Free Microsoft 070-744 Exam Dumps Questions & Answers

You have a server named Server1 that runs Windows Server 2016.
You need to identity whether any connection security rules are configured on Server1.
Which cmdlet should you use?

• A.  Get-NetFirewallProfile
• B.  Get-NetFirewallApplicationFilter
• C.  Get-NetIPSecRule
• D.  Get-NetFirewallSecurityFilter
• E.  Get-NetFirewallRule
• F.  Get-NetFirewallPortFilter
• G.  Get-NetFirewallAddressFilter
• H.  Get-NetFirewallSetting

Your network contains an Active Directory domain named contoso.com.
You plan to deploy an application named App1.exe.
You need to verify whether Control Flow Guard is enabled for App1.exe.
Which command should you run? To answer, select the appropriate options in the answer area.

Correct Answer:

Explanation

ttps://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspxControl Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memorycorruption vulnerabilities.
By placing tight restrictions on where an application can execute code from, it makes it much harder for exploitsto execute arbitrary code through vulnerabilitiessuch as buffer overflows.To verify if Control Flow Guard is enable for a certain application executable:-Run the dumpbin.exe tool (included in the Visual Studio
2015 installation) from the Visual Studio commandprompt with the /headers and /loadconfig options:
dumpbin.exe /headers /loadconfig test.exe.The output for a binary under CFG should show that the header values include "Guard", and that the loadconfig values include "CF Instrumented" and "FID tablepresent".1

Your data center contains 10 Hyper-V hosts that host 100 virtual machines.
You plan to secure access to the virtual machines by using the Datacenter Firewall service.
You have four servers available for the Datacenter Firewall service. The servers are configured as shown in the following table.

You need to install the required server roles for the planned deployment Which server role should you deploy? Choose Two.

• A.  Servers on which to deploy the server role: Server22 and Server23
• B.  Server role to deploy: Network Controller
• C.  Servers on which to deploy the server role: Server20 and Server21
• D.  Server role to deploy: Network Policy and Access Services
• E.  Server role to deploy: Multipoint Services

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.

• A.  Configure admin.contoso.com to trust contoso.com.
• B.  Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
• C.  Raise the forest functional level of contoso.com.
• D.  Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
• E.  Configure contoso.com to trust admin.contoso.com.
• F.  Raise the forest functional level of admm.contoso.com.

Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain.
You install the ATA Center on server named Server1 and the ATA Gateway on a server named Served.
You need to ensure that Server2 can collect NTLM authentication events.
What should you configure?

• A.  the domain controllers to forward Event ID 1000 to Server1
• B.  the domain controllers to forward Event ID 4776 to Server2
• C.  Server2 to forward Event ID 1026 to Server1
• D.  Server1 to forward Event ID 1000 to Server2