Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet.
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com.The domain contains 1,000 client computers that run either Windows 8.1 or Windows 10.
You have a Windows Server Update Services (WSUS) deployment All client computers receive updates from
WSUS.
You deploy a new WSUS server named WSUS2.
You need to configure all of the client computers that run Windows 10 to send WSUS reporting data to
WSUS2.
What should you configure?

Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016.
You need to prevent direct .NET scripts invoked by interactive Windows PowerShell sessions from running on
the servers.
What should you do for each server?

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Servers that has the Windows Server Update Services server role
installed.You need to configure Windows Server Update Services (WSUS) on Servers to use SSL.
You install a certificate in the local Computer store. Which two tools should you use? Each correct answer
presents part of the solution.

Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Serverl that has
Microsoft Security Compliance Manager (SCM) 4.0 installed. The domain contains domain controllers that run
Windows Server 2016.
A Group Policy object (GPO) named GPO1 is applied to all of the domain controllers.
GPO1 has a Globally Unique Identifier (GUID) of 7ABCDEFG-1234-5678-90AB-005056123456.
You need to create a new baseline that contains the settings from GPO1. What should you do first?

You have a server named Server1 that runs Windows Server 2016.
You need to identify the default action for the inbound traffic when Server1 connects to the domain.
Which cmdlet should you use?

You have a server named Server1 that runs Windows Server 2016.
You need to identify whether any inbound rules on Server1 require that users be authenticated before they can
connect to the server.
Which cmdlet should you use?

Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.

You have a Hyper-V host named Server1 that runs Windows Server 2016. A new security policy states that all
the virtual machines must be encrypted.
Server1 hosts the virtual machines configured as shown in the following table.

An administrator runs the following commands.
Get -VM | Stop-VM
Get -VM | Update-VMVersion
Get -VM | Start-VM
Which of the following statements are true? Choose Three.

Your network contains an Active Directory domain named contoso.com. All servers in the domain run Windows
Server 2016.All client computers run Windows 10.
Your company has deployed the Local Administrator Password Solution (LAPS).
Client computers in the finance department are located in an organizational unit (OU) named Finance.
Each finance computer has a custom administrative account named FinAdmin.
You discover that the FinAdmin accounts are not managed by LAPS.
You need to ensure that the FinAdmin accounts are managed by LAPS. What should you do?