Guarantee All Exams 100% Pass One Time!
2020 NEW Microsoft 70-744: Securing
Windows Server 2016 Exam Questions
and Answers
:
New Question
Your network contains an Active Directory domain named
contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network
You need to view the password of the local administrator of a server
named Server5. Which tool should you use?
A. Active Directory Users and Computers
B. Computer Management
C. Accounts from the Settings app
D. Server Manager
Answer: A
Explanation:
Use "Active Directory Users and Computers" to view the attribute value of "ms-
MCS-adminpwd" of the Server5 computer account
https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-
solution- lapsimplementation-hints-and-security-nerd-commentaryincludingmini-
threat-model/
New Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows
Server 2016. You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-
ADAuthenticationPolicy cmdlet. Does this meet the goal?
A. Yes
, Guarantee All Exams 100% Pass One Time!
B. No
Answer: B
Explanation:
ADDS Authentication Policy does not provide ability to prevent the use of NTLM
authentication.
New Question
You have a server named Server1 that runs Windows Server 2016.
You need to install Security Compliance Manager (SCM) 4.0 on
Server1. What should you install on Server1 first?
A. the .NET Framework 3.5 Features feature
B. the Active Directory Rights Management Services server role
C. the Remote Server Administration Tools feature
D. the Group Policy Management feature
Answer: A
New Question
Your network contains an Active Directory domain named
contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministrators can view
the password of the local Administrator accounts on the servers in an organizational
unit (OU) named FinanceServers.
You need to prevent the FinanceAdministrators members from viewing the local
administrators' passwords on the servers in FinanceServers.
Which permission should you remove from FinanceAdministrators?
A. List contents
B. All extended rights
C. Read all properties
D. Read permissions
Answer: B
Explanation:
https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-
solution- lapsimplementation-hints-and-security-nerd-commentaryincludingmini-
threat-model/
Access to the password is granted via the "Control Access" right on the
attribute.Control Access is an "Extended Right" in Active Directory, which means if
a user has been granted the "AllExtended Rights" permission they'll be able to
seepasswords even if you didn't give them permission.
New Question
Hotspot Question
You have a Hyper-V host named Server1 that runs Windows
Server 2016. A new security policy states that all the virtual
machines must be encrypted.
, Guarantee All Exams 100% Pass One Time!
Server1 hosts the virtual machines configured as shown in the following table.
2020 NEW Microsoft 70-744: Securing
Windows Server 2016 Exam Questions
and Answers
:
New Question
Your network contains an Active Directory domain named
contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network
You need to view the password of the local administrator of a server
named Server5. Which tool should you use?
A. Active Directory Users and Computers
B. Computer Management
C. Accounts from the Settings app
D. Server Manager
Answer: A
Explanation:
Use "Active Directory Users and Computers" to view the attribute value of "ms-
MCS-adminpwd" of the Server5 computer account
https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-
solution- lapsimplementation-hints-and-security-nerd-commentaryincludingmini-
threat-model/
New Question
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows
Server 2016. You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-
ADAuthenticationPolicy cmdlet. Does this meet the goal?
A. Yes
, Guarantee All Exams 100% Pass One Time!
B. No
Answer: B
Explanation:
ADDS Authentication Policy does not provide ability to prevent the use of NTLM
authentication.
New Question
You have a server named Server1 that runs Windows Server 2016.
You need to install Security Compliance Manager (SCM) 4.0 on
Server1. What should you install on Server1 first?
A. the .NET Framework 3.5 Features feature
B. the Active Directory Rights Management Services server role
C. the Remote Server Administration Tools feature
D. the Group Policy Management feature
Answer: A
New Question
Your network contains an Active Directory domain named
contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network.
You discover that the members of a group named FinanceAdministrators can view
the password of the local Administrator accounts on the servers in an organizational
unit (OU) named FinanceServers.
You need to prevent the FinanceAdministrators members from viewing the local
administrators' passwords on the servers in FinanceServers.
Which permission should you remove from FinanceAdministrators?
A. List contents
B. All extended rights
C. Read all properties
D. Read permissions
Answer: B
Explanation:
https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-
solution- lapsimplementation-hints-and-security-nerd-commentaryincludingmini-
threat-model/
Access to the password is granted via the "Control Access" right on the
attribute.Control Access is an "Extended Right" in Active Directory, which means if
a user has been granted the "AllExtended Rights" permission they'll be able to
seepasswords even if you didn't give them permission.
New Question
Hotspot Question
You have a Hyper-V host named Server1 that runs Windows
Server 2016. A new security policy states that all the virtual
machines must be encrypted.
, Guarantee All Exams 100% Pass One Time!
Server1 hosts the virtual machines configured as shown in the following table.
