Microsoft 70-744 Dumps 2021

NEW QUESTION 1
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2021.
The local administrator credentials of Server1 are managed by using the Local Administrator Password Solution (LAPS).
You need to retrieve the password of the Administrator account on Server1. What should you do?

• A. From Windows PowerShell on Server1, run the Get-ADFineGrainedPasswordPolicy cmdlet and specify the -Credential parameter.
• B. From Windows PowerShell on Server1, run the Get-ADUser cmdlet and specify the -Credential parameter.
• C. From Active Directory Users and Computers, open the properties at Server1 and view the value at the msMcs-AdmPwd attribute
• D. From Active Directory Users and Computers, open the properties of Administrator and view the value of the userPassword attribute

Answer: C

Explanation: The “ms-Mcs-AdmPwd” attribute of a computer account in Active Directory Users and Computers stores the local Administrator password of a computer, which is configured by LAPS.

NEW QUESTION 2
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server5 that has the Windows Server Update Services server role installed. You need to configure Windows Server Update Services (WSUS) on Server5 to use SSI. You install a certificate in the local Computer store.
Which two tools should you use? Each correct answer presents part of the solution.

• A. Wsusutil
• B. Netsh
• C. Internet Information Services (IIS) Manager
• D. Server Manager
• E. Update Services

Answer: AC

Explanation: By IIS Manager and “wsusutil configuressl” command https://technet.microsoft.com/en-us/library/bb633246.aspx To configure SSL on the WSUS server by using IIS 7.0
1) On the WSUS server, open Internet Information Services (IIS) Manager.
2) Expand Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS
Administration custom Web site, but the default Web
site might have been chosen when WSUS was being installed.
3) Perform the following steps on the APIRemoting30, ClientWebService, DSSAuthWebService,
ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.
In Features View, double-click SSL Settings.
On the SSL Settings page, select the Require SSL checkbox. Ensure that Client certificates is set to Ignore.
In the Actions pane, click Apply.
4) Close Internet Information Services (IIS) Manager.
5) Run the following command from <WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl
<Intranet
FQDN of the software update point site system>.

NEW QUESTION 3
HOTSPOT
Your network contains an Active Directory named contoso.com.
The domain contains the computers configured as shown in the following table.

Server1 has a share named Share1 with the following configurations:-

Server1, Computer1, and Computer2 have the connection security rules configured as shown in follow:-

Please Select the correct statement as below:

Answer:

Explanation: When Computer1 accesses Share1, SMB encryption will be used: YES When Computer2 accesses Share1, SMB encryption will be used: YES
When Server1 accesses a shared folder on Computer1, IPsec encryption will be used: NO
The shared folder “Share1” is configured with “EncryptData : True”, no matter which network the client resides, SMB 3 communication will be encrypted.
When Server1 access Computer1 over network, the original packet L3 IP Header is as follow:- 172.16.1.30 –> 172.16.10.60
These traffic does not match the enabled IPSec rule “Rule2” nor “Rule3”, and the only matching rule “Rule1” is disabled. So, no IPsec encryption will be achieved.

NEW QUESTION 4
Your network contains an Active Directory domain named contoso.com.
The domain contains two global groups named Group1 and Group2. A user named User1 is a member of Group1
You have an organizational unit (OU) named OU1 that contains the computer accounts of computers that contain sensitive data. A Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table.

You need to prevent User1 from signing in to Computer1. What should you do?

• A. From Default Domain Policy, modify the Allow log on locally user right
• B. On Computer1, modify the Deny log on locally user right.
• C. From Default Domain Policy, modify the Deny log on locally user right
• D. Remove User1 to Group2.

Answer: D

Explanation: https://technet.microsoft.com/en-us/library/cc957048.aspx “Deny log on locally”
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Determines which users are prevented from logging on at the computer.
This policy setting supercedes the Allow Log on locally policy setting if an account is subject to both policies.
Therefore, adding User1 to Group2 will let User1 to inherit both policy, and then prevent User1 to sign in to
Computer1.

NEW QUESTION 5
Vout network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2021.
The domain contains a server named Serverl that has Microsoft Security Compliance Manager (SCM)
4.0 installed.
You export the baseline shown in the following exhibit.

You have a server named Server2 that is a member of a workgroup.
You copy the (2617e9b1-9672-492b-aefa-0505054848c2) folder to Server2. You need to deploy the baseline settings to Server2.
What should you do?

• A. Download, install, and then fun the Lgpo.exe command.
• B. From Group Policy Management import a Group Policy object (GPO).
• C. From Windows PowerShell, run the Restore-GPO cmdlet.
• D. From Windows PowerShell, run the Import-GPO cmdlet.
• E. From a command prompt run the secedit.exe command and specify the /import paramete

Answer: D

Explanation: References:
https://anytecho.wordpress.com/2015/05/22/importing-group-policies-using-powershell-almost/

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2021.Server1 has a shared folder named Share1. You plan to create a subfolder in Share1 for each domain user.
You need to limit each user to using 100 MB of data in their respective subfolder.
The solution must enable the users to be notified when they use 80 percent of the available space in the subfolder.
Which tool should you use?

• A. File Explorer
• B. Shared Folders
• C. Server Manager
• D. Disk Management
• E. Storage Explorer
• F. Computer Management
• G. System Configuration
• H. File Server Resource Manager (FSRM)

Answer: H

NEW QUESTION 7
HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest has Microsoft Identity Manager (MIM) 2021 deployed. You implement Privileged Access Management (PAM).
You need to request privileged access from a client computer in contoso.com by using PAM.
How should you complete the Windows PowerShell script? To answer, select the appropriate options in the answer area.

Answer:

Explanation: $PAM = Get-PAMRoleForRequest | ? {$_,DisplayName -eq “CorpAdmins” } New-PAMRequest -role $PAM
References:
https://technet.microsoft.com/en-us/library/mt604089.aspx https://technet.microsoft.com/en-us/library/mt604084.aspx

NEW QUESTION 8
Note: This question b part of a series of questions that use the same or simitar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com The domain contains a server named Server1 that runs Windows Server 2021.
Server1 has a shared folder named Share1.
You need to ensure that all access to Share1 uses SMB Encryption. Which tool should you use?

• A. File Explorer
• B. Shared Folders
• C. Server Manager
• D. Disk Management
• E. Storage Explorer
• F. Computer Management
• G. System Configuration
• H. File Server Resource Manager (FSRM)>

Answer: C

Explanation: https://blogs.technet.microsoft.com/filecab/2012/05/03/smb-3-security-enhancements-inwindows- server-2012/

NEW QUESTION 9
Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account. Which information must you use to configure the Honeytoken account?

• A. the SAM account name of User1
• B. the Globally Unique Identifier (GUID) of User1
• C. the SID of User1
• D. the UPN of User1

Answer: C

Explanation: https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-prerequisites A user account of a user who has no network activities.
This account is configured as the ATA Honeytoken user.
To configure the Honeytoken user you need the SID of the user account, not the username.

https://docs.microsoft.com/en-us/advanced-threat-analytics/install-ata-step7
ATA also enables the configuration of a Honeytoken user, which is used as a trap for malicious actors
– any
authentication associated with this (normally dormant) account will trigger an alert.

NEW QUESTION 10
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table.

You need to manage FS1 and FS2 by using Just Enough Administration (JEA). What should you do before you can implement JEA?

• A. Install Microsoft .NET Framework 4.6.2 on FS1
• B. Upgrade DC1 to Windows Server 2021
• C. Install Windows Management Framework 5.0 on FS2.
• D. Deploy Microsoft Identity Manager (MIM) 2021 to the domai

Answer: C

Explanation: https://msdn.microsoft.com/en-us/library/dn896648.aspx
The current release of JEA is available on the following platforms:
-Windows Server 2021 Technical Preview 5 and higher
-Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2* with Windows Management Framework 5.0 installed FS1 is ready to be managed by JEA, but FS2 need some extra work to do, either upgrade it to Windows Server 2021 or install Windows Management Framework 5.0 installed,

NEW QUESTION 11
Note: The question is part of a series of questions th« present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2021. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.
You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.
Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized Windows image.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: References:
https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privilegedaccess/privileged-access-workstations

NEW QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows10.
The network uses the 172.16.0.0/16 address space.
Computer1 has an application named App1.exe that is located in D:Apps. App1.exe is configured to accept connections on TCP port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You run the New-NetFirewallRule –DisplayName "Rule1" –Direction Inbound
–Program "D:AppsApp1.exe" –Action Allow -Profile Domain command. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 13
DRAG DROP
Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2021. You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2. Which four actions should you perform in sequence?

Answer:

Explanation: Correct Order of Actions:-
1. Install ATA Center (on Server1 for example)
2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)
3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1’s ATA Center)
4. Install the ATA Lightweight Gateway.
Since there are not switch-based port mirroring choice used to capture domain controller’s inbound and
outbound traffic,
installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.

NEW QUESTION 14
Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.
Windows Defender comes with a number of different Defender-specific cmdlets that you can run through PowerShell to automate common tasks.
Which Cmdlet would you run first if you wanted to perform an offline scan?

• A. Start-MpWDOScan
• B. Start-MpScan
• C. Set-MpPreference -DisableRestorePoint $true
• D. Set-MpPreference -DisablePrivacyMode $true

Answer: A

Explanation: Some malicious software can be particularly difficult to remove from your PC. Windows Defender Offline (Start-MpWDOScan) can help to find and remove this using up-to-date threat definitions.

NEW QUESTION 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2021. All client computers run Windows 10.
The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1, and Server2. Solution: You add User1 to the Backup Operators group on Server1 and Server2. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: https://technet.microsoft.com/en-us/library/cc771990(v=ws.11).aspx Backup Operators
Members of this group can back up and restore files on a computer, regardless of any permissions that
protect those files.
This is because the right to perform a backup takes precedence over all file permissions. Members of this
group cannot change security settings.

NEW QUESTION 16
____ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

• A. Network Unlock
• B. EFS recovery agent
• C. JEA
• D. Credential Guard

Answer: A

Explanation: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enablenetwork- unlock

NEW QUESTION 17
You enable and configure PowerShell Script Block Logging.
You need to view which script blocks were executed by using Windows PowerShell scripts. What should you do?

• A. View the Microsoft-Windows-PowerShell/Operational event log.
• B. Open the log files in %LocalAppData%\Microsoft\Windows\PowerShell.
• C. View the Windows PowerShell event log.
• D. Open the log files in %SYSTEMROOT%\Log

Answer: A

Explanation: https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_script
After you enable detailed script tracing, Windows PowerShell logs all script blocks to the event log, MicrosoftWindows-PowerShell/Operational.