNS Manager, add a trust anchor.
Correct Answer: B
QUESTION 3
Your network contains an Active Directory domain named conioso.com. The domain contains 1,000 client computers
that run Windows 8.1 and 1,000 client computers that run Windows 10.
You deploy a Windows Server Update Services (WSUS) server. You create a computer group tor each organizational
unit (OU) that contains client computers. You configure all of the client computers to receive updates from WSUS.
You discover that all of the client computers appear m the Unassigned Computers computer group in the Update
Services console.
You need to ensure that the client computers are added automatically to the computer group that corresponds to the
location of the computer account in Active Directory.
Which two actions should you perform? Each correct answer presents part of the solution.
A. From Group Policy objects (GPOs), configure the Enable client-side targeting setting.
B. From the Update Services console, configure the Computers option.
C. From Active Directory Users and Computers, create a domain local distribution group for each WSUS computer
group.
D. From Active Directory Users and Computers, modify the flags attnbute of each OU.
E. From the Update Services console, run the WSUS Server Configuration Wizard.
Correct Answer: AB
QUESTION 4
You have two servers named Server1 and Server2 that run Windows Server 2016. The servers are in a workgroup.
You need to create a security template that contains the security settings of Server1 and to apply the template to
Server2. The solution must minimize administrative effort.
Which snap-in should you use for each server? To answer, drag the appropriate snap-ins to the correct servers. Each
snap-in may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
References: https://www.windows-server-2012-r2.com/security-templates.html
QUESTION 5
Note: This question is port of a series of questions that use the same or similar answer choices. An answer choice may
be correct for more than one question In the series. Each question is Independent of the other questions In this series.
Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016 and a Nano Server named Nano1.
Nano1 has two volumes named C and D.
You are signed in to Server1.
You need to configure Data Deduplication on Nano1.
Which tool should you use?
A. File Explorer
B. Shared Folders
C. Server Manager
D. Disk Management
E. Storage Explorer
F. Computer Management
G. System Configuration
H. File Server Resource Manager (FSRM)
Correct Answer: C
Either use PowerShell Remoting to Nano1 and use “Enable-DedupVolume” cmdlet, however ,there is no such choice for
this question; orFrom Server1, connect it\\’s server manager to remotely manage Nano1 and enable Data Deduplication
forvolumes on Nano1 https://channel9.msdn.com/Series/Nano-Server-Team/Server-Manager-managing-Nano-Server
QUESTION 6
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Server Update Services
server role installed.
Windows Server Update Services (WSUS) updates for Server1 are stored on a volume named D. The hard disk that
contains volume D fails.
You replace the hard disk. You recreate volume D and the WSUS folder hierarchy in the volume.
You need to ensure that the updates listed in the WSUS console are available in the WSUS folder. What should you
run?
A. wsusutil.exe /import
B. wsusutil.exe /reset
C. Set-WsusServerSynchronization
D. Invoke-WsusServerCleanup
Correct Answer: B
https://technet.microsoft.com/en-us/library/cc720466%28v=ws.10%29.aspx?f=255and MSPPError=-2147217396
WSUSutil.exe is a tool that you can use to manage your WSUS server from the command line. WSUSutil.exeis located
in the % drive%\\Program Files\\UpdateServices\\Tools folder on your WSUS server.You can run specific commands
with WSUSutil.exe to perform specific functions, as summarized in thefollowing table.The syntax you would use to run
WSUSutil.exe with specific commands follows the table.
QUESTION 7
You have a server named Server1 that runs Windows Server 2016. Windows Defender on Server1 has the following
configurations.
Server1 has the following files:
1.
C:\Folder1\File1.exe
2.
C:\Folder2\File2.bat
3.
C:\Folder2\File3.com
Which files will be scanned for malware?
A. File1.exe and File3.com only
B. File2.bat only
C. File1.exe, File2.bat, and File3.com
D. File1.exe only
E. File2.bat and File3.com only
F. File3.com only
Correct Answer: E
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus
QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You manage a file server that runs Windows Server 2016. The file server contains the volumes configured as shown in
the following table.
You need to encrypt DevFiles by using BitLocker Drive Encryption (ButLocker). Solution: You run the manage-bde.exe
command and specify the -on parameter. Does this meet the goal?
A. Yes
B. No
Correct Answer: A
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-on
QUESTION 9
Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual
machines.
You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on
Server1.
You need to ensure that you can host shielded virtual machines on Server1.
What should you install on Server1?
A. Host Guardian Hyper-V Support
B. BitLocker Network Unlock
C. the Windows Biometric Framework (WBF)
D. VM Shielding Tools for Fabric Management
Correct Answer: A
This questions mentions “The domain contains several shielded virtual machines.”, which indicates a working Host
Guardian Service deployment was completed. https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabricshielded-vm/guarded-fabricguarded-host-prerequisites For a new Hyper-V server to utilize an existing Host
Guardian Service, install the “Host Guardian Hyper-V Support”.
QUESTION 10
HOTSPOT
Your data center contains 10 Hyper-V hosts that host 100 virtual machines.
You plan to secure access to the virtual machines by using the Datacenter Firewall service.
You have four servers available for the Datacenter Firewall service. The servers are configured as shown in the
following table.
Which server role should you deploy? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
You need to install the required server roles for the planned deployment.
https://docs.microsoft.com/en-us/windows-server/networking/sdn/plan/installation-and-preparation-requirements-for-deploying-network-controller https://docs.microsoft.com/en-us/windows-server/networking/sdn/technologies/network-controller/install-the-network-controller-server-role-using-server-manager
QUESTION 11
You have two servers named Setver1 and Server2 that run Windows Server 2016 and are in a workgroup. Server1 is
used as a reference computer to configure the security baseline for the other computers in the workgroup.
You need to apply the Group Policy computer settings of Server1 to Server2.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1
that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Kerberos Policy. Does this meet the goal?
A. Yes
B. No
Correct Answer: B
References: https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/
QUESTION 13
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named
Server1 that runs Windows Server 2016.
A domain-based Group Policy object (GPO) is used to configure the security policy of Server1.
You plan to use Security Compliance Manager (SCM) 4.0 to compare the security policy of Server1 to the WS2012 DNS
Server Security 1.0 baseline.
You need to import the security policy into SCM. What should you do first?
A. From Security Configuration and Analysis, use the Export Template option.
B. Run the Copy-GPO cmdlet and specify the -TargetName parameter.
C. Run the Backup-GPO cmdlet and specify the -Path parameter.
D. Run the secedit.exe command and specify the/export parameter.
Correct Answer: C
https://technet.microsoft.com/en-us/library/ee461052.aspx Backup-GPO cmdlet and specify the -Path parameter creates
a GPO backup folder with GUID name and issuitable to import to SCM 4.0
Related 70-744 Popular Exam resources
| title | youtube | Microsoft | lead4pass | Lead4Pass Total Questions | related Microsoft blog | |
|---|---|---|---|---|---|---|
| Microsoft MCSE | lead4pass 70-744 dumps pdf | lead4pass 70-744 youtube | Securing Windows Server 2016 | https://www.leads4pass.com/70-744.html | 242 Q&A | Jrocam microsoft mcse 70-744 exam dumps |
Lead4Pass Year-round Discount Code
What are the advantages of Lead4pass?
Lead4pass employs the most authoritative exam specialists from Microsoft, Cisco, CompTIA, Oracle, EMC, etc. We update exam data throughout the year. Highest pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!
Summarize:
It’s not easy to pass the Microsoft 70-744 exam, but with accurate learning materials and proper practice, you can crack the exam with excellent results. https://www.leads4pass.com/70-744.html provides you with the most relevant learning materials that you can use to help you prepare.
![[November new] CheckPoint 156-585 dumps with PDF and VCE from Lead4Pass](https://www.latestvce.com/wp-content/themes/blogstream/img/thumb-medium.png)
