Securing Windows Server 2016

Here you have the best Microsoft 70-744 practice exam questions

  • You have 205 total questions to study from
  • Each page has 5 questions, making a total of 41 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on October 30, 2024
Question 1 of 205

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run

Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized

Windows image.

Does this meet the goal?

    Correct Answer: A

    Deploying 10 physical computers and configuring them as Privileged Access Workstations (PAWs) ensures that administrators have dedicated, secure machines for performing sensitive administrative tasks. Additionally, deploying 10 additional computers using the customized Windows image allows administrators to access client applications used by all users on separate machines. This approach adheres to the best practice of isolating administrative tasks from regular user activities, thereby meeting the goal.

Question 2 of 205

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run

Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy 10 physical computers and configure each one as a virtualization host. You deploy the operating system on each host by using the customized Windows image. On each host, you create a guest virtual machine and configure the virtual machine as a PAW.

Does this meet the goal?

    Correct Answer: A

    Deploying 10 physical computers and configuring each one as a virtualization host, then deploying the operating system on each host using the customized Windows image, and creating a guest virtual machine configured as a PAW meets the goal. This setup ensures that there is a separation between the host operating system and the secured PAW environment, which is essential for protecting privileged tasks. This method also allows administrators to access client applications securely within the virtual environment.

Question 3 of 205

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that run

Windows 10. All client computers are deployed from a customized Windows image.

You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.

Solution: You deploy one physical computer and configure it as Hyper-V host that runs Windows Server 2016. You create 10 virtual machines and configure each one as a PAW.

Does this meet the goal?

    Correct Answer: A

    The proposed solution meets the goal. By deploying one physical computer as a Hyper-V host running Windows Server 2016 and creating 10 virtual machines for Privileged Access Workstations (PAWs), you provide isolated environments for administrative tasks. This setup allows administrators to securely perform their duties on dedicated PAWs while utilizing client applications, ensuring that the PAWs are separate from the regular user environment to maintain security and integrity.

Question 4 of 205

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contain an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management, you create an AppLocker rule.

Does this meet the goal?

    Correct Answer: B

    AppLocker is a feature in Windows that is used for application control and whitelisting. It is designed to prevent unauthorized applications from running by creating rules to specify which applications are allowed or disallowed. However, it does not have the capability to control or block network traffic based on the network the computer is connected to. To prevent connections to a specific application when the computer is connected to a home network, a more suitable solution would involve configuring network-level rules, such as Windows Firewall with Advanced Security, where you can create rules to block traffic to specific ports based on the network profile. Therefore, using AppLocker to achieve this goal is not appropriate.

Question 5 of 205

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contain an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.

The corporate network uses the 172.16.0.0/24 address space internally.

Computer1 runs an application named App1 that listens to port 8080.

You need to prevent connections to App1 when Computer1 is connected to the home network.

Solution: From Group Policy Management, you create software restriction policy.

Does this meet the goal?

    Correct Answer: B

    To prevent connections to App1 when Computer1 is connected to the home network, configuring software restriction policies through Group Policy Management is not the appropriate solution. Software restriction policies are used to identify and control the execution of applications based on specific rules, but they do not handle network connections based on the network profile. The correct approach would be to use Windows Firewall with Advanced Security to create an inbound rule that blocks traffic on port 8080 when on the home network. This ensures that the application cannot accept connections under the specified network condition.