70-744 Free Practice Test

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You need to allow network administrators to use Just Enough Administration (JEA) to change the
TCP/IP settings on Server1. The solution must use the principle of least privilege. How should you configure the session configuration file?

1. A. Set RunAsVirtualAccount to $false and set RunAsVirtualAccountGroups to Contoso\\Network Configuration Operators.
2. B. Set RunAsVirtualAccount to $true and set RunAsVirtualAccountGroups to Contoso\\Network Configuration Operators.
3. C. Set RunAsVirtualAccount to $false and set RunAsVirtualAccountGroups to Network Configuration Operators.
4. D. Set RunAsVirtualAccount to $true and set RunAsVirtualAccountGroups to Network Configuration Operators.

Correct Answer: D

References:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/newpssessionconfigurationfile? view=powershell-6

Your network contains an Active Directory domain named contoso.com.
The domain contains 10 computers that are in an organizational unit (OU) named OU1. You deploy the Local Administrator Password Solution (LAPS) client to the computers.
You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy
settings in GPO1.
You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.
Which two actions should you perform? Each correct answer presents part of the solution.

1. A. Restart the domain controller that hosts the PDC emulator role.
2. B. Update the Active Directory Schema.
3. C. Enable LDAP encryption on the domain controllers.
4. D. Restart the computers.
5. E. Modify the permissions on OU1.

Correct Answer: BE

Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.
You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.
What should you include in the recommendation?

1. A. Provide a Privileged Access Workstation (PAW) for each user account in both forest
2. B. Join each PAW to the contoso.com domain.
3. C. Provide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest Join each PAW to the contoso.com domain.
4. D. Provide a Pnvileged Access Workstation (PAW) for each administrato
5. E. Join each PAW to the contoso.com domain.
6. F. Provide a Pnvileged Access Workstation (PAW) for each administrato
7. G. Join each PAW to the contosoadmin.com domain.

Correct Answer: D
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securingprivilegedaccess- reference-material

Your network contains an Active Directory forest named corp.contoso.com.
You are implementing Privileged Access Management (PAM) by using a bastion forest named priv.contoso.com.
You need to create shadow groups in priv.contoso.com. Which cmdlet should you use?

1. A. New-RoleGroup
2. B. New-ADGroup
3. C. New-PamRole
4. D. New-PamGroup

Correct Answer: D
https://social.technet.microsoft.com/wiki/contents/articles/33363.mim-2016-privileged-accessmanagementpam- faq.aspx
https://docs.microsoft.com/en-us/powershell/identitymanager/mimpam/vlatest/new-pamgroup

Your network contains an Active Directory domain named contoso.com.
You download Microsoft Security Compliance Toolkit 1.0 and all the security baselines.
You need to deploy one of the security baselines to all the computers in an organizational unit (OU) named OU1.
What should you do?

1. A. Run 1gpo.exe and specify the /g paramete
2. B. From Policy Analyzer, click Add.
3. C. From Group Policy Management, create and link a Group Policy object (GPO). Select the GPO and run the Import Settings Wizard.
4. D. From Group Policy Management, click Group Policy Objects, and then click Manage Backups…
5. E. From Group Policy Management, create and link a Group Policy object (GPO). Run 1gpo.exe and specify the /g parameter.

Correct Answer: B

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distributecertificates- to-client-computers-by-using-group-policy