You need to manage FS1 and FS2 by using Just Enough Adm…
Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The
servers are configured as shown in the following table:
You need to manage FS1 and FS2 by using Just Enough Administration (JEA). What should you do first?
Which four actions should you perform in sequence?
Your network contains an Active Directory domain.
You install Security Compliance Manager (SCM) 4.0 on a server that runs Windows Server 2016.
You need to modify a baseline, and then make the baseline available as a domain policy.
Which four actions should you perform in sequence?
You need to retrieve the password of the Administrator …
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
The local administrator credentials of Server1 are managed by using the Local Administrator Password Solution
(LAPS).
You need to retrieve the password of the Administrator account on Server1.
What should you do?
You need to import the security policy into SCM
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1 that runs Windows Server 2016.
A domain-based Group Policy object (GPO) is used to configure the security policy of Server1.
You plan to use Security Compliance Manager (SCM) 4.0 to compare the security policy of Server1 to the
WS2012 DNS Server Security 1.0 baseline.
You need to import the security policy into SCM. What should you do first?
You need to ensure that all the servers in ProdOU only …
Your network contains an Active Directory domain.
The domain contains two organizational units (OUs) named ProdOU and TestOU.
All production servers are in ProdOU. All test servers are in TestOU. A server named Server1 is in TestOU.
You have a Windows Server Update Services (WSUS) server named WSUS1 that runs Windows Server 2016.
All servers receive updates from WSUS1.
WSUS is configured to approve updates for computers in the Test computer group automatically.
Manual approval is required for updates to the computers in the Production computer group.
You move Server1 to ProdOU, and you discover that updates continue to be approved and installed
automatically on Server1.
You need to ensure that all the servers in ProdOU only receive updates that are approved manually.
What should you do?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following
requirements:
-The resources of the applications must be isolated from the physical host
-Each application must be prevented from accessing the resources of the other applications.
-The configurations of the applications must be accessible only from the operating system that hosts the
application.
Solution: You deploy one Windows container to all of the applications. Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com.
The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following
requirements:
-The resources of the applications must be isolated from the physical host
-Each application must be prevented from accessing the resources of the other applications.
-The configurations of the applications must be accessible only from the operating system that hosts the
application.
Solution: You deploy a separate Windows container for each application. Does this meet the goal?
Does this meet the goal?
Your network contains an Active Directory domain named contoso.com.
The domain contains a computer named Computer1 that runs Windows 10.
Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally.
Computer1 runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network.
Solution: From Windows Firewall in the Control Panel, you add an application and allow the application to
communicate through the firewall on a Private network.
Does this meet the goal?
Which two actions should you perform?
Your network contains an Active Directory forest named contoso.com. The forest contains three domains.All domain controllers run Windows Server 2016.
You deploy a second Active Directory forest named admin.contoso.com.
The forest contains a domain member server named Server1. Server1 has Microsoft Identity Manager (MIM)
2016 deployed.
You need to implement Privileged Access Management (PAM) and to use admin.contoso.com as an
administrative forest.
Which two actions should you perform? Each correct answers presents part of the solution.
You need to prevent User1 from signing in to Computer1
Your network contains an Active Directory domain named contoso.com.
The domain contains two global groups named Group1 and Group2. A user named User1 is a member of
Group1
You have an organizational unit (OU) named OU1 that contains the computer accounts of computers that
contain sensitive data. A
Group Policy object (GPO) named GPO1 is linked to OU1. OU1 contains a computer account named
Computer1.
GPO1 has the User Rights Assignment configured as shown in the following table.
You need to prevent User1 from signing in to Computer1. What should you do?