Download Microsoft.70-744.PassGuide.2018-06-16.54q.tqb
| Vendor: | Microsoft |
| Exam Code: | 70-744 |
| Exam Name: | Securing Windows Server 2016 |
| Date: | Jun 16, 2018 |
| File Size: | 1 MB |
Demo Questions
Question 1
Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain.
What should you recommend?
- Instruct all users to sign in to a client computer by using a Microsoft account.
- Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
- Instruct all administrators to use a local Administrators account when they sign in to a client computer.
- Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
Correct answer: C
Explanation:
References:https://en.wikipedia.org/wiki/Pass_the_hash#Mitigations References:
https://en.wikipedia.org/wiki/Pass_the_hash#Mitigations
Question 2
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.
- Raise the forest functional level of admin.contoso.com.
- Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
- Configure contoso.com to trust admin.contoso.com.
- Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
- Raise the forest functional level of contoso.com.
- Configure admin.contoso.com to trustcontoso.com.
Correct answer: BC
Explanation:
References:https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/hardware-software-requirementshttps://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment References:
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/hardware-software-requirements
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
Server1 is configured as a domain controller.
You configure Server1 as a Just Enough Administration (JEA) endpoint. You configure the required JEA rights for a user named User1.
You need to tell User1 how to manage Active Directory objects from Server2.
What should you tell User1 to do first on Server2?
- From a command prompt, runntdsutil.exe.
- From Windows PowerShell, run the Import-Module cmdlet.
- From Windows PowerShell, run the Enter-PSSession cmdlet.
- Install the management consoles for Active Directory, and then launch Active Directory Users and Computers.
Correct answer: C
Explanation:
References:https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/ References:
https://blogs.technet.microsoft.com/privatecloud/2014/05/14/just-enough-administration-step-by-step/
