Skip Navigation Links

Microsoft - 70-744: Securing Windows Server 2016

Sample Questions

Question: 184
Measured Skill: Secure a network infrastructure (10–15%)

You have a file server named FS1 that runs Windows Server 2016. You plan to disable SMB 1.0 on the server.

You need to verify which computers access FS1 by using SMB 1.0.

What should you run first?

B Set-FileShare
C Set-SmbShare
D Set-SmbServerConfiguration
E Set-SmbClientConfiguration

Correct answer: D


SMBv1 is enabled by default and is still used in Server 2016, likely for compatibility reasons.

In order to detect or audit clients using it, run:

Set-SmbServerConfiguration –AuditSmb1Access $true

On how to disable SMBv1 check: How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server

Question: 185
Measured Skill: Implement threat detection solutions (15–20%)

Your network has an internal network and a perimeter network. Only the servers on the perimeter network can access the Internet.

You create a Microsoft Operations Management Suite (OMS) instance in Microsoft Azure. You deploy Microsoft Monitoring Agent to all the servers on both the networks.

You discover that only the servers on the perimeter network report to OMS.

You need to ensure that all the servers report to OMS.

What should you do?

AInstall a Web Application Proxy on the perimeter network and install an OMS Gateway on the internal network. Publish the OMS Gateway from the Web Application Proxy.
B Install a Web Application Proxy and an OMS Gateway on the perimeter network. Publish the OMS Gateway from the Web Application Proxy.
C Configure the network firewalls to allow the internal servers to access the IP addresses of the Azure OMS instance by using TCP port 443.
D On the internal servers, run the Add-AzureRmUsageConnect cmdlet and specify the AdminUri parameter.

Correct answer: A


If your IT security policies do not allow computers on your network to connect to the Internet, such as point of sale (POS) devices, or servers supporting IT services, but you need to connect them to Azure Automation or Log Analytics to manage and monitor them, they can be configured to communicate directly with the OMS Gateway to receive configuration and forward data on their behalf. If these computers are configured with the OMS agent to directly connect to a Log Analytics workspace, all computers will instead communicate with the OMS Gateway. The gateway transfers data from the agents to the service directly, it does not analyze any of the data in transit.

The OMS Gateway supports:

  • Azure Automation Hybrid Runbook Workers
  • Windows computers with the Microsoft Monitoring Agent directly connected to a Log Analytics workspace
  • Linux computers with the OMS Agent for Linux directly connected to a Log Analytics workspace
  • System Center Operations Manager 2012 SP1 with UR7, Operations Manager 2012 R2 with UR3, Operations Manager 2016, and Operations Manager version 1801 management group integrated with Log Analytics.

Reference: Connect computers without Internet access using the OMS Gateway

Question: 186
Measured Skill: Implement workload-specific security (5–10%)

You have a virtual machine named FS1 that runs Windows Server 2016. FS1 has the shared folders shown in the following table.

You need to ensure that each user can store 10 GB of files in \\FS1\Users.

What should you do?

AFrom File Explorer, open the properties of volume D, and then modify the Quota settings.
B Install the File Server Resource Manager role service, and then create a file screen.
C From File Explorer, open the properties of D:\Users, and then modify the Advanced sharing settings.
D Install the File Server Resource Manager role service, and then create a quota.

Correct answer: D


On the Quota Management node of the File Server Resource Manager (FSRM) snap-in, you can perform the following tasks:

  • Create quotas to limit the space allowed for a volume or folder, and generate notifications when the quota limits are approached or exceeded.
  • Generate auto apply quotas that apply to all existing subfolders in a volume or folder and to any subfolders that are created in the future.
  • Define quota templates that can be easily applied to new volumes or folders and then used across an organization.

For example, you can:

  • Place a 200 megabyte (MB) limit on users' personal server folders, with an email notification sent to you and the user when 180 MB of storage has been exceeded.
  • Set a flexible 500 MB quota on a group's shared folder. When this storage limit is reached, all users in the group are notified by e-mail that the storage quota has been temporarily extended to 520 MB so that they can delete unnecessary files and comply with the preset 500 MB quota policy.
  • Receive a notification when a temporary folder reaches 2 gigabytes (GB) of usage, yet not limit that folder's quota because it is necessary for a service running on your server.
Quota Management

Question: 187
Measured Skill: Implement server hardening solutions (25–30%)

You have two servers named Server1 and Server2 that run Windows Server 2016. The servers are in a workgroup.

You need to create a security template that contains the security settings of Server1 and to apply the template to Server2. The solution must minimize administrative effort.

Which snap-in should you use for each server?

(To answer, drag the appropriate snap-ins to the correct servers. Each snap-in may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)

AServer1: Authorization Manager
Server2: Computer Management
B Server1: Computer Management
Server2: Authorization Manager
C Server1: Group Policy Object Editor
Server2: Group Policy Object Editor
D Server1: Authorization Manager
Server2: Security Templates
E Server1: Security Templates
Server2: Group Policy Object Editor
F Server1: Security Templates
Server2: Resultant Set of Policy

Correct answer: C


The settings can be exported and imported into an .inf file using the Group Policy Object Editor.

Question: 188
Measured Skill: Implement server hardening solutions (25–30%)

Your network contains an Active Directory domain named The domain contains a user named User1 and a computer named Computer1. Remote Server Administration Tools (RSAT) are installed on Computer1.

You need to add User1 as a data recovery agent in the domain.

Which four actions should you perform in sequence?

(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

ASequence: 5, 4, 2, 3
B Sequence: 5, 6, 1, 3
C Sequence: 3, 4, 5, 2
D Sequence: 3, 4, 5, 1

Correct answer: D


Cipher.exe /r generates an EFS recovery agent key and certificate, then writes them to a .pfx file (containing certificate and private key) and a .cer file (containing only the certificate).

For using the "Add Recovery Agent Wizard" to add a Recovery Agent the certificate (.cer) file for the user is needed.

Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test

© Copyright 2014 - 2019 by