Securing Windows Server 2016 v1.0

Page:    1 / 14   
Exam contains 208 questions

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016 and a
Nano Server named Nano1.
Nano1 has two volumes named C and D.
You are signed in to Server1.
You need to configure Data Deduplication on Nano1.
Which tool should you use?

  • A. File Explorer
  • B. Shared Folders
  • C. Server Manager
  • D. Disk Management
  • E. Storage Explorer
  • F. Computer Management
  • G. System Configuration
  • H. File Server Resource Manager (FSRM)


Answer : C

Explanation:
References:
https://technet.microsoft.com/en-us/library/hh831434(v=ws.11).aspx

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2016.
You need to create Work Folders on Server1.
Which tool should you use?

  • A. File Explorer
  • B. Shared Folders
  • C. Server Manager
  • D. Disk Management
  • E. Storage Explorer
  • F. Computer Management
  • G. System Configuration
  • H. File Server Resource Manager (FSRM)


Answer : C

Explanation:
References:
https://blogs.technet.microsoft.com/canitpro/2015/01/19/step-by-step-creating-a-work-folders-test-lab-deployment-in-windows-server-2012-r2/ https://technet.microsoft.com/en-us/library/dn265974(v=ws.11).aspx

Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
Server1 has a volume named Volume1.
Dynamic Access Control is configured. A resource property named Property1 was created in the domain.
You need to ensure that Property1 is set to a value of Big for all of the files in Volume1 that are larger than 10 MB.
Which tool should you use?

  • A. File Explorer
  • B. Shared Folders
  • C. Server Manager
  • D. Disk Management
  • E. Storage Explorer
  • F. Computer Management
  • G. System Configuration
  • H. File Server Resource Manager (FSRM)


Answer : H

Explanation:
References:
https://technet.microsoft.com/en-us/library/cc732431(v=ws.11).aspx

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You need to execute D:\Folder1 on Nano1 from being scanned by Windows Defender.
Which cmdlet should you run?

  • A. Set-StorageSetting
  • B. Set-FsrmFileScreenException
  • C. Set-MpPreference
  • D. Set-DtcAdvancedSetting


Answer : C

Explanation:
References:
http://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

HOTSPOT -
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You need to ensure that you can implement the Local Administrator Password Solution (LAPS) for the finance department computers.
What should you do in the contoso.com forest? To answer, select the appropriate options in the answer area.
Hot Area:



Answer :

References:
https://learn-powershell.net/2016/10/08/setting-up-local-administrator-password-solution-laps/

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You need to ensure that the marketing department computers validate DNS responses from adatum.com.
Which setting should you configure in the Computer Configuration node of GP1?

  • A. TCPIP Settings from Administrative Templates
  • B. Connection Security Rule from Windows Settings
  • C. DNS Client from Administrative Templates
  • D. Name Resolution Policy from Windows Settings


Answer : D

Explanation:
References:
https://technet.microsoft.com/en-us/library/ee649182(v=ws.10).aspx

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You need to ensure that you can deploy a shielded virtual machine to Server4.
Which server role should you deploy?

  • A. Hyper-V
  • B. Device Health Attestation
  • C. Network Controller
  • D. Host Guardian Service


Answer : D

Explanation:
References:
https://blogs.technet.microsoft.com/datacentersecurity/2016/03/16/windows-server-2016-and-host-guardian-service-for-shielded-vms/

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You need to disable SMB 1.0 on Server2.
What should you do?

  • A. From File Server Resource Manager, create a classification rule.
  • B. From the properties of each network adapter on Server2, modify the bindings.
  • C. From Windows PowerShell, run the Set-SmbClientConfiguration cmdlet.
  • D. From Server Manager, remove a Windows feature.


Answer : D

Explanation:
References:
https://support.microsoft.com/en-za/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,- windows-server-2008-r2,-windows-8,-and-windows-server-2012

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.


All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
You plan to implement BitLocker Drive Encryption (BitLocker) on the operating system volumes of the application servers.
You need to ensure that the BitLocker recovery keys are stored in Active Directory.
Which Group Policy setting should you configure?

  • A. System cryptography: Force strong key protection for user keys stored on the computer
  • B. Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
  • C. System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
  • D. Choose how BitLocker-protected operating system drives can be recovered.


Answer : B

Explanation:
References:
https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx#BKMK_rec3

Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account.
Which information must you use to configure the Honeytoken account?

  • A. The SAM account name of User1
  • B. The Globally Unique Identifier (GUID) of User1
  • C. the SID of User1
  • D. the UPN of User1


Answer : C

Your network contains an Active Directory domain named contoso.com.
You create a Microsoft Operations Management Suite (OMS) workspace.
You need to connect several computers directly to the workspace.
Which two pieces of information do you require? Each correct answer presents part of the solution.

  • A. the ID of the workspace
  • B. the name of the workspace
  • C. the URL of the workspace
  • D. the key of the workspace


Answer : AD

Explanation:
References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.
Server1 is configured as shown in the following table.


You plan to create a pilot deployment of Microsoft Advanced Threat Analytics (ATA).
You need to install the ATA Center on Server1.
What should you do first?

  • A. Install Microsoft Security Compliance Manager (SCM).
  • B. Obtain an SSL certificate.
  • C. Assign an additional IPv4 address.
  • D. Remove Server1 from the domain.


Answer : C

Explanation:
References:
https://docs.microsoft.com/en-us/advanced-threat-analytics/deploy-use/install-ata-step1

Your network contains an Active Directory domain named contoso.com. The domain contains five file servers that run Windows Server 2016.
You have an organizational unit (OU) named Finance that contains all of the servers.
You create a Group Policy object (GPO) and link the GPO to the Finance OU.
You need to ensure that when a user in the finance department deletes a file from a file server, the event is logged. The solution must log only users who have a manager attribute of Ben Smith.
Which audit policy setting should you configure in the GPO?

  • A. File system in Global Object Access Auditing
  • B. Audit Detailed File Share
  • C. Audit Other Account Logon Events
  • D. Audit File System in Object Access


Answer : D

Explanation:
References:
https://technet.microsoft.com/en-us/library/cc976403.aspx

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Server1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to the Administration OU.
You need to log an event each time an Active Directory cmdlet is executed successfully from Server1.
What should you do?

  • A. From Advanced Audit Policy in GPO1, configure auditing for directory service changes.
  • B. Run the(Get-Module ActiveDirectory).LogPipelineExecutionDetails = $falsecommand.
  • C. Run the(Get-Module ActiveDirectory).LogPipelineExecutionDetails = $truecommand.
  • D. From Advanced Audit Policy in GPO1, configure for other privilege use events.
  • E. From Administrative Templates in GPO1, configure an Event Logging policy.


Answer : C

Explanation:
References:
https://www.petri.com/enable-powershell-logging

HOTSPOT -
Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named OU1 that contains Server1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit. (Click the Exhibit button.)


User1 has permissions to two files on Server1 configured as shown in the following table.

From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit. (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:



Answer :

References:
http://sourcedaddy.com/windows-7/auditing-file-and-folder-access.html

Page:    1 / 14   
Exam contains 208 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.