Latest Microsoft 70-744 Exam Dumps | Microsoft 70-744 Practice Questions

Question No 1 

Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10. A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group. You need to minimize the impact of another successful Pass-the-Hash attack on the domain. What should you recommend?

A. Instruct all users to sign in to a client computer by using a Microsoft account.
B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.
D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

Answer: C 


Question No 2 

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2. You need to implement a Privileged Access Management (PAM) solution. Which two actions should you perform? Each correct answer presents part of the solution.

A. Raise the forest functional level of admm.contoso.com.
B. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
C. Configure contoso.com to trust admin.contoso.com.
D. Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
E. Raise the forest functional level of contoso.com.
F. Configure admin.contoso.com to trust contoso.com.

Answer: DE 


Question No 3 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a domain controller. You configure Server1 as a Just Enough Administration (JEA) endpoint You configure the required JEA rights for a user named User1. You need to tell User1 how to manage Active Directory objects from Server2. What should you tell User1 to do first on Server2?

A. From a command prompt, run ntdsutil.exe.
B. From Windows PowerShell, run the Import-Module cmdlet.
C. From Windows PowerShell run the Enter-PSSession cmdlet.
D. Install the management consoles for Active Directory, and then launch Active Directory Users and Computer.

Answer: C 


Question No 4 

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. You deploy the Local Administrator Password Solution (LAPS) to the network. You deploy a new server named FinanceServer5, and join FinanceServerS to the domain. You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS administrators. What should you do?

A. On FinanceServerS, register AdmPwd.dll.
B. On FmanceServerS, install the LAPS Windows PowerShell module.
C. In the domain, modify the permissions for the computer account of FmanceServer5.
D. In the domain, modify the permissions of the Domain Controllers organizational unit (OU).

Answer: A 


Question No 5 

Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com. You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks. What should you include in the recommendation?

A. Provide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to the contoso.com domain.
B. Provide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest Join each PAW to the contoso.com domain.
C. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.
D. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.

Answer: D 


Question No 6 

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Serve1, that runs Windows Server 2016. A technician is testing the deployment of Credential Guard on Server1. You need to verify whether Credential Guard is enabled on Server1. What should you do?

A. From a command prompt fun the credwiz.exe command.
B. From Task Manager, review the processes listed on the Details tab.
C. From Server Manager, click Local Server, and review the properties of Server!
D. From Windows PowerShell, run the Get-WsManCredSSP cmdlet.

Answer: B 


Question No 7 

Your network contains an Active Directory domain named contoso.com. The domain contains two DNS servers that run Windows Server 2016. The servers host two zones named contoso.com and admin.contoso.com. You sign both zones. You need to ensure that all client computers in the domain validate the zone records when they query the zone. What should you deploy?

A. a Microsoft Security Compliance Manager (SCM) policy
B. a zone transfer policy
C. a Name Resolution Policy Table (NRPT)
D. a connection security rule

Answer: C 


Question No 8 

Your network contains an Active Directory domain named contoso.com. You download Microsoft Security Compliance Toolkit 1.0 and all the security baselines. You need to deploy one of the security baselines to all the computers in an organizational unit (OU) named OU1. What should you do?

A. Run 1gpo.exe and specify the /g parameter. From Policy Analyzer, click Add.
B. From Group Policy Management, create and link a Group Policy object (GPO). Select the GPO and run the Import Settings Wizard.
C. From Group Policy Management, click Group Policy Objects, and then click Manage Backupsc
D. From Group Policy Management, create and link a Group Policy object (GPO). Run 1gpo.exe and specify the /g parameter.

Answer: B 


Question No 9 

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. The domain has Dynamic Access Control enabled. Server1 contains a folder named C:\Folder1. Folder1 is shared as Share1. You need to audit all access to the contents of Folder1 from Server2. The solution must minimize the number of event log entries. Which two audit policies should you enable on Server1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Global Object Access- File System
B. Object Access . Audit Detailed File Share
C. Object Access . Audit Other Object Access Events
D. Object Access . Audit File System
E. Object Access . Audit File Share

Answer: BE