2017 April Microsoft Official New Released 70-744 Q&As in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
2017 timesaving comprehensive guides for Microsoft 70-744 exam: Using latest released Lead2pass 70-744 exam questions, quickly pass 70-744 exam 100%! Following questions and answers are all new published by Microsoft Official Exam Center!
Following questions and answers are all new published by Microsoft Official Exam Center: http://www.lead2pass.com/70-744.html
QUESTION 16
Your network contains an Active Directory domain named contoso.com.
The domain contains five file servers that run Windows Server 2016.
You have an organizational unit (OU) named Finance that contains all of the servers.
You create a Group Policy object (GPO) and link the GPO to the Finance OU.
You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged.
The solution must log only users who have a manager attribute of Ben Smith.
Which audit policy setting should you configure in the GPO?
A. File system in Global Object Access Auditing
B. Audit Detailed File Share
C. Audit Other Account Logon Events
D. Audit File System in Object Access
Answer: B
Explanation:
This is why answer C is incorrect:
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/audit-other-account-logon-events
Correct Answer is B. Audit Detailed File Share generates this Event Log ID: 5145.
Source: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-5145
QUESTION 17
Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following requirements:
– The resources of the applications must be isolated from the physical host
– Each application must be prevented from accessing the resources of the other applications.
– The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy one Windows container to host all of the applications.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Isolation occurs at the container level. Multiple applications in the same container would share the same resources.
http://windowsitpro.com/windows-server-2016/differences-between-windows-containers-and-hyper-v-containers-windows-server-201
QUESTION 18
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com.
The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named Finance that contains the computers in the finance department.
You have an OU named AppServers that contains application servers.
A Group Policy object (GPO) named GP1 is linked to the Marketing OU.
A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.
You need to ensure that the BitLocker recovery keys are stored in Active Directory.
Which Group Policy setting should you configure?
A. System cryptography; Force strong key protection (or user keys stored on the computer
B. Store Bittocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
C. System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing
D. Choose how BitLocker-protected operating system drives can be recovered
Answer: B
Explanation:
Among the available answers, B is the only possible one. Though all servers are Windows 2016, the forest and domain are still in 2008 R2 mode.
https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
QUESTION 19
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com.
All servers run Windows Server 2016.
All client computers run Windows 10.
The relevant objects in the domain are configured as shown in the following table.
You need to assign User1 the right to restore files and folders on Server1, and Server2.
Solution: You add User1 to the Backup Operators group in contoso.com.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 20
Your network contains an Active Directory domain named contoio.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Served1.
You create a Group Policy object (GPO) named GPO1.
You link GPO1 to the Administration OU.
You need to log an event each time an Active Directory cmdlet is executed succesfully from Served.
What should you do?
A. From Advanced Audit Policy in GPO1 configure auditing for directory service changes.
B. Run the (Get-Module ActiveDirectory).LogPipelineExecutionDetails – $false command.
C. Run the (Get-Module ArtivcDirectory).LogPipelineExecutionDetails = $true command.
D. From Advanced Audit Policy in GPO1 configure auditing for other privilege use events.
Answer: C
QUESTION 21
Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2016.
The domain contains a server named Serverl that has Microsoft Security Compliance Manager (SCM) 4.0 installed.
You export the baseline shown in the following exhibit.
You have a server named Server2 that is a member of a workgroup.
You copy the (2617e9b1-9672-492b-aefa-0505054848c2) folder to Server2.
You need to deploy the baseline settings to Server2.
What should you do?
A. Download, install, and then fun the Lgpo.exe command.
B. From Group Policy Management import a Group Policy object (GPO).
C. From Windows PowerShell, run the Restore-GPO cmdlet.
D. From Windows PowerShell, run the Import-GPO cmdlet.
E. From a command prompt run the secedit.exe command and specify the /import parameter.
Answer: A
Explanation:
Server2 is a non-domain joined computer using the the GPO pack feature.
Source: https://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx
LGPO.exe replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM).
https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/
QUESTION 22
Note: This question b part of a series of questions that use the same or simitar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has a shared folder named Share1.
You need to ensure that all access to Share1 uses SMB Encryption.
Which tool should you use?
A. File Explorer
B. Shared Folders
C. Server Manager
D. Disk Management
E. Storage Explorer
F. Computer Management
G. System Configuration
H. File Server Resource Manager (FSRM)>
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/dn551363(v=ws.11).aspx
See section “To enable SMB Encryption by using Server Manager”
QUESTION 23
Your network contains an Active Directory forest named contoso.com.
The forest functional level is Windows Server 2012.
The forest contains a single domain.
The domain contains multiple Hyper-V hosts.
You plan to deploy guarded hosts.
You deploy a new server named Server22 to a workgroup.
You need to configure Server22 as a Host Guardian Service server.
What should you do before you initialize the Host Guardian Service on Server22?
A. Install the Active Directory Domain Services server role on Server22.
B. Obtain a certificate.
C. Raise the forest functional level.
D. Join Server22 to the domain.
Answer: D
QUESTION 24
Your network contains an Active Directory domain named contoso.com.
You create a Microsoft Operations Management Suite (OMS) workspace.
You need to connect several computers directly to the workspace.
Which two pieces of information do you require? Each correct answer presents part of the solution.
A. the ID of the workspace
B. the name of the workspace
C. the URL of the workspace
D. the key of the workspace
Answer: AD
Explanation:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents
QUESTION 25
Note: This question b part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear In the review screen.
Your network contains an Active Directory domain named contow.com. All servers run Windows Server 2016. All client computers run Windows 10.
The relevant objects in the domain are configured as shown in the following table.
You need to assign User1 the right to restore files and folders on Server1 and Server2.
Solution: You create a Group Policy object (GPO), link it to the Operations Users OU, and modify the Users Rights Assignment in the GPO.
Does this meet the goal?
A. Yes
B. No
Answer: B
QUESTION 26
Note: This question is part of a scries of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains mulbple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network; to meet the following requirements:
– The resources of the applications must be isolated from the physical host.
– Each application must be prevented from accessing the resources of the other applications.
– The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy a separate Windows container for each application.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 27
Note: This question Is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has a volume named Volume1.
A central access policy named Policyl is deployed to the domain.
You need to apply Policyl to Volume1.
Which tool should you use?
A. File Explorer
B. Shared Folders
C. Server Manager
D. Disk Management
E. Storage Explorer
F. Computer Management
G. System Configuration
H. File Server Resource Manager (FSRM)
Answer: D
QUESTION 28
Note: This question Is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.
Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client computers run Windows 10.
The relevant objects in the domain are configured as shown in the following table.
You need to assign User1 the right to restore files and folders on Server1 and Server2.
Solution: You create a Group Policy object (GPO), you link the GPO to the Servers OU, and then you modify the Users Rights Assignment in the GPO.
Does this meet the goat?
A. Yes
B. No
Answer: A
QUESTION 29
Your network contains an Active Directory domain named contoso.com.
You install the Windows Server Update Services server role on a member server named Server1. Server1 runs Windows Server 2016.
You need to ensure that a user named Used can perform the following tasks:
– View the Windows Server Update Services (WSUS) configuration.
– Generate WSUS update reports.
The solution must use the principle of least privilege.
What should you do on Server1?
A. Modify the permissions of the ReportWebService virtual folder from the WSUS Administration website.
B. Add User1 to the WSUS Reporters local group.
C. Add User1 to the WSUS Administrators local group.
D. Run wsusutil.exe and specify the postinstall parameter.
Answer: C
QUESTION 30
Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
Yout network contains an Active Directory domain named contoso.com.
The domain contains a computer named Computer1 that runs Windows 10.
Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally.
Computer1 runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Group Policy Management you create a software restriction policy.
Does this meet the goal?
A. Yes
B. No
Answer: B
Lead2pass is confident that our NEW UPDATED 70-744 exam questions and answers are changed with Microsoft Official Exam Center. If you cannot pass 70-744 exam, never mind, we will return your full money back! Visit Lead2pass exam dumps collection website now and download 70-744 exam dumps instantly today!
70-744 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDRTV1TFlfb2RCbjQ
2017 Microsoft 70-744 exam dumps (All 65 Q&As) from Lead2pass:
http://www.lead2pass.com/70-744.html [100% Exam Pass Guaranteed!!!]