Your network has an Active Directory forest with the name of contoso.com and all the servers run Windows Server – 2016. The forest comprise of 2000 client computers which run Windows 10. Every client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged Access Workstations). The solution should makes sure that administrators are able to access different client applications that can be used by every user.

Solution: You must deploy 10 physical computers while configuring them as PAWs. Also, you must deploy 10 extra computers while configuring them by using the tailored Windows image.Will this achieve the goal?

Your network has an Active Directory forest with the name of contoso.com and all the servers run Windows Server – 2016. The forest comprise of 2#W client computers which run Windows 10. Every client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged Access Workstations). The solution should make sure that administrators are able to access different client applications that can be used by every user.

Solution: You must deploy 10 physical computers while configuring each as a virtualization host. Also, you must deploy the operating system on every host with the help of customized Windows image. On every host you make a guest virtual machine while configuring the virtual machine as a Privileged Access Workstations.

Will this achieve the goal?

Your network has an Active Directory forest with the name of contoso.com and all the servers run Windows Server – 2016. The forest comprise of 2000 client computers which run Windows 10. Every client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged Access Workstations). The solution should make sure that administrators are able to access different client applications that can be used by every user.

Solution: You must deploy one physical computer and also configure it like Hyper-V host that would run WindowsServer 2016. Also, you must create 10 virtual machines as well as configure all of them as a PAW. Will this achieve the goal?

Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is spaced internally. The Computer1 operates an application referred as App1 which listens to the port 8080.

You must prevent connections leading to App1 particularly when Computer1 is fully connected to a home network. Solution: Using Group Policy Management, create the Applocker rule.

Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is spaced internally. The Computer1 operates an application referred as App1 which listens to the port 8080.

You must prevent connections leading to App1 particularly when Computer1 is fully connected to a home network. Solution: Using Group Policy Management, create the software restriction policy

Will this achieve the goal?

Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is spaced internally. The Computer1 operates an application referred as App1 which listens to the port 8080.

You must prevent connections leading to App1 particularly when Computer1 is fully connected to a home network.

Solution: Using the Control Panel’s Windows Firewall option, add an app and let it communicate via the firewall based on a Private network.

Will this achieve the goal?

Your network comprise of an Active Directory domain with the name of contoso.com. This domain comprise of multiple Hyper-V hosts. Now you must deploy various critical line-to-business apps to the network so that the given requirements can be met.

*The resources of the apps need to be separated from the physical host.

*Each app needs to be prevented from accessing the resources of the other applications.

*The applications configurations should only be accessible from the operating system which hosts the app.

Solution: You must deploy the separate Hyper-V container for every application. Will this achieve the goal?

Your network comprise of an Active Directory domain with the name of contoso.com. This domain comprise of multiple Hyper-V hosts. Now you must deploy various critical line-of-business apps to the *The resources of the apps need to be separated from the physical host

*Each app needs to be prevented from accessing the resources of the other applications.

*The applications configurations should only be accessible from the operating system which hosts the app.

*The applications configurations should only be accessible from the operating system which hosts the Solution: You must deploy a Windows container to fully host all of the apps. Will this achieve the goal?

Your network comprise of an Active Directory domain that is named as contoso.com. This domain contains around 1000 client computers which run Windows 10. The security audit shows that the network experienced the Pass-the-Hash attack recently. This attack is initiated from some client’s computer and retrieved all Active Directory objects which are restricted to the Domain Admins group members. Thus, you must reduce the impact of some other effective Pass-the-Hash attack on that domain. What would you do?

Your network consist of an Active Directory forest that has the name contoso.com. The functional level of forest is Windows Server 2012. Also all the servers fully run Windows Server 2016. You need to make a new bastion forest with the name of admin.contoso.com. The functional level of forest and of admin.contoso.com is, however, Windows Server 2012 R2.

You must implement a PAM (Priviledged Access Management) solution. For this, which of the two actions must be performed? Every correct answer represent part of the solution.

Your network consist of an Active Directory domain that is named as contoso.com. This domain consist of two main servers namely Server 1 and Server 2 which run Windows Server 2016. In fact, Server 1 is fully configured like a domain controller. Also you configure the Server1 like a JEA (Just Enough Administraton) endpoint. Moreover, you configure the JEA rights required for the user called User1. You must tell User1 the way to manage Active Directory objects through Server2.

What you must ask User1 to perform first on Server2?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of 100 servers. You must deploy the LAPS (Local Administrator Password Solution) to the network. Also, deploy one new server with the name of FinanceServer5 while joining FinanceServerS to that domain. You now need to make sure that the local administrators of FinanceServer5 passwords are acesssible by the LAPS administrators.

What needs to be done?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of five servers. All of these servers run Windows Server 2016. As per the new security policy, you need to modify the infrastructure to fully meet the given requirements:

*Bound the rights of administrators.

*Reduce the attack surface of the forest

*For administrators, support Multi-Factor authentication

You must recommend a proper solution that would meet the requirements of new security policy. What would you recommend to deploy?

Your network consist of 2 single-domain Active Directory forests with the name of contosoadmin.com and contoso.com. The Contosoadmin.com consist of all the user accounts which are used for server management in contoso.com.

You must recommend a proper workstation solution that would provide the best possible protection from attacks and vulnerabilities. What needs to be included in the recommendation?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of a server known as Server1 which runs Windows Server 2016. The technician is testing the Credential Guard deployment of Server1. You must verify if the Credential Guard is totally enabled on Server1. What would you do?



Using the command prompt run the credwiz.exe command.

Your network consist of an Active Directory domain with the name of contoso.com. You must install the Update Services server role of Windows Server on the member server that is named as Server1. This Server1 typically runs Windows Server 2016. You must make sure that the user with the name of Used can carry out the following tasks:

*View the WSUS (Windows Server Upadate Services) configuration.

*Produce update reports of WSUS

The solution should utilize the least privilege principle, what needs to be done on Server1?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of a server having the name Server5 that is installed with Windows Server Update Services server role. You must configure WSUS (Windows Server Update Services) on Server5 to utilize SSI. Also, install the certificate in a local Computer store.

Which tools must be used? Every correct answer represent the part of a solution.

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of 1000 client computers which run Windows 8.1 along with 1000 computers which run Windows 10. You must deploy a WSUS (Windows Server Update Services) server. So, you make a computer group for every OU (organizational unit) that consist of client computers. Also, you configure every client computers to fully receive WSUS updates. You find out that every client computer appear in the computer group of Unassigned Computers in the Update Services console.

You must make sure that all client computers are automaticalaly added to the computer group that would corresponds to the computer account location in Active Directory. What are the two actions that you must perform?

Every correct answer reflect a part of the solution.

Note: The question belongs to a series of questions that would use the similar or same answer choices. One answer choice can be correct for multiple series questions. Every question is separate from the other questions of the series. Details and information offered in the question apply only to a particular question.

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of a server having the name Server1 which runs Windows Server 2016. This Server1 also has a volume with the name of Volume1. The central access policy with the name of Policy1 is deployed to that domain. You must apply Volume1 to Policy1.

Which tool must you use?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of a server that has the name of Server1 which runs Windows Server 2016. This Server1 also has one shared folder that has the name Server1. You must encrypt all the Share1 contents.

Which tool you need to use?

Your network consist of an Active Directory domain with the name of contoso.com. This domain consist of a server with the name of Server1 which runs Windows Server 2016. This Server1 also has a shared folder with the name of Server1. You must make sure that the access to Share1 utilizes SMB Encryption.

Which tool you need to use?

Your network consist of an Active Directory domain with the name of contoso.com. This domain has a server with the name of Server1 which runs Windows Server 2016 along with a Nano Server with the name of Nano1. This Nano1 consist of two volumes with the name of C and D. Since you are acutally signed in to Server1, you must configure Data Duplication on Nano1.

Which tool you need to use?

Your network consist of an Active Directory domain that is named contoso.com. This domain consist of a file server with the name of Server1 which runs Windows Server 2016. The Server1 has one volume with the name of Volume1. Also Dynamic Access Control is fully configured. The resource property with the name of Property1 was built in the domain. You must make sure that Property1 is properly set to a Big value for every file in Volume1 which is larger than 10 MB.

Which tool you need to use?