IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / 70-744 問題集  / 70-744 問題練習

Microsoft 70-744 問題練習

Securing Windows Server 2016 試験

最新更新時間: 2020/11/19,合計179問。

いい買物の日:70-744 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、70-744 問題集を使用してください。

 / 12

Question No : 1
Your network contains an Active Directory domain named contoso.com. The domain contains a certification authority (CA).
You need to implement code integrity policies and sign them by using certificates issued by the CA.
You plan to use the same certificate to sign policies on multiple computers.
You duplicate the Code Signing certificate template and name the new template CodeIntegrity.
How should you configure the CodeIntegrity template?
A. Enable the Allow private key to be exported setting and modify the Key Usage extension.
B. Disable the Allow private key to be exported setting and modify the Application Policies extension.
C. Disable the Allow private key to be exported setting and disable the Basic Constraints extension.
D. Enable the Allow private key to be exported setting and enable the Basic Constraints extension

正解: D
Explanation:
References: https://blogs.technet.microsoft.com/ukplatforms/2017/05/04/create-code-integrity-signing­certificate/

Question No : 2
Note: This question is part of a series of questions that use the same scenario. For yourconvenience, the scenario is repeated in each question. Each question presents a different goaland answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The domain contains the servers configured as shown in the following table.



All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You need to ensure that AppLocker rules will apply to the marketing department computers.
What should you do?

正解:
Explanation:
References: https://docs.microsoft.com/en-us/windows/device-security/applocker/configure-the­application-identity-service

Question No : 3
Note: This question is part of a series of questions that use the same scenario. For yourconvenience, the scenario is repeated in each question. Each question presents a different goaland answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The domain contains the servers configured as shown in the following table.



All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
End of repeated scenario.
You need to implement BitLocker Network Unlock for all of the laptops.
Which server role should you deploy to the network?

正解:
Explanation:
References: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enable­network-unlock

Question No : 4
Note: This question is part of a series of questions that use the same scenario. For yourconvenience, the scenario is repeated in each question. Each question presents a different goaland answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The domain contains the servers configured as shown in the following table.



All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You need to create a Role Capability file on Server3.
Which file should you create?

正解:
Explanation:
References: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/role-capabilities? view=powershell-7

Question No : 5
Note: This question is part of a series of questions that use the same scenario. For yourconvenience, the scenario is repeated in each question. Each question presents a different goaland answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario.
Your company has a marketing department.
The network contains an Active Directory domain named contoso.com.
The domain contains the servers configured as shown in the following table.



All servers run Windows Server 2016. All client computers run Windows 10 and are domain members. All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers. An OU named OU2 contains the computer accounts of the computers in the marketing department. A Group Policy object (GPO) named GP1 is linked to OU1. A GPO named GP2 is linked to OU2.
All computers receive updates from Server1. You create an update rule named Update1.
End of repeated scenario.
You enable deep script block logging for Windows PowerShell.
In which event log will PowerShell code that is generated dynamically appear?

正解:
Explanation:
References:
https://docs.microsoft.com/en-us/powershell/scripting/wmf/whats-new/script-logging?view=powershell-7

Question No : 6
HOTSPOT
Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain. You install the ATA Gateway on a server named Server1. To assist in detecting Pass-the-Hash attacks, you plan to configure ATA Gateway to collect events. You need to configure the query filter for event subscriptions on Server1.
How should you configure the query filter? To answer, select the appropriate options in the answer are.



正解:


Explanation:
References: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection

Question No : 7
Your network contains an Active Directory domain named contoso.com. You deploy a server named Server1 that runs Windows Server 2016. Server1 is in a workgroup. You need to collect the logs from Server1 by using Log Analytics in Microsoft Operations Management Suite (OMS).
What should you do first?

正解:
Explanation:
References: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents

Question No : 8
Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines. You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1. You need to ensure that you can host shielded virtual machines on Server1.
What should you install on Server1?

正解:
Explanation:
References: https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-guarded-host-prerequisites

Question No : 9
You are creating a Nano Server image for the deployment of 10 servers.
You need to configure the servers as guarded hosts that use Trusted Platform Module (TPM) attestation.
Which three packages should you include in the Nano Server image? Each correct answer presents part of the solution.

正解:
Explanation:
References:
https://docs.microsoft.com/en-us/system-center/vmm/guarded-deploy-host?toc=/windows-server/virtualization/https://docs.microsoft.com/en-us/windows-server/get-started/deploy-nano-server

Question No : 10
DRAG DROP
You have two servers named Server1 and Server2 that run Windows Server 2016. The servers are in a workgroup. You need to create a security template that contains the security settings of Server1 and to apply the template to Server2. The solution must minimize administrative effort.
Which snap-in should you use for each server? To answer, drag the appropriate snap-ins to the correct servers. Each snap-in may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:



正解:


Explanation:
References: https://www.windows-server-2012-r2.com/security-templates.html

Question No : 11
HOTSPOT
Your network contains an Active Directory named contoso.com
The domain contains the computers configured as shown in the following table.



Server1 has a share named Share1 that has the following configurations.



Server1, Computer1, and Computer2 have the connection security rules configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



正解:

Question No : 12
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server
named Server1 that runs Windows Server 2016. Server1 has a shared folder named Share1. You plan to create a subfolder in Share1 for each domain user. You need to limit each user to using 100 MB of data in their respective subfolder. The solution must enable the users to be notified when they use 80 percent of the available space in the subfolder.
Which tool should you use?

正解:
Explanation:
References: https://4sysops.com/archives/file-server-resource-manager-fsrm-part-3-quota-management/

Question No : 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?

正解:
Explanation:
References: https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/

Question No : 14
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet.
Does this meet the goal?

正解:
Explanation:
References: https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/

Question No : 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?

正解:
Explanation:
References: https://www.rootusers.com/implement-ntlm-blocking-in-windows-server-2016/

 / 12