Microsoft Securing Windows Server 2016 - 70-744무료 덤프문제 풀어보기
You run the Windows PowerShell commands as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Explanation
References:
https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server-2016-and-host-guardian-serv
https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-troublesho
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2016.Server1 has a shared folder named Share1.
You plan to create a subfolder in Share1 for each domain user.
You need to limit each user to using 100 MB of data in their respective subfolder.
The solution must enable the users to be notified when they use 80 percent of the available space in the subfolder.
Which tool should you use?
You plan to create a subfolder in Share1 for each domain user.
You need to limit each user to using 100 MB of data in their respective subfolder.
The solution must enable the users to be notified when they use 80 percent of the available space in the subfolder.
Which tool should you use?
정답: H
HOTSPOT
You manage a guarded fabric in TPM-trusted attestation mode.
You plan to create a virtual machine template disk for shielded virtual machines.
You need to create the virtual machine disk that you will use to generate the template.
How should you configure the disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You manage a guarded fabric in TPM-trusted attestation mode.
You plan to create a virtual machine template disk for shielded virtual machines.
You need to create the virtual machine disk that you will use to generate the template.
How should you configure the disk? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-conf
https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-conf
https://docs.microsoft.com/en-us/system-center/dpm/what-s-new-in-dpm-2016?view=sc-dpm-1801
You are implementing Privileged Access Management (PAM) for an Active Directory forest named contoso.com.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in adatum.com.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in adatum.com.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment Production forest is contoso.comBastion forest is adatum.com
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environmentA security group on the local domain (contoso.com)There must be a group in the existing domain, whose name is the NetBIOS domain name followed bythree dollar signs, e.g., CONTOSO$$$.The group scope must be domain local and the group type must be Security.This is needed for groups to be created in the dedicated administrative forest (adatum.com) with the sameSecurity identifier as groups in this domain(contoso.com).
Create this group with the followingNew-ADGroup -name 'CONTOSO$$$' -GroupCategory Security
-GroupScope DomainLocal -SamAccountName 'CONTOSO$$$'After this, MIM could create "Shadow Group" in bastion adatum.com forest.
References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment Production forest is contoso.comBastion forest is adatum.com
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environmentA security group on the local domain (contoso.com)There must be a group in the existing domain, whose name is the NetBIOS domain name followed bythree dollar signs, e.g., CONTOSO$$$.The group scope must be domain local and the group type must be Security.This is needed for groups to be created in the dedicated administrative forest (adatum.com) with the sameSecurity identifier as groups in this domain(contoso.com).
Create this group with the followingNew-ADGroup -name 'CONTOSO$$$' -GroupCategory Security
-GroupScope DomainLocal -SamAccountName 'CONTOSO$$$'After this, MIM could create "Shadow Group" in bastion adatum.com forest.
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and a computer named Computer1. Remote Server Administration Tools (RSAT) is installed on Computer1.
You need to add User1 as a data recovery agent in the domain.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to add User1 as a data recovery agent in the domain.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation
Explanation:
References:
https://msdn.microsoft.com/library/cc875821.aspx#EJAA
https://www.serverbrain.org/managing-security-2003/using-the-cipher-command-to-add-data-recovery-agent.htm
Explanation:
References:
https://msdn.microsoft.com/library/cc875821.aspx#EJAA
https://www.serverbrain.org/managing-security-2003/using-the-cipher-command-to-add-data-recovery-agent.htm
Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network; to meet the following requirements:
*The resources of the applications must be isolated from the physical host.
*Each application must be prevented from accessing the resources of the other applications.
*The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy a separate Windows container for each application.
Does this meet the goal?
After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network; to meet the following requirements:
*The resources of the applications must be isolated from the physical host.
*Each application must be prevented from accessing the resources of the other applications.
*The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy a separate Windows container for each application.
Does this meet the goal?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
You have a server named Server1 that runs Windows Server 2016.
You need to identify the default action for the inbound traffic when Server1 connects to the domain.
Which cmdlet should you use?
You need to identify the default action for the inbound traffic when Server1 connects to the domain.
Which cmdlet should you use?
정답: C
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The hardware configuration on Server1 meets the requirements for Credential Guard.
You need to enable Credential Guard on Server1.
What should you do? To answer, select the appropriate options in the answer area.
The hardware configuration on Server1 meets the requirements for Credential Guard.
You need to enable Credential Guard on Server1.
What should you do? To answer, select the appropriate options in the answer area.
정답:
Explanation
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements The Virtualization-based security requires: -CPU virtualization extensions plus extended page tables-Windows hypervisorhttps://docs.
microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage#hardware-readines s-tool
References:
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage#hardwar
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements The Virtualization-based security requires: -CPU virtualization extensions plus extended page tables-Windows hypervisorhttps://docs.
microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage#hardware-readines s-tool
References:
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage#hardwar
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that the marketing department computers validate DNS responses from adatum.com.
Which setting should you configure in the Computer Configuration node of GP1?
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that the marketing department computers validate DNS responses from adatum.com.
Which setting should you configure in the Computer Configuration node of GP1?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. You implement the Local Administrator Password Solution (LAPS) in the domain. You enable auditing for LAPS. You need to identify any users who read the password for Server1. Which log should you review?
정답: A