16 05 2018
[May-2018-New]Full Version 70-744 Exam Dumps PDF and VCE 160Q for Free Download[133-143]
2018 May New Microsoft 70-743 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 70-743 Real Exam Questions:
1.|2018 Latest 70-743 Exam Dumps (PDF & VCE) 160Q Download:
https://www.braindump2go.com/70-744.html
2.|2018 Latest 70-743 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNMDN6VjRLbFVKaWM?usp=sharing
QUESTION 133
Your network contains an Active Directory domain named contoso.com.
The domain contains two global groups named Group1 and Group2.
A user named User1 is a member of Group1.
You have an organizational unit (OU) named OU1 that contains the computer accounts of computers that contain sensitive data.
A Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table.
You need to prevent User1 from signing in to Computer1. What should you do?
A. From Default Domain Policy, modify the Allow log on locally user right
B. On Computer1, modify the Deny log on locally user right.
C. From Default Domain Policy, modify the Deny log on locally user right
D. Remove User1 to Group2.
Answer: D
Explanation:
https://technet.microsoft.com/en-us/library/cc957048.aspx
“Deny log on locally”Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights AssignmentDetermines which users are prevented from logging on at the computer.This policy setting supercedes the Allow Log on locally policy setting if an account is subject to bothpolicies.Therefore, adding User1 to Group2 will let User1 to inherit both policy, and then prevent User1 to sign in toComputer1.
QUESTION 134
You are creating a Nano Server image for the deployment of 10 servers.
You need to configure the servers as guarded hosts that use Trusted Platform Module (TPM) attestation.
Which three packages should you include in the Nano Server image? Each correct answer presents part of the solution.
A. Microsoft-NanoServer-SecureStartup-Package
B. Microsoft-NanoServer-ShieldedVM-Package
C. Microsoft-NanoServer-Storage-Package
D. Microsoft-NanoServer-SCVMM-Compute-Package
E. Microsoft-NanoServer-SCVMM-Package
F. Microsoft-NanoServer-Compute-Package
Answer: ABF
Explanation:
https://docs.microsoft.com/en-us/system-center/vmm/guarded-deploy-host?toc=/windows- server/virtualization/toc.json
For an SCVMM Managed Nano Server Hyper-V case:If your host is running Nano Server Hyper-V host, it should have the Compute, SCVMM-Package, SCVMMCompute, SecureStartup, and ShieldedVM
packagesinstalled.https://docs.microsoft.com/en-us/windows-server/get-started/deploy- nano-serverFor an standalone Nano Server Hyper-V host, no SCVMM related packages are required, only Compute,SecureStartup, and ShieldedVM packages are required.This table shows the roles and features that are available in this release of Nano Server, along with theWindows PowerShell options that will install the packagesfor them.Some packages are installed directly with their own Windows PowerShell switches (such as -Compute); othersyou install by passing package names to the Package parameter, which you can combine in a comma-separated list.
You can dynamically list availablepackages using the Get-NanoServerPackage cmdlet.
QUESTION 135
You plan to enable Credential Guard on four servers.
Credential Guard secrets will be bound to the TPM.
The servers run Windows Server 2016 and are configured as shown in the following table.
Which of the above server you could enable Credential Guard?
A. Server1
B. Server2
C. Server3
D. Server4
Answer: D
Explanation:
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirementsHardware and software requirements
To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLMand Kerberos derived credentials, WindowsDefender Credential Guard uses:- Support for Virtualization-based security (required)-Secure boot (required)-TPM 2.0 either discrete or firmware (preferred ?provides binding to hardware)-UEFI lock (preferred ?prevents attacker from disabling with a simple registry key change)
QUESTION 136
Your network contains an Active Directory domain named contoso.com.
The domain contains servers that run
Windows Server 2016.
You enable Remote Credential Guard on a server named Server1.
You have an administrative computer named Computer1 that runs Windows 10.
Computer1 is configured to require Remote Credential Guard.
You sign in to Computer1 as Contoso\\User1.
You need to establish a Remote Desktop session to Server1 as Contoso\\ServerAdmin1.
What should you do first?
A. Install the Universal Windows Platform (UWP) Remote Desktop application
B. Turn on virtualization based security
C. Run the mstsc.exe /remoteGuard
D. Sign in to Computer1 as Contoso\\ServerAdmin1
Answer: D
Explanation:
When Computer1 is configured to require Remote Credential Guard, you cannot use NTLM authentication tospecify (or impersonate) another user account whenconnecting to Server1.Therefore, you have to sign in to Computer1 as “ServerAdmin1” and use Kerberos for authenticating to RDPserver “Server1” when Remote Credential Guard is required.
QUESTION 137
You have two computers configured as shown in the following table.
You need to ensure that the credentials that you use to establish Remote Desktop sessions from Client1 to Server1 are protected by using Remote CredentialGuard.
A. Join Client1 to the domain.
B. Remove Server1 from the domain.
C. Upgrade Server1 to Windows Server 2016 Datacenter.
D. Upgrade Client1 to Windows 10 Enterprise.
Answer: A
Explanation:
https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard
QUESTION 138
Your data center contains 10 Hyper-V hosts that host 100 virtual machines.
You plan to secure access to the virtual machines by using the Datacenter Firewall service.
You have four servers available for the Datacenter Firewall service.
The servers are configured as shown in the following table.
You need to install the required server roles for the planned deployment
Which server role should you deploy? Choose Two.
A. Server role to deploy: Multipoint Services
B. Server role to deploy: Network Controller
C. Server role to deploy: Network Policy and Access Services
D. Servers on which to deploy the server role: Server20 and Server21
E. Servers on which to deploy the server role: Server22 and Server23
Answer: BE
Explanation:
Datacenter Firewall is a new service included with Windows Server 2016. It is a network layer, 5-tuple (protocol,source and destination port numbers, source anddestination IP addresses), stateful, multitenant firewall. When deployed and offered as a service by the serviceprovider, tenant administrators can install andconfigure firewall policies to help protect their virtual networks from unwanted traffic originating from Internetand intranet networks.https://docs.microsoft.com/en-us/windows- server/networking/sdn/technologies/network-controller/networkcontrollerNetwork Controller FeaturesThe following Network Controller features allow you to configure and manage virtual and physical networkdevices and services.i) Firewall Management (Datacenter Firewall)ii) Software Load Balancer Managementiii) Virtual Network Managementiv) RAS Gateway Management
https://docs.microsoft.com/en-us/windows-server/networking/sdn/plan/installation-and-preparationrequirements-for-deploying-network-controller
Installation requirementsFollowing are the installation requirements for Network Controller.For Windows Server 2016 deployments, you can deploy Network Controller on one or more computers, one ormore VMs, or a combination of computers and VMs.All VMs and computers planned as Network Controller nodes must be running Windows Server 2016 Datacenter edition.
QUESTION 139
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10.
You plan to deploy a Remote Desktop connection solution for the client computers.
You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.
You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.
Solution: You deploy the Remote Desktop connection solution by using Server3.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Yes, since all client computers run Windows 10, and Server2 is Windows Server 2016 which fulfills thefollowing requirements of using Remote Credential Guard.https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard
Remote Credential Guard requirementsTo use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meetthe following requirements:The Remote Desktop client device:Must be running at least Windows 10, version 1703 to be able to supply credentials.Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-incredentials. This requires the user’s account be able tosign in to both the client device and the remote host.Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal WindowsPlatform application doesn’t support WindowsDefender Remote Credential Guard.Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domaincontroller, then RDP attempts to fall back to NTLM.Windows Defender Remote Credential Guard does not allow NTLM fallback because this would exposecredentials to risk.The Remote Desktop remote host:Must be running at least Windows 10, version 1607 or Windows Server 2016.Must allow Restricted Admin connections.Must allow the client’s domain user to access Remote Desktop connections. Must allow delegation of non-exportable credentials.
QUESTION 140
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com.
All servers run Windows Server 2016. The forest contains 2,000 client computers that run Windows 10.
All client computers are deployed from a customized Windows image.
You need to deploy 10 Privileged Access Workstations (PAWs).
The solution must ensure that administrators can access several client applications used by all users.
Solution: You deploy one physical computer and configure it as a Hyper-V host that runs Windows Server 2016.
You create 10 virtual machines and configure each one as a PAW.
Does this meet the goal?
A. Yes
B. No
Answer: A
QUESTION 141
The network contains an Active Directory domain named contoso.com.
The domain contains the servers configured as shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to prepare the environment to support applying Update1 to the laptops only.
What should you do? Choose Two.
A. Tool to use: Active Directory Administrative Center
B. Tool to use: Active Directory Users and Computers
C. Tool to use: Microsoft Intune
D. Tool to use: Update Services
E. Type of object to create: A computer group
F. Type of object to create: A distribution group
G. Type of object to create: A mobile device group
H. Type of object to create: A security group
I. Type of object to create: An OU
Answer: DE
Explanation:
https://technet.microsoft.com/en-us/library/cc708458(v=ws.10).aspx
QUESTION 142
You have a Hyper-V host named Hyperv1 that has a virtual machine named FS1.
FS1 is a file server that contains sensitive data.
You need to secure FS1 to meet the following requirements:
– Prevent console access to FS1.
– Prevent data from being extracted from the VHDX file of FS1.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Enable BitLocker Drive Encryption (BitLocker) for all the volumes on FS1
B. Disable the virtualization extensions for FS1
C. Disable all the Hyper-V integration services for FS1
D. On Hyperv1, enable BitLocker Drive Encryption (BitLocker) for the drive that contains the VHDX file for FS1.
E. Enable shielding for FS1
Answer: AE
QUESTION 143
Your network contains an Active Directory domain named contoso.com.
The domain contains 1,000 client computers that run either Windows 8.1 or Windows 10.
You have a Windows Server Update Services (WSUS) deployment.
All client computers receive updates from WSUS.
You deploy a new WSUS server named WSUS2.
You need to configure all of the client computers that run Windows 10 to send WSUS reporting data to WSUS2.
What should you configure?
A. an approval rule
B. a computer group
C. a Group Policy object (GPO)
D. a synchronization rule
Answer: C
Explanation:
https://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx
Under “Set the intranet update service for detecting updates”, type http://wsus:8530Under “Set the intranet statistics server”, type http://wsus2:8531
!!!RECOMMEND!!!
1.|2018 Latest 70-743 Exam Dumps (PDF & VCE) 160Q Download:
https://www.braindump2go.com/70-744.html
2.|2018 Latest 70-743 Study Guide Video:
[May-2018-New]70-744 VCE and 70-744 PDF Free Download in Braindump2go[122-132] [May-2018-New]Full Version 70-761 Dumps (VCE and PDF) 135Q for Free Download[63-73]
Comments are currently closed.