Configuring Windows Server Hybrid Advanced Services v1.0

Page:    1 / 19   
Exam contains 280 questions
Expand All

You have an on-premises server named Server1 that runs Windows Server 2022 Standard.

You have an Azure subscription that contains the virtual machines shown in the following table.



The subscription contains a Microsoft Sentinel instance named Sentinel1 in the Central US Azure region.

You need to implement the Windows Firewall connector.

Which servers can send Windows Firewall logs to Sentinel1?

  • A. VM1 only
  • B. VM2 only
  • C. VM1 and Server1 only
  • D. VM1, VM2, and VM3 only
  • E. VM1, VM2, and Server1 only
  • F. VM1, VM2, VM3, and Server1


Answer : E

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

The domain contains the servers shown in the following table.



Server1 has the connection security rule as shown in the Server exhibit. (Click the Server1 tab.)



Server2 has the connection security rule as shown in the Server2 exhibit. (Click the Server2 tab.)



Server1 has the inbound firewall rules as shown in the Server1 inbound rules exhibit. (Click the Server1 inbound rules tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No.



Answer :

You have an on-premises server named Server1 that runs Windows Server.

You have an Azure subscription.

You need to onboard Server1 to Microsoft Defender for Cloud.

What should you install on Server1?

  • A. the Azure File Sync agent
  • C. the Device Health Attestation role
  • D. the Microsoft Entra provisioning agent
    D. the Azure Connected Machine agent


Answer : D

You have a management group named MG1 that contains an Azure subscription named Sub1. Sub1 contains the resources shown in the following table.



You need to enable Microsoft Defender for Servers.

From the Azure portal, on which two resources can you enable Defender for Servers? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  • A. RG1
  • B. Workspace1
  • C. Sub1
  • D. MG1
  • E. VNet1
  • F. VM1


Answer : CF

HOTSPOT
-

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains an organizational unit (OU) named OU1 and a user named User1.

You plan to deploy a Hyper-V failover cluster named Cluster1.

You need to prestage the account for Cluster1 and ensure that User1 can deploy Cluster1. The solution must follow the principle of least privilege.

Which action should you perform, and which permissions should you grant to User1 for Cluster1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.



Answer :

HOTSPOT
-

You have an Active Directory Domain Services (AD DS) domain that contains 1,000 users.

The domain has the following password requirements:

• The minimum password length must be 12 characters.
• Passwords must expire in 90 days.
• Passwords must be complex.

You need to ensure that the members of a security team have passwords that meet the following requirements:

• The minimum password length must be 16 characters.
• Passwords must expire in 60 days.
• Passwords must be complex.

The solution must minimize the impact on users who are NOT members of the security team.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.



Answer :

You have 500 on-premises servers that run Windows Server.

You have an Azure subscription that contains a Log Analytics workspace named Workspace1.

You plan to use VM insights in Azure Monitor to monitor the on-premises servers.

You need to onboard the servers to Azure Arc by using the template script. The solution must meet the following requirements:

• Follow the principle of least privilege.
• Minimize administrative effort.

What should you do first?

  • A. Create a group managed service account (gMSA).
  • B. Generate a Log Analytics key.
  • C. Create a Microsoft Entra service principal.
  • D. Download the Log Analytics workspace ID.


Answer : C

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1 that hosts an app named App1. App1 uses Active Directory authentication.

You have a Microsoft Entra tenant that contains a user named User1.

You deploy Microsoft Entra Connect sync and configure password synchronization.

User1 fails to authenticate to App1.

You need to ensure that User1can authenticate to App1.

What should you do?

  • A. For Microsoft Entra Connect sync, enable the BlockCloudObjectTakeoverThroughHardMatch feature.
  • B. For Microsoft Entra Connect sync, enable password writeback.
  • C. From the AD DS domain, create a new user account named User1.
  • D. For Microsoft Entra Connect sync, disable soft match.


Answer : B

You have an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1 that runs Windows Server.

You need to prevent the registration of specific COM objects on Server1.

What should you use?

  • A. Windows Defender Application Control (WDAC)
  • B. exploit protection
  • C. Smart App Control


Answer : A

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains a user named User1.

You deploy a read-only domain controller (RODC) named RODC1.

You need to ensure that User1 is a local administrator on RODC1. The solution must use the principle of least privilege.

What should you use?

  • A. System Configuration
  • B. dsmgmt.exe
  • C. Computer Management
  • D. Active Directory Sites and Services


Answer : C

You have a server named Server1 that runs Windows Server.

You install a custom app named App1 that is accessed by using TCP port 52310.

Users report that they cannot access App1.

You confirm that App1 is running on Server1.

You need to ensure that the users can access App1. The solution must only provide access to App1 on Server1.

What should you do in Windows Defender Firewall with Advanced Security?

  • A. Create an isolation connection security rule.
  • B. Create an outbound rule.
  • C. Create an inbound rule.
  • D. For the current profile, allow all inbound connections.


Answer : C

HOTSPOT
-

You have an Azure subscription that contains an Azure key vault named Vault1.

You deploy Azure Disk Encryption.

You configure Vault1 to support Azure Disk Encryption.

You need to ensure that you can encrypt Azure Disk Encryption artifacts before they are written to Vault1. The solution must provide the highest level of encryption.

How should you complete the command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.



Answer :

HOTSPOT
-

You plan to deploy an Azure confidential virtual machine named VM1.

You need to ensure that you can implement confidential disk encryption for VM1.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.



Answer :

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains the servers shown in the following table.



For each server, Windows Defender Firewall is configured to allow only communication between servers on the same segment.

Server1 has the following connection security rule:

• Name: Rule1
• Rule type: isolation
• Requirement: Require authentication for inbound connections and request authentication for outbound connections
• Authentication method: Computer (Kerberos V5)
• Profile: Domain, Private, Public

Server2 does not have any connection security rules.

Server3 has the following connection security rule:

• Name: Rule3
• Rule type: Server-to-server
• Endpoints
o Computers in Endpoint 1: 192.168:5.0/24
o Computers in Endpoint 2: 192.168.1.0/24
• Requirement: Request authentication for inbound and outbound connections
• Authentication method: Computer (Kerberos V5)
• Profile: Domain, Private, Public

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.



Answer :

Your network contains an Active Directory Domain Services (AD DS) domain.

You need to configure a ticket-granting ticket (TGT) lifetime for specific user and computer accounts. The solution must meet the following requirements:

• Minimize the impact on the other user and computer accounts in the domain.
• Minimize administrative effort.

What should you configure?

  • A. a dynamic access control policy
  • B. a password policy
  • C. an authentication policy and an authentication policy silo
  • D. a fine-grained password policy


Answer : C

Page:    1 / 19   
Exam contains 280 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy