[23-Aug-2019 Update] Exam 70-744 VCE Dumps and 70-744 PDF Dumps from PassLeader

Valid 70-744 Dumps shared by PassLeader for Helping Passing 70-744 Exam! PassLeader now offer the newest 70-744 VCE dumps and 70-744 PDF dumps, the PassLeader 70-744 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader 70-744 dumps with VCE and PDF here: https://www.passleader.com/70-744.html (231 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader 70-744 dumps from Cloud Storage: https://drive.google.com/open?id=0B-ob6L_QjGLpNVZKQ21OR3pCc0U

NEW QUESTION 212
Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server 2016. You deploy a new forest named Priv and set the forest functional level to Windows Server 2016. You need to implement Privileged Access Management (PAM). What should you do next?

A.    Install Microsoft Identity Manager (MIM) on a server in the Priv forest.
B.    Install Microsoft Identity Manager (MIM) in the Corp forest.
C.    Create shadow accounts in the Priv forest.
D.    Create shadow accounts in the Corp forest.

Answer: C
Explanation:
https://www.petri.com/windows-server-2016-set-privileged-access-management

NEW QUESTION 213
Your network contains an Active Directory forest named contoso.com. You deploy another Active Directory forest named admin.contoso.com. You create a trust relationship between the two forests. The trust relationship has the following configurations:
– SID history is disabled
– SID filtering is disabled
You need to implement Privileged Access Management (PAM) and to specify admin.contoso.com as an administrative forest. What should you do?

A.    Run netdom.exe and specify the /quarantine switch.
B.    Enable SID filtering on the trust.
C.    Run netdom.exe and specify the /transitive switch.
D.    Enable SID history on the trust.

Answer: C
Explanation:
https://www.petri.com/windows-server-2016-set-privileged-access-management

NEW QUESTION 214
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. You deploy five servers to the perimeter network. All of the servers run Windows Server 2016 and are the members of a workgroup. You need to apply a security baseline named Perimeter.inf to the servers in the perimeter network. What should you use to apply Perimeter.inf?

A.    Security Configuration and Analysis
B.    Group Policy Management
C.    System Configuration
D.    Server Manager

Answer: A
Explanation:
https://4sysops.com/archives/security-compliance-manager-deploy-baselines/#deploy-a-baseline-to-a-workgroup-server

NEW QUESTION 215
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a generation 2 virtual machine named VM1 that runs Windows 10. You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C on VM1. What should you do?

A.    From the settings of VM1, configure Integration Services.
B.    From Server1, configure the Enforce drive encryption type on fixed data drives Group Policy setting.
C.    From the settings of VM1, enable a Trusted Platform Module(TPM).
D.    From the settings of VM1, enable Secure Boot.

Answer: C
Explanation:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/generation-2-virtual-machine-security-settings-for-hyper-v

NEW QUESTION 216
You have a Host Guardian Service (HGS) and a guarded host. You have a VHDX file that contains an image of Windows Server 2016. You need to provision a virtual machine by using a shielded template. Which three files should you create? (Each correct answer presents part of the solution. Choose three.)

A.    a TPM baseline policy file
B.    a TPM identifier file
C.    a shielding data .pdk file
D.    a signature for the .vhdx file
E.    an unattended .xml file

Answer: CDE
Explanation:
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-create-a-shielded-vm-template
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-tenant-creates-shielding-data

NEW QUESTION 217
You deploy Windows Server 2016 to a server named Server1. You need to ensure that you can run Windows Containers on Server1.
Solution: On server1, you install the DockerMsftProvider PowerShell and the Docker package. You restart the server.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
Explanation:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/deploy-containers-on-server

NEW QUESTION 218
Your network contain an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network. The corporate network uses the 172.16.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080. You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Windows Firewall with Advanced Security, you create an inbound rule.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
Explanation:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd421709(v=ws.10)#what-is-an-inbound-rule

NEW QUESTION 219
You work for a hosting company named Contoso, Ltd. Contoso has multiple Hyper-V hosts that run Windows Server 2016. You are configuring Software Defined Networking (SDN). You need to configure Datacenter Firewall to control the traffic to virtual machines. Which cmdlet should you use?

A.    Set-Acl
B.    Grant-VMConnectAccess
C.    New-NetworkControllerAccessControlList
D.    New-NetFirewallRule

Answer: C
Explanation:
https://docs.microsoft.com/en-us/windows-server/networking/sdn/manage/configure-datacenter-firewall-acls
https://docs.microsoft.com/en-us/powershell/module/networkcontroller/new-networkcontrolleraccesscontrollist?view=win10-ps

NEW QUESTION 220
Your network contains an Active Directory forest named contoso.com. The functional level of the forest and the domain is Windows Server 2012 R2. You plan to use Local Administrator Password Solution (LAPS) for all member servers. You need to prepare the forest for LAPS. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Run the Set-AdmPwdComputerSelfPermission cmdlet.
B.    Install the LAPS client-side extension on all domain controllers.
C.    Run the Update-AdmPwdADSchema cmdlet.
D.    Run the Set-AdmPwdAuditing cmdlet.
E.    Deploy an enterprise certification authority (CA).

Answer: AC
Explanation:
https://blog.thesysadmins.co.uk/deploying-microsoft-laps-part-1.html

NEW QUESTION 221
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2016. A Group Policy object (GPO) named GPO1 is applied to all of the domain controllers. GPO1 has a Globally Unique Identifier (GUID) of 6AC1786C-016F-11D2-945F-00C04fB984F9. You need to create a new baseline that contains the settings from GPO1. What should you do first?

A.    Copy the \\contoso.com\sysvol\contoso.com\Policies\{6AC1786C-016F-11D2-945F-00CO4fB984F9} folder to Server1.
B.    From Windows PowerShell, run the Backup-GPO cmdlet.
C.    Modify the permissions of the \\contoso.com\sysvol\contoso.com\Policies\6AC1786-016F-11D2-945F-00C04fB984F9) folder.
D.    From Windows PowerShell, run the Copy-GPO cmdlet.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/powershell/module/grouppolicy/backup-gpo?view=win10-ps

NEW QUESTION 222
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. A technician is testing the deployment of Credential Guard on Server1. You need to verify whether Credential Guard is enabled on Server1. What should you do?

A.    From Control Panel, open Credential Manager, and review the list of Windows Credentials.
B.    From System Information, review System Summary.
C.    From a command prompt, run the tsecimp.exe command.
D.    From Server Manager, click Local Server, and review the properties of Server1.

Answer: B
Explanation:
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage

NEW QUESTION 223
You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a generation 2 virtual machine named VM1 that runs Windows 10. You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C on VM1. What should you do?

A.    From VM1, configure the require additional authentication at startup Group Policy setting.
B.    From the settings of VM1, enable Secure Boot.
C.    From Server1, install the BitLocker feature.
D.    From VM1, configure the Enforce drive encryption type on fixed data drives Group Policy setting.

Answer: A
Explanation:
https://www.dell.com/support/article/za/en/zadhs1/sln171842/using-the-group-policy-editor-to-enable-bitlocker-authentication-in-the-pre-boot-environment-for-windows-7-8-8-1-10?lang=en

NEW QUESTION 224
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com. You deploy five servers to the perimeter network. All of the servers run Windows Server 2016 and are the members of a workgroup. You need to apply a security baseline named Perimeter.inf to the servers in the perimeter network. What should you use to apply Perimeter.inf?

A.    System Configuration
B.    Microsoft Security Compliance manager (SCM) 4.0
C.    Security Templates
D.    Local Computer Policy

Answer: C

NEW QUESTION 225
Your network contains an Active Directory domain named contoso.com. All DNS servers host an Active Directory-integrated zone for the domain that is DNSSEC-signed. All the DNS servers have a trust anchor installed for a DNS zone named fabrikam.com. For all the computers in the domain, you configure a name resolution policy that enforces DNSSEC validation for the contoso.com and fabrikam.com DNS namespaces. You need to verify whether the trust anchor is valid. What should you do?

A.    On a domain-joined computer, run Resolve-DnsName to query a DNS server that hosts the fabrikam.com zone for a DNS record in the fabrikam.com zone.
B.    On a domain-joined computer, run Resolve-DnsName to query a domain controller for a DNS record in the fabrikam.com zone.
C.    On a domain-joined computer, run Get-DnsServerZone.
D.    On a domain controller, run Get-DnsServerDnsZoneSetting.

Answer: A
Explanation:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn593652(v%3Dws.11)

NEW QUESTION 226
You have a server named Server1. You need to configure PowerShell logging to capture dynamic code generation. The solution must minimize the number of events that are logged. What should you configure?

A.    protected event logging
B.    script block logging
C.    module logging
D.    system-wide transcription

Answer: C
Explanation:
https://www.rootusers.com/enable-and-configure-module-script-block-and-transcription-logging-in-windows-powershell/

NEW QUESTION 227
You have several virtual machines that run in a hosted data center on Hyper-V hosts. The hosting provider recently updated the service offering in its Hyper-V environment to include a new Host Guardian Service (HSG). You plan to use the Shielding Data File Wizard to create a data file that will include password information and an RDP file. The file will be used to create new shielded virtual machines in the fabric of the hosting provider. What do you require from the hosting provider to complete the wizard?

A.    an XML file that contains the names of all the Hyper-V hosts in the fabric
B.    an XML file that contains virtual machine configuration data from the Hyper-V hosts
C.    a CER file that contains a certificate from the provider
D.    an XML file that contains guardian metadata

Answer: D
Explanation:
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-tenant-creates-shielding-data

NEW QUESTION 228
Drag and Drop
Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2016. The domain contains a member server named Server1. You test Code Integrity on Server1 in audit mode. You need to enforce the Code Integrity levels on all the Windows Server 2016 servers in the domain. Which four actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
PassLeader-70-744-Exam-Dumps-2281

Answer:
PassLeader-70-744-Exam-Dumps-2282
Explanation:
https://blogs.technet.microsoft.com/datacentersecurity/2018/03/10/default-code-integrity-policy-for-windows-server/

NEW QUESTION 229
Hotspot
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2, that is configured for Admin-trusted attestation. Server1 and Server2 run Windows Server 2016. Contoso.com trusts adatum.com. You plan to deploy shielded virtual machines to Server1. Which component should you install and which cmdlet should you run on Server1? (To answer, select the appropriate options in the answer area.)
PassLeader-70-744-Exam-Dumps-2291

Answer:
PassLeader-70-744-Exam-Dumps-2292
Explanation:
https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server-2016-and-host-guardian-service-for-shielded-vms/
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-guarded-host-prerequisites

NEW QUESTION 230
……


Get the newest PassLeader 70-744 VCE dumps here: https://www.passleader.com/70-744.html (231 Q&As Dumps)

And, DOWNLOAD the newest PassLeader 70-744 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=0B-ob6L_QjGLpNVZKQ21OR3pCc0U