Certification Practice Test Sample Questions For Securing Windows Server 2016 (MS-20744)
QuickStart is now offering sample questions for Securing Windows Server 2016 (MS-20744). Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice test to better aid in certification. 100% of the questions are real test questions from a recent version of the Securing Windows Server 2016 (MS-20744) exam.
Windows Server 2019 Administration (WS-011T00)
Enroll now today and get 30% off using discount code PRACTICE30 at checkout.
Securing Windows Server 2016 (MS-20744) Sample Exam Questions
Your network has an Active Directory forest with the name of contoso.com and all the servers run
Windows Server – 2016. The forest comprise of 2000 client computers which run Windows 10. Every
client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged
Access Workstations). The solution should makes sure that administrators are able to access different
client applications that can be used by every user.
Solution: You must deploy 10 physical computers while configuring them as PAWs. Also, you must
deploy 10 extra computers while configuring them by using the tailored Windows image.Will this
achieve the goal?
Your network has an Active Directory forest with the name of contoso.com and all the servers run
Windows Server – 2016. The forest comprise of 2#W client computers which run Windows 10. Every
client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged
Access Workstations). The solution should make sure that administrators are able to access different
client applications that can be used by every user.
Solution: You must deploy 10 physical computers while configuring each as a virtualization host. Also,
you must deploy the operating system on every host with the help of customized Windows image. On
every host you make a guest virtual machine while configuring the virtual machine as a Privileged Access
Workstations.
Will this achieve the goal?
Your network has an Active Directory forest with the name of contoso.com and all the servers run
Windows Server – 2016. The forest comprise of 2000 client computers which run Windows 10. Every
client computer is deployed using a customized Windows image. You must deploy 10 PAWs (Privileged
Access Workstations). The solution should make sure that administrators are able to access different
client applications that can be used by every user.
Solution: You must deploy one physical computer and also configure it like Hyper-V host that would run
WindowsServer 2016. Also, you must create 10 virtual machines as well as configure all of them as a
PAW. Will this achieve the goal?
Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain
consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home
network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is
spaced internally. The Computer1 operates an application referred as App1 which listens to the port
8080.
You must prevent connections leading to App1 particularly when Computer1 is fully connected to a
home network. Solution: Using Group Policy Management, create the Applocker rule.
Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain
consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home
network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is
spaced internally. The Computer1 operates an application referred as App1 which listens to the port
8080.
You must prevent connections leading to App1 particularly when Computer1 is fully connected to a
home network. Solution: Using Group Policy Management, create the software restriction policy
Will this achieve the goal?
Your network comprise of an Active Directory domain with the name of contoso.com. Also the domain
consist of a computer referred as Computer1 which runs Windows10. A corporate network and a home
network connect to Computer1. The corporate network make use of 172.16.0.0/24 address that is
spaced internally. The Computer1 operates an application referred as App1 which listens to the port
8080.
You must prevent connections leading to App1 particularly when Computer1 is fully connected to a
home network.
Solution: Using the Control Panel’s Windows Firewall option, add an app and let it communicate via the
firewall based on a Private network.
Will this achieve the goal?
Your network comprise of an Active Directory domain with the name of contoso.com. This domain
comprise of multiple Hyper-V hosts. Now you must deploy various critical line-to-business apps to the
network so that the given requirements can be met.
*The resources of the apps need to be separated from the physical host.
*Each app needs to be prevented from accessing the resources of the other applications.
*The applications configurations should only be accessible from the operating system which hosts the
app.
Solution: You must deploy the separate Hyper-V container for every application. Will this achieve the
goal?
Your network comprise of an Active Directory domain with the name of contoso.com. This domain
comprise of multiple Hyper-V hosts. Now you must deploy various critical line-of-business apps to the
*The resources of the apps need to be separated from the physical host
*Each app needs to be prevented from accessing the resources of the other applications.
*The applications configurations should only be accessible from the operating system which hosts the
app.
*The applications configurations should only be accessible from the operating system which hosts the
Solution: You must deploy a Windows container to fully host all of the apps. Will this achieve the goal?
Your network comprise of an Active Directory domain that is named as contoso.com. This domain contains around 1000 client computers which run Windows 10. The security audit shows that the network experienced the Pass-the-Hash attack recently. This attack is initiated from some client’s computer and retrieved all Active Directory objects which are restricted to the Domain Admins group members. Thus, you must reduce the impact of some other effective Pass-the-Hash attack on that domain. What would you do?
- A. Instruct all of the users to simply sign in to some client computer through a Microsoft account.
-
Incorrect.
- D. When administrators sign in to some client computer, instruct them to sign in through a local Administrators account
-
Incorrect.
Your network consist of an Active Directory forest that has the name contoso.com. The functional level
of forest is Windows Server 2012. Also all the servers fully run Windows Server 2016. You need to make
a new bastion forest with the name of admin.contoso.com. The functional level of forest and of
admin.contoso.com is, however, Windows Server 2012 R2.
You must implement a PAM (Priviledged Access Management) solution. For this, which of the two
actions must be performed? Every correct answer represent part of the solution.
- C. Configure contoso.com into just trust admin.contoso.com
-
Incorrect.
- D. Deploy MIM (2016) to contoso.com
-
Correct!
- E. Raise the contoso.com forest functional leve
-
Correct!
- F. Configure admin.contoso.com into trust contoso.com
-
Incorrect.
- -->
Your network consist of an Active Directory domain that is named as contoso.com. This domain consist
of two main servers namely Server 1 and Server 2 which run Windows Server 2016. In fact, Server 1 is
fully configured like a domain controller. Also you configure the Server1 like a JEA (Just Enough
Administraton) endpoint. Moreover, you configure the JEA rights required for the user called User1. You
must tell User1 the way to manage Active Directory objects through Server2.
What you must ask User1 to perform first on Server2?
- A. Using a command prompt, simply run ntdsutil.exe
-
Incorrect.
- D. Install the proper management consoles with regards to Active Directory. Also launch Computer and Active Directory Users
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of 100 servers. You must deploy the LAPS (Local Administrator Password Solution) to the network. Also,
deploy one new server with the name of FinanceServer5 while joining FinanceServerS to that domain.
You now need to make sure that the local administrators of FinanceServer5 passwords are acesssible by
the LAPS administrators.
What needs to be done?
- A. Using FinanceServerS, register AdmPwd.dll.
-
Incorrect.
- D. Modify the permission in the domain, for the Domain Controllers organizational unit - OU
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of five servers. All of these servers run Windows Server 2016. As per the new security policy, you need
to modify the infrastructure to fully meet the given requirements:
*Bound the rights of administrators.
*Reduce the attack surface of the forest
*For administrators, support Multi-Factor authentication
You must recommend a proper solution that would meet the requirements of new security policy. What
would you recommend to deploy?
- A. an administrative forest
-
Correct!
- B. an administrative domain in contoso.com
-
Incorrect.
- C. domain isolation
-
Incorrect.
- D. the Local Administrator Password Solution (LAPS
-
Incorrect.
Your network consist of 2 single-domain Active Directory forests with the name of contosoadmin.com
and contoso.com. The Contosoadmin.com consist of all the user accounts which are used for server
management in contoso.com.
You must recommend a proper workstation solution that would provide the best possible protection
from attacks and vulnerabilities. What needs to be included in the recommendation?
- A. Provide a PAW (Privileged Access Workstation) for every user account present in both forests. Join each
-
Incorrect.
- F. Offer a (PAW) for every administrator. Join every PAW to the domain of contosoadmin.com
-
Incorrect.
- -->
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of a server known as Server1 which runs Windows Server 2016. The technician is testing the Credential
Guard deployment of Server1. You must verify if the Credential Guard is totally enabled on Server1.
What would you do?
Using the command prompt run the credwiz.exe command.
- B. Using the Server Manager, simply click Local Server, and then review the Server properties.
-
Correct!
Your network consist of an Active Directory domain with the name of contoso.com. You must install the
Update Services server role of Windows Server on the member server that is named as Server1. This
Server1 typically runs Windows Server 2016. You must make sure that the user with the name of Used
can carry out the following tasks:
*View the WSUS (Windows Server Upadate Services) configuration.
*Produce update reports of WSUS
The solution should utilize the least privilege principle, what needs to be done on Server1?
- A. Adjust the ReportWebService virtual folder permissions using the WSUS Administration website
-
Incorrect.
- B. Add User1 to the local group of WSUS Reporters
-
Correct!
- C. Add User1 to the local group of WSUS Administrators.
-
Incorrect.
- D. Run wsusutil.exe and identify the postinstall parameter
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of a server having the name Server5 that is installed with Windows Server Update Services server role.
You must configure WSUS (Windows Server Update Services) on Server5 to utilize SSI. Also, install the
certificate in a local Computer store.
Which tools must be used? Every correct answer represent the part of a solution.
- A. Wsusutil
-
Correct!
- B. Internet Information Services (IIS) Manager
-
Correct!
- C. Netsh.
-
Incorrect.
- D. Update Services
-
Incorrect.
- E. Server Manager
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of 1000 client computers which run Windows 8.1 along with 1000 computers which run Windows 10.
You must deploy a WSUS (Windows Server Update Services) server. So, you make a computer group for
every OU (organizational unit) that consist of client computers. Also, you configure every client
computers to fully receive WSUS updates. You find out that every client computer appear in the
computer group of Unassigned Computers in the Update Services console.
You must make sure that all client computers are automaticalaly added to the computer group that
would corresponds to the computer account location in Active Directory. What are the two actions that
you must perform?
Every correct answer reflect a part of the solution.
- C. Using the Active Directory Users and Computers, make a domain local distribution group for every WSUS computer group.
-
Incorrect.
- D. Using the Active Directory Users and Computers, adjust the flags attribute of every OU.
-
Incorrect.
Note: The question belongs to a series of questions that would use the similar or same answer choices.
One answer choice can be correct for multiple series questions. Every question is separate from the
other questions of the series. Details and information offered in the question apply only to a particular
question.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of a server having the name Server1 which runs Windows Server 2016. This Server1 also has a volume
with the name of Volume1. The central access policy with the name of Policy1 is deployed to that
domain. You must apply Volume1 to Policy1.
Which tool must you use?
- A. File Explorer
-
Correct!
- B. Server Manager
-
Incorrect.
- C. Shared Folders
-
Incorrect.
- D. Disk Management
-
Incorrect.
- E. Computer Management
-
Incorrect.
- F. Storage Explorer
-
Incorrect.
- G. Computer Management
-
Incorrect.
- H. System Configuration
-
Incorrect.
- I. File Server Resource Manager (FSRM)
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of a server that has the name of Server1 which runs Windows Server 2016. This Server1 also has one
shared folder that has the name Server1. You must encrypt all the Share1 contents.
Which tool you need to use?
- A. File Explorer
-
Correct!
- B. Server Manager
-
Incorrect.
- C. Shared Folders
-
Incorrect.
- D. Disk Management
-
Incorrect.
- E. Computer Management
-
Incorrect.
- F. Storage Explorer
-
Incorrect.
- G. Computer Management
-
Incorrect.
- H. System Configuration
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain consist
of a server with the name of Server1 which runs Windows Server 2016. This Server1 also has a shared
folder with the name of Server1. You must make sure that the access to Share1 utilizes SMB Encryption.
Which tool you need to use?
- A. File Explorer
-
Incorrect.
- B. Server Manager
-
Correct!
- C. Shared Folders
-
Incorrect.
- D. Disk Management
-
Incorrect.
- E. Computer Management
-
Incorrect.
- F. Storage Explorer
-
Incorrect.
- G. Computer Management
-
Incorrect.
- H. System Configuration
-
Incorrect.
Your network consist of an Active Directory domain with the name of contoso.com. This domain has a
server with the name of Server1 which runs Windows Server 2016 along with a Nano Server with the
name of Nano1. This Nano1 consist of two volumes with the name of C and D. Since you are acutally
signed in to Server1, you must configure Data Duplication on Nano1.
Which tool you need to use?
- A. File Explorer
-
Incorrect.
- B. Server Manager
-
Correct!
- C. Shared Folders
-
Incorrect.
- D. Disk Management
-
Incorrect.
- E. Computer Management
-
Incorrect.
- F. Storage Explorer
-
Incorrect.
- G. Computer Management
-
Incorrect.
- H. System Configuration
-
Incorrect.
Your network consist of an Active Directory domain that is named contoso.com. This domain consist of a
file server with the name of Server1 which runs Windows Server 2016. The Server1 has one volume with
the name of Volume1. Also Dynamic Access Control is fully configured. The resource property with the
name of Property1 was built in the domain. You must make sure that Property1 is properly set to a Big
value for every file in Volume1 which is larger than 10 MB.
Which tool you need to use?
- A. File Explorer
-
Incorrect.
- B. Server Manager
-
Incorrect.
- C. Shared Folders
-
Incorrect.
- D. Disk Management
-
Incorrect.
- E. Computer Management
-
Incorrect.
- F. Storage Explorer
-
Incorrect.
- G. Computer Management
-
Incorrect.
- H. File Server Resource Manager (FSRM)
-
Correct!
Tell Us About You:
- Home
- Practice Exam - Securing Windows Server 2016
Practice Exam - Securing Windows Server 2016
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information