Skip Navigation Links
 

Microsoft - 70-744: Securing Windows Server 2016

Sample Questions

Question: 229
Measured Skill: Manage privileged identities (25–30%)

You are an administrator for a company. Your network contains an Active Directory domain named contoso.com.

You implement Local Administrator Password Solution (LAPS) on a member sever named Server1.

You need to retrieve the password of the local Administrator of Server1.

What should you do?

(Each correct answer presents a complete solution. Choose two.)

AFrom Active Directory Administrative Center, view the content of the Password Settings Container.
B Run the Get-ADComputerServiceAccount cmdlet.
C Run the Get-ADComputer cmdlet.
D From Active Directory Administrative Center, view the attributes of the computer object of Server1.

Correct answer: C, D

Explanation:

The LAPS-managed member server administrator passwords are stored in the ms-Mcs-AdmPwd attribute of the corresponding computer account. To view the passwords, you can use the LAPS user interface, ADSIEdit, Active Directory User and Computer, the Active Directory Administrative Center, or the following PowerShell command:

Get-ADComputer -LdapFilter "(ms-Mcs-AdmPwd=*)" -Properties Name,ms-Mcs-AdmPwd | ft Name,ms-Mcs-AdmPwd -AutoSize

Question: 230
Measured Skill: Secure a network infrastructure (10–15%)

Windows Firewall rules can be configured using PowerShell. The "Set-NetFirewallProfile" cmdlet configures settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.

What is the default setting for the AllowInboundRules parameter when managing a GPO?

AFALSE
B NotConfigured

Correct answer: B

Explanation:

The Set-NetFirewallProfile cmdlet configures options for the profiles, including domain, public, and private, that are global, or associated with the input rules. This cmdlet displays information that is presented on the Windows Firewall with Advanced Security Properties page, with the tabs for domain, private, and public profiles. This cmdlet configures the states, default actions, and logging properties on a per-profile basis.

This example enables the Windows Firewall on the local computer.

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

This example sets the default inbound and outbound actions.

Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow

The AllowInboundRules parameter specifies that the firewall blocks inbound traffic. If this parameter is set to True, then the administrator will be able to create firewall rules which allow unsolicited inbound traffic to be accepted. If this parameter is set to False, then firewall rules will be ignored. The acceptable values for this parameter are: False, True, or NotConfigured.
  • True: Inbound firewall rules are allowed. All traffic that does not match a rule will be processed according to the DefaultInboundAction parameter value.

  • False: All inbound firewall rules are ignored. All inbound traffic will use the DefaultInboundAction parameter value. If this parameter is set to False and the DefaultInboundAction parameter is set to Block, then the Windows Firewall is placed into Shields-Up mode on this profile.

  • NotConfigured: Valid only when configuring a Group Policy Object (GPO). This parameter removes the setting from the GPO, which results in the policy not changing the value on the computer when the policy is applied.
The default setting when managing a computer is True. When managing a GPO, the default setting is NotConfigured.

Reference: Set-NetFirewallProfile

Question: 231
Measured Skill: Implement threat detection solutions (15–20%)

You configure a server named Server1 to report to a Microsoft Azure Log Analytics workspace named Workspace1.

Several events are added to the System log on Server1.

You run queries in Workspace1, and no events are returned from Server1. You confirm that Server1 reports to Workspace1.

You need to ensure that events from Server1 are sent to Workspace1.

What should you do?

AFrom Azure Monitor, add a management solution.
B On Server1, configure an event subscription.
C In Workspace1, configure the Advanced settings.
D On Server1, configure the Microsoft Monitoring Agent settings.

Correct answer: C

Explanation:

We need to add one or more Windows Event Logs as data sources in the advanced settings of Workspace1 to collect events.



Question: 232
Measured Skill: Implement server hardening solutions (25–30%)

You have a Hyper-V host named Server1 that runs Windows Server 2016. Server1 has a generation 2 virtual machine named VM1 that runs Windows 10.

You need to ensure that you can turn on BitLocker Drive Encryption (BitLocker) for drive C on VM1.

What should you do?

AFrom the settings of VM1, configure Integration Services.
B From Server1, configure the "Enforce drive encryption type on fixed data drives" Group Policy setting.
C From the settings of VM1, enable a Trusted Platform Module (TPM).
D From the settings of VM1, enable Secure Boot.

Correct answer: C

Explanation:

By default, BitLocker Drive Encryption (BitLocker) requires a TPM to store encryption keys. We could configure the "Require additional authentication at startup" Group Policy setting to allow BitLocker encryption without a TPM. Since this is not an option, we have to provide a TPM for the VM.

Question: 233
Measured Skill: Implement server hardening solutions (25–30%)

You plan to implement Windows Defender Device Guard in your datacenter. You build a model server that contains all the drivers and the software that you want to deploy and secure.

You need to create a new policy to ensure that only whitelisted files can be loaded to the servers. The policy must be in enforcement mode.

How should you complete the commands?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAdd-SignerRule -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
New-CIPolicyRule -FilePath C:\CI\Lockdown.xml -Option 3 -delete
B New-CIPolicy -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
New-CIPolicyRule -FilePath C:\CI\Lockdown.xml -Option 3 -delete
C New-CIPolicy -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
Set-RuleOption -FilePath C:\CI\Lockdown.xml -Option 3 -delete
D New-CIPolicyRule -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
New-CIPolicy -FilePath C:\CI\Lockdown.xml -Option 3 -delete
E New-CIPolicyRule -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
Set-RuleOption -FilePath C:\CI\Lockdown.xml -Option 3 -delete
F Set-RuleOption -Level FilePublisher -Fallback Hash -UserPEs -FilePath C:\CI\Lockdown.xml
Add-SignerRule -FilePath C:\CI\Lockdown.xml -Option 3 -delete

Correct answer: C

Explanation:

The New-CIPolicyRule cmdlet generates the Code Integrity policy rules in XML format.

The Set-RuleOption cmdlet removes the Enabled:Audit Mode from the genrated policy.

References:

New-CIPolicyRule

Set-RuleOption



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com