Free Download Of Lead2pass 70-744 Real Exam Questions:
https://www.lead2pass.com/70-744.html
QUESTION 11
Your network contains an Active Directory domain named contoso.com.
The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack.
The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain.
What should you recommend?
A. Instruct all users to sign in to a client computer by using a Microsoft account.
B. Move the computer accounts of all the client computers to a new organizational unit (OU).
Remove the permissions to the new OU from the Domain Admins group.
C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.
D. Move the computer accounts of the domain controllers to a new organizational unit (OU).
Remove the permissions to the new OU from the Domain Admins group.
Answer: B
Explanation:
Minimize the membership of privileged groups:
minimize the number and type of computer that members of privileged groups are allowed to log on to.
For example:
1. Prevent members of the Domain Admins group form logging on to non-domain controllers
2. Prevent Local Administrators (and other local accounts with elevated permissions) from performing network log on
3. Prevent elevated accounts from logging on to any computers except the ones they need.
https://www.microsoft.com/security/sir/strategy/default.aspx#!pass_the_hash_defenses
QUESTION 12
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com.
The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named finance that contains the computers in the finance department.
You have an OU named AppServers that contains application servers.
A Group Policy object (GPO) named GP1 is linked to the Marketing OU.
A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to exclude D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?
A. Set-StorageSetting
B. Set-FsrmFileScreenException
C. Set-MpPreference
D. Set-DtcAdvancedSetting
Answer: C
Explanation:
-ExclusionPath: Specifies an array of file paths to exclude from scheduled and real-time scanning.
You can specify a folder to exclude all the files under the folder.
https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
QUESTION 13
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com.
The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named Finance that contains the computers in the finance department.
You have an OU named AppServers that contains application servers.
A Group Policy object (GPO) named GP1 is linked to the Marketing OU.
A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that the marketing department computers validate DNS responses from adatum.com.
Which setting should you configure in the Computer Configuration node of GP1?
A. TCPIP Settings from Administrative Templates
B. Connection Security Rule from Windows Settings
C. DNS Client from Administrative Templates
D. Name Resolution Policy from Windows Settings
Answer: D
QUESTION 14
Note: This question is port of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question In the series. Each question is Independent of the other questions In this series. Information and details provided in a question apply only to that question.
Vour network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016 and a Nano Server named Nano1.
Nano1 has two volumes named C and D.
You are signed in to Server1.
You need to configure Data Deduplication on Nano1.
Which tool should you use?
A. File Explorer
B. Shared Folders
C. Server Manager
D. Disk Management
E. Storage Explorer
F. Computer Management
G. System Configuration
H. File Server Resource Manager (FSRM)
Answer: C
Explanation:
Enable Data Deduplication by using Server Manager
https://technet.microsoft.com/en-us/windows-server-docs/storage/data-deduplication/install-enable
QUESTION 15
Note: This question It part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goats. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
The domain contains a computer named Computer1 that runs Windows 10.
Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally.
Computer1 runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Group Policy Management you create a software restriction policy.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
The network profiles and the ports can be managed by using advanced windows firewall settings and software restriction polices cannot full fill the needs .
QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The domain contains five file servers that run Windows Server 2016.
You have an organizational unit (OU) named Finance that contains all of the servers.
You create a Group Policy object (GPO) and link the GPO to the Finance OU.
You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged.
The solution must log only users who have a manager attribute of Ben Smith.
Which audit policy setting should you configure in the GPO?
A. File system in Global Object Access Auditing
B. Audit Detailed File Share
C. Audit Other Account Logon Events
D. Audit File System in Object Access
Answer: B
Explanation:
This is why answer C is incorrect:
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/audit-other-account-logon-events
Correct Answer is B. Audit Detailed File Share generates this Event Log ID: 5145.
Source: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-5145
QUESTION 17
Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following requirements:
– The resources of the applications must be isolated from the physical host
– Each application must be prevented from accessing the resources of the other applications.
– The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy one Windows container to host all of the applications.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Isolation occurs at the container level. Multiple applications in the same container would share the same resources.
http://windowsitpro.com/windows-server-2016/differences-between-windows-containers-and-hyper-v-containers-windows-server-201
QUESTION 18
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com.
The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named Finance that contains the computers in the finance department.
You have an OU named AppServers that contains application servers.
A Group Policy object (GPO) named GP1 is linked to the Marketing OU.
A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.
You need to ensure that the BitLocker recovery keys are stored in Active Directory.
Which Group Policy setting should you configure?
A. System cryptography; Force strong key protection (or user keys stored on the computer
B. Store Bittocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
C. System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing
D. Choose how BitLocker-protected operating system drives can be recovered
Answer: B
Explanation:
Among the available answers, B is the only possible one. Though all servers are Windows 2016, the forest and domain are still in 2008 R2 mode.
https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
70-744 dumps full version (PDF&VCE): https://www.lead2pass.com/70-744.html
Large amount of free 70-744 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDVExYaWZyTWt4OGc
You may also need:
70-740 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDMXFQVl9VSWx5WGs
70-741 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDb05IRmRaei1JLVE
70-742 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDRWlFSW1vN0JwT3M
70-743 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDdjVzVlJxOXB5TTg