最新的Microsoft Securing Windows Server 2016 - 70-744免費考試真題
問題1
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題2
Your network contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named OU1.
OU1 contains a server named Server1. The properties of Server1 are shown in the Server1 exhibit. (Click the Server1 tab.)
You create a Group Policy object (GPO) linked to OU1. You configure the GPO as shown in the LAPS exhibit. (Click the LAPS tab.)
You need to ensure that the password of the local Administrator of Server1 is managed by using Local Administrator Password Solution (LAPS).
Which cmdlet should you run?
OU1 contains a server named Server1. The properties of Server1 are shown in the Server1 exhibit. (Click the Server1 tab.)
You create a Group Policy object (GPO) linked to OU1. You configure the GPO as shown in the LAPS exhibit. (Click the LAPS tab.)
You need to ensure that the password of the local Administrator of Server1 is managed by using Local Administrator Password Solution (LAPS).
Which cmdlet should you run?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題3
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. The domain has Dynamic Access Control enabled.
Server1 contains a folder named C:\Folder1. Folder1 is shared as Share1.
You need to audit all access to the contents of Folder1 from Server2. The solution must minimize the number of event log entries.
Which two audit policies should you enable on Server1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Server1 contains a folder named C:\Folder1. Folder1 is shared as Share1.
You need to audit all access to the contents of Folder1 from Server2. The solution must minimize the number of event log entries.
Which two audit policies should you enable on Server1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
正確答案: A,D
說明:(僅 VCESoft 成員可見)
問題4
Your network contains an Active Directory domain. All the computers in the domain are configured for the Local Administrator Password Solution (LAPS). The Group Policy object (GPO) settings for LAPS are configured as shown in the exhibit. (Click the
You provide a technician with the local administrator password for a computer named Computer1.
What is the maximum amount of time the password will be valid?
You provide a technician with the local administrator password for a computer named Computer1.
What is the maximum amount of time the password will be valid?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題5
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named constoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You need to create an Encrypting File System (EFS) data recovery certificate and then add the certificate as an EFS data recovery agent on Server5.
What should you use on Server5? To answer, select the appropriate options in the answer area.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named constoso.com. The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You need to create an Encrypting File System (EFS) data recovery certificate and then add the certificate as an EFS data recovery agent on Server5.
What should you use on Server5? To answer, select the appropriate options in the answer area.
正確答案:
Explanation
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea
https://www.rootusers.com/configure-efs-recovery-agent/
問題6
Your network contains an Active Directory domain named contoso.com. All client computers run Windows
10.
You plan to deploy a Remote Desktop connection solution for the client computers.
You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.
You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.
Solution: You deploy the Remote Desktop connection solution by using Server4.
Does this meet the goal?
10.
You plan to deploy a Remote Desktop connection solution for the client computers.
You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.
You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.
Solution: You deploy the Remote Desktop connection solution by using Server4.
Does this meet the goal?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題7
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2. Server1 and Server2 run Windows Server 2016.
Contoso.com trusts adatum.com.
You plan to deploy shielded virtual machines to Server1.
Which component should you install and which cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.
Contoso.com trusts adatum.com.
You plan to deploy shielded virtual machines to Server1.
Which component should you install and which cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.
正確答案:
Explanation
Key for this question is Admin-trusted attestation or (AD mode) for guarded fabric "Server1.contoso.com", whileServer2.adatum.com is running the Host Guardian Service.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricguar
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricconfi st-successfully
Key for this question is Admin-trusted attestation or (AD mode) for guarded fabric "Server1.contoso.com", whileServer2.adatum.com is running the Host Guardian Service.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricguar
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricconfi st-successfully
問題8
Your network contains an Active Directory domain named contoso.com.
The domain contains 10 computers that are in an organizational unit (OU) named OU1.
You deploy the Local Administrator Password Solution (LAPS) client to the computers.
You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy settings in GPO1.
You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.
Which two actions should you perform? Each correct answer presents part of the solution.
The domain contains 10 computers that are in an organizational unit (OU) named OU1.
You deploy the Local Administrator Password Solution (LAPS) client to the computers.
You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy settings in GPO1.
You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.
Which two actions should you perform? Each correct answer presents part of the solution.
正確答案: A,B
問題9
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network You need to view the password of the local administrator of a server named Server5.
Which tool should you use?
You deploy the Local Administrator Password Solution (LAPS) to the network You need to view the password of the local administrator of a server named Server5.
Which tool should you use?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題10
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
A technician is testing the deployment of Credential Guard on Server1.
You need to verify whether Credential Guard is enabled on Server1.
What should you do?
A technician is testing the deployment of Credential Guard on Server1.
You need to verify whether Credential Guard is enabled on Server1.
What should you do?
正確答案: C
