Microsoft 70-744 Securing Windows Server 2016 Exam Practice Test

Your network contains an Active Directory domain. All the computers in the domain are configured for the Local Administrator Password Solution (LAPS). The Group Policy object (GPO) settings for LAPS are configured as shown in the exhibit. (Click the Exhibit tab.)

You provide a technician with the local administrator password for a computer named Computer1.

What is the maximum amount of time the password will be valid?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.

You configure Just Enough Administration (JEA) on Server1.

When will JEA limit the tasks that can be performed on Server1?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.

You need to deploy several critical line-of-business applications to the network to meet the following requirements:

The resources of the applications must be isolated from the physical host.

Each application must be prevented from accessing the resources of the other applications.

The configurations of the applications must be accessible only from the operating system that hosts the application.

Solution: You deploy one Hyper-V container to host all of the applications.

Does this meet the goal?

Your network contains two Active Directory forests named corp.contoso.com and priv.contoso.com. Both forests have only a single domain. The priv.contoso.com domain contains a server named Server1 that runs Windows Server 2016.

You install Microsoft Identity Manager (MIM) 2016 on Server1.

You plan to deploy MIM-based Privileged Access Management (PAM) between the two forests.

You run New-PAMTrust in the priv.contoso.com domain.

You need to configure the trust relationship between the forests to support the PAM deployment.

Which three settings should you configure for the trust? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have a Hyper-V host named Server1 that hosts the virtual machines shown in the following table.

You plan to encrypt the operating system drive on the virtual machines.

On which virtual machines can you use a TPM protector for BitLocker Drive Encryption (BitLocker)?

Your network contains an Active Directory domain named contoso.com.

All DNS servers host an Active Directory-integrated zone for the domain that is DNSSEC-signed. All the DNS servers have a trust anchor installed for a DNS zone named fabrikam.com.

For all the computers in the domain, you configure a name resolution policy that enforces DNSSEC validation for the contoso.com and fabrikam.com DNS namespaces.

You need to verify whether the trust anchor is valid.

What should you do?

You have server named Server1.

You need to configured PowerShell logging to capture dynamic code generation. the solution must minimize the number of events that are logged.

What should you configured?