← Back to exam page

70-744 Securing Windows Server 2016

Loading demo links...

Showing 4–6 of 15 questions

Question 4

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. The domain has Dynamic Access Control enabled.

Server1 contains a folder named C:\Folder1. Folder1 is shared as Share1.

You need to audit all access to the contents of Folder1 from Server2. The solution must minimize the number of event log entries.

Which two audit policies should you enable on Server1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • Global Object Access- File System

  • Object Access – Audit Detailed File Share

  • Object Access – Audit Other Object Access Events

  • Object Access – Audit File System

  • Object Access – Audit File Share
Question 5

You have a Host Guardian Service (HGS) and a guarded host.

You have a VHDX file that contains an image of Windows Server 2016.

You need to provision a virtual machine by using a shielded template.

Which three files should you create? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • a TPM baseline policy file

  • a TPM identifier file

  • a shielding data .pdk file

  • a signature for the .vhdx file

  • an unattended.xml file

Question 6

Your network contains an Active Directory domain named contoso.com. The domain contains 10 computers that are in an organizational unit (OU) named OU1.

You deploy the Local Administrator Password Solution (LAPS) client to the computers. You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy settings in GPO1.

You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Select all that apply, then click Submit answer.

  • Enable LDAP encryption on the domain controllers.

  • Restart the computers.

  • Modify the permissions on OU1.

  • Restart the domain controller that hosts the PDC emulator role.

  • Update the Active Directory Schema.