January 6, 2020

[2020 Update]Here is the best dumps for the Microsoft MCSE 70-744 exam

By admin

Will 70-744 dumps possibly help you prepare to pass the 70-744 exam? Yes of course.Pass4itsure provided with the best and most updated 70-744 dumps: https://www.pass4itsure.com/70-744.html Pass4itsure knows your time and money very well, that’s why Pass4itsure gives you the best talent dump with all the questions and answers outlined and verified by IT professionals. They provide all the practice questions that will appear in the actual exam, so you can easily get a score of 90% or more on your first try.

Get New 70-744 PDF Questions Answers (2020,free)

New 70-744 PDF Questions Answers

Microsoft 70-744 PDF Dumps

Microsoft MCSE 70-744 PDF Dumps Free Download( Google Drive )
https://drive.google.com/open?id=1_BS2WnTI1rLZZiQ07KtgCWhPiOPWkrSf

Latest MCSE 70-744 Exam Practice test Questions and answers

Microsoft 70-744 securing windows server 2016 practice test online

QUESTION 1
You plan to implement a guarded fabric in TPM-trusted attestation mode. The fabric will contain a three-node Host
Guardian Service (HGS) cluster and four guarded hosts.
All the hosts will have matching hardware and will run the same workload.
You need to add the hosts to the HGS cluster.
What is the minimum number of times you must run each cmdlet to implement the HGS cluster? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Pass4itsure 70-744 exams questions-q1

Correct Answer:

Pass4itsure 70-744 exams questions-q1-2

References: https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabrictpm-trusted-attestation-capturing-hardware

QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named
Server1 that runs Windows Server 2016.
A domain-based Group Policy object (GPO) is used to configure the security policy of Server1.
You plan to use Security Compliance Manager (SCM) 4.0 to compare the security policy of Server1 to the WS2012 DNS
Server Security 1.0 baseline.
You need to import the security policy into SCM. What should you do first?
A. From Security Configuration and Analysis, use the Export Template option.
B. Run the Copy-GPO cmdlet and specify the -TargetName parameter.
C. Run the Backup-GPO cmdlet and specify the -Path parameter.
D. Run the secedit.exe command and specify the/export parameter.
Correct Answer: C
https://technet.microsoft.com/en-us/library/ee461052.aspx Backup-GPO cmdlet and specify the -Path parameter creates
a GPO backup folder with GUID name and issuitable to import to SCM 4.0

QUESTION 3
You have the servers configured as shown in the following table.

Pass4itsure 70-744 exams questions-q3

You purchase a Microsoft Azure subscription, and you create three Microsoft Operations Management Suite (OMS)
workspaces named Workspace1, Workspace2, and Workspace3 You need to deploy Microsoft Monitoring Agent to the
servers to meet the following requirements:
-Antimalware data from all the servers must be visible in Workspace1.
-Security and audit data from the domain controllers and the virtualization hosts must be visible in Workspace2.
-System update data from all the servers in all the workgroups must be visible in Workspaceand
How many OMS agents should you deploy?
A. 10
B. 33
C. 73
D. 45
Correct Answer: C
-Antimalware data from all the servers must be visible in Workspace1.-Security and audit data from the domain
controllers and the virtualization hosts must be visible in Workspace2.-System update data from all the servers in all the
workgroups must be visible in Workspaceand”All the servers” mean all 5 domain controllers, plus all member servers
(physical and virtual, domain andworkgroup) and virtualization hosts, so there are noexemptions.All servers in the above
table mentioned must install OMS Microsoft Monitoring agents

QUESTION 4
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
ADDS Authentication Policy does not provide ability to prevent the use of NTLM authentication.

QUESTION 5
Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.
A. Spam messages received by DBA1.
B. Phishing attempts that targeted DBA1
C. The last time DBA1 experienced a failed logon attempt
D. Domain computers into which DBA1 recently signed.
E. Servers that DBA1 recently accessed.
Correct Answer: CDE
https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-threatsSuspicious authentication failures (Behavioral
brute force)Attackers attempt to use brute force on credentials to compromise accounts.ATA raises an alert when
abnormal failed authentication behavior is detected.Abnormal behaviorLateral movement is a technique often used by
attackers, to move between devices and areas in the victim\\’snetwork to gain access to privileged credentials
orsensitive information of interest to the attacker. ATA is able to detect lateral movement by analyzing thebehavior of
users, devices and their relationship inside thecorporate network, and detect on any abnormal access patterns which
may indicate a lateral movementperformed by an attacker. https://gallery.technet.microsoft.com/ATA-Playbookef0a8e38/view/ReviewsATA Suspicious Activity Playbook Page 35 Action: Attempt to authenticate to DC1

QUESTION 6
Your network contains an Active Directory domain named contoso.com. You plan to implement encryption on a file
server named Server1. Server1 has TPM 2.0 and uses Secure Boot Server1 has the volumes configured as shown in
the

Pass4itsure 70-744 exams questions-q6

following table.
You need to encrypt the contents of volumes C and G. The solution must use the highest level of security possible.
What should you use to encrypt the contents of each volume? To answer, drag the appropriate encryption options to the
correct volumes. Each encryption option may be used once, more than once, or not at all. You may need to drag the
split
bar between panes or scroll to view content.
Select and Place:

Pass4itsure 70-744 exams questions-q6-2

Correct Answer:

Pass4itsure 70-744 exams questions-q6-3

QUESTION 7
Your network contains an Active Directory domain named contoso.com.
The domain contains a computer named Computer1 that runs Windows 10.
Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally.
Computer1 runs an application named App1 that listens to port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate
network.
Solution: You run the command New-NetFirewallRule -DisplayName “Rule1” -Direction Inbound -Program
“D:\\Apps\\App1.exe” -Action Allow -Profile Domain
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Tested correct cmdlet, worked, and the profile “Domain” for corporate network is also correct.

Pass4itsure 70-744 exams questions-q7

QUESTION 8
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run
either Windows Server 2012 or Windows Server 2012 R2.
You plan to implement Just Enough Administration (JEA) to manage all of the servers.
What should you install on each server to ensure that the servers can be managed by using JEA?
A. Remote Server Administration Tools (RSAT)
B. Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
C. Management Odata Internet Information Services (IIS) Extension
D. Windows Management Framework 5.0
Correct Answer: D
https://msdn.microsoft.com/en-us/library/dn896648.aspxGet JEAThe current release of JEA is available on the following
platforms:Windows ServerWindows Server 2016 Technical Preview 5 and higherWindows Server 2012 R2, Windows
Server 2012, and Windows Server 2008 R2* with WindowsManagement Framework 5.0 installed

QUESTION 9
You have a server named Server1 that runs Windows Server 2016.
You need to identify whether ICMP traffic is exempt from IPsec on Server1.
Which cmdlet should you use?
A. Get-NetIPSecRule
B. Get-NetFirewallRule
C. Get-NetFirewallProfile
D. Get-NetFirewallSetting
E. Get-NetFirewallPortFilter
F. Get-NetFirewallAddressFilter
G. Get-NetFirewallSecurityFilter
H. Get-NetFirewallApplicationFilter
Correct Answer: D
The Get-NetFirewallSetting cmdlet retrieves the global firewall settings of the target computer.The NetFirewallSetting
object specifies properties that apply to the firewall and IPsec settings, no matter which network profile is currently in
use.The global configurations include viewing the active profile, exemptions, specified certification validation levels,and
user and computer authorization lists.

Pass4itsure 70-744 exams questions-q9

QUESTION 10
You have 10 Hyper-V hosts that run Windows Server 2016.
Each Hyper-V host has eight virtual machines that run a distributed web application named App1. You plan to
implement a Software Load Balancing (SLB) solution for client access to App1.
You deploy two new virtual machines named SLB1 and SLB2.
You need to install the required components on the Hyper-V hosts and the new servers for the planned implementation.
Which components should you install? Select the Appropriate in selection area.
Hot Area:

Pass4itsure 70-744 exams questions-q10

Correct Answer:

Pass4itsure 70-744 exams questions-q10-2

Component to install on SLB1 and SLB2: SLB Multiplexer (MUX)
Component to install on each Hyper-V host:SLB Host Agent
https://blogs.technet.microsoft.com/tip_of_the_day/2016/06/28/tip-of-the-day-demystifying-software-definednetworkingterms-the-components/ https://technet.microsoft.com/en-us/library/mt632286.aspxSLB Host Agent ?When you deploy
SLB, you must use System Center, Windows PowerShell, or anothermanagement application to deploy the SLB Host
Agent on every Hyper-V host computer.You can install the SLB Host Agent on all versions of Windows Server 2016 that
provide Hyper-V support,including Nano Server.SLB MUX ?Part of the Software Load Balancer (SLB on Windows
Server 2016, the SLB MUX processesinbound network traffic and maps VIPs (virtual IPs) toDIPs (datacenter IPs), then
forwards the traffic to the correct DIP. Each MUX also uses BGP to publish VIProutes to edge routers. BGP Keep Alive
notifies MUXeswhen a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure ?
essentiallyproviding load balancing for the load balancers.

Pass4itsure 70-744 exams questions-q10-3

QUESTION 11
You have a Host Guardian Service (HGS) and a guarded host.
You have a VHDX file that contains an image of Windows Server 2016.
You need to provision a virtual machine by using a shielded template.
Which three files should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a TPM baseline policy file
B. a TPM identifier file
C. a shielding data .pdk file
D. a signature for the .vhdx file
E. an unattended.xml file
Correct Answer: CDE
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-create-a-shieldedvm-template https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabrictenantcreates-shielding-data

QUESTION 12
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016.
You need to prevent direct .NET scripts invoked by interactive Windows PowerShell sessions from running on the servers.
What should you do for each server?
A. Create an AppLocker rule.
B. Create a Code Integrity rule.
C. Disable PowerShell Remoting.
D. Modify the local Kerberos policy settings.
Correct Answer: C

QUESTION 13
You have a server named Server1 that runs Windows Server 2016.
You need to install Security Compliance Manager (SCM) 4.0 on Server1.
What should you install on Server1 first?
A. the .NET Framework 3.5 Features feature
B. the Active Directory Rights Management Services server role
C. the Remote Server Administration Tools feature
D. the Group Policy Management feature
Correct Answer: A

Pass4itsure | January Offer : 12% OFF

Pass4itsure 70-744 exam discount

Use Above Discount Coupon Code “2020PASS” to Get 13% Discount when purchasing any new exam products from pass4itsure.com.

Microsoft 70-744 Study Guide Content Orientation

If you have learned solid “Securing Windows Server 2016” and practiced it, you should be able to pass the test.

  • Implement Server Hardening Solutions (25-30%)
  • Secure a Virtualization Infrastructure (5-10%)
  • Secure a Network Infrastructure (10-15%)
  • Manage Privileged Identities (25-30%)
  • Implement Threat Detection Solutions (15-20%)
  • Implement Workload-Specific Security (5-10%)

Get Link : https://www.microsoft.com/en-us/learning/exam-70-744.aspx

More Microsoft exams you might be interested in!

With Pass4itsure, you’ll get all the latest questions and answers about the Microsoft 70-744 exam. We believe you can achieve high marks with excellent results in the 70-744 exam. https://www.pass4itsure.com/70-744.html With Pass4itsure, you’ll get all the latest questions and answers about the Microsoft 70-744 exam. We believe you can achieve high marks with excellent results in the 70-744 exam.