November/2019 Braindump2go 70-744 Dumps with PDF and VCE New Updated Today! Following are some new 70-744 Exam Questions,
New Question
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers. You duplicate the Code Signing certificate template and name the new template CodeIntegrity.
How should you configure the CodeIntegrity template?
A. Enable the Allow private key to be exported setting and modify the Key Usage extension.
B. Disable the Allow private key to be exported setting and modify the Application Policies extension.
C. Disable the Allow private key to be exported setting and disable the Basic Constraints extension.
D. Enable the Allow private key to be exported setting and enable the Basic Constraints extension
Answer: D
Explanation:
https://blogs.technet.microsoft.com/ukplatforms/2017/05/04/create-code-integrity-signing-certificate/
New Question
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministartors can view the password of the local Administrator accounts on the servers in an organizational unit (OU) named FinanceServers.
You need to prevent the FinanceAdministartors members from viewing the local administrators `passwords on the servers in FinanceServers. Which permission should you remove from FinanceAdministartors?
A. all extended rights
B. read all properties
C. read permissions
D. list contents
Answer: A
Explanation:
https://4sysops.com/archives/set-up-microsoft-laps-local-administrator-password-solution-in-active-directory/
New Question
You have a file server named FS1 that runs Windows Server 2016.
You plan to disable SMB 1.0 on the server.
You need to verify which computers access FS1 by using SMB 1.0.
What should you run first?
A. Debug-FileShare
B. Set-FileShare
C. Set-SmbShare
D. Set-SmbServerConfiguration
E. Set-SmbClientConfiguration
Answer: D
New Question
You plan to enable Credential Guard on four servers. Credential Guard secrets will be bound to the TPM.
The servers run Windows Server 2016 and are configured as shown in the following table.
You need to identify which server you must modify to support the planned implementation.
Which server should you identify?
A. Server1
B. Server2
C. Server3
D. Server4
Answer: D
Explanation:
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements
New Question
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. The domain has Dynamic Access Control enabled.
Server1 contains a folder named C:\Folder1. Folder1 is shared as Share1.
You need to audit all access to the contents of Folder1 from Server2. The solution must minimize the number of event log entries.
Which two audit policies should you enable on Server1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Global Object Access- File System
B. Object Access – Audit Detailed File Share
C. Object Access – Audit Other Object Access Events
D. Object Access – Audit File System
E. Object Access – Audit File Share
Answer: BE
Explanation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-detailed-file-share
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-file-share
New Question
Your network contains an Active Directory forest named contoso.com. The forest contains three domains.
All domain controllers run Windows Server 2016.
You deploy a second Active Directory forest named admin.contoso.com. The forest contains a domain member server named Server1. Server1 has Microsoft Identity Manager (MIM) 2016 deployed.
You need to implement Privileged Access Management (PAM) and to use admin.contoso.com as an administrative forest.
Which two actions should you perform? Each correct answer presents part of the solution.
A. From Server1, run the New-PAMTrust cmdlet.
B. From a domain controller in contoso.com, run the New-PAMDomainConfiguration cmdlet.
C. From a domain controller in admin.contoso.com, run the New-PAMTrust cmdlet.
D. From a domain controller in contoso.com, run the New-PAMTrust cmdlet.
E. From a domain controller in admin.contoso.com, run the New-PAMDomainConfiguration cmdlet.
F. From Server1, run the New- PAMDomainConfiguration cmdlet.
Answer: AF
Explanation:
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/configuring-mim-environment-for-pam
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/step-5-establish-trust-between-priv-corpforests
New Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows10.
The network uses the 172.16.0.0/16 address space.
Computer1 has an application named App1.exe that is located in D:\Apps\. App1.exe is configured to accept connections on TCP port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You run the New-NetFirewallRule -DisplayName “Rule1” -Direction Inbound -LocalPort 8080 -Protocol TCP -Action Allow -Profile Domain command.
Does this meet the goal?
A. Yes
B. No
Answer: B
New Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows10.
The network uses the 172.16.0.0/16 address space.
Computer1 has an application named App1.exe that is located in D:\Apps\. App1.exe is configured to accept connections on TCP port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You configure an inbound rule that allows the TCP protocol on port 8080, uses a scope of 172.16.0.0/16 for local IP addresses, and applies to a private profile.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd448531(v=ws.10)
New Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows10.
The network uses the 172.16.0.0/16 address space.
Computer1 has an application named App1.exe that is located in D:\Apps\. App1.exe is configured to accept connections on TCP port 8080.
You need to ensure that App1.exe can accept connections only when Computer1 is connected to the corporate network.
Solution: You run the New-NetFirewallRule -DisplayName “Rule1” -Direction Inbound -Program “D:\Apps\App1.exe” -Action Allow -Profile Domain command.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
New Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Kerberos Policy.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/
New Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a file server that runs Windows Server 2016. The file server contains the volumes configured as shown in the following table.
You need to encrypt DevFiles by using BitLocker Drive Encryption (ButLocker).
Solution: You run the Lock-BitLocker cmdlet.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://docs.microsoft.com/en-us/powershell/module/bitlocker/lock-bitlocker?view=win10-ps
Resources from:
1.|2019 Latest Braindump2go 70-744 Exam Dumps (PDF & VCE) Instant Download:
https://www.braindump2go.com/70-744.html
2.|2019 Latest Braindump2go 70-744 Exam Questions & Answers Instant Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNMDN6VjRLbFVKaWM?usp=sharing