What should you recommend?
Your network contains an Active Directory domain named contoso.com. The domain contains 1,000
client computers that run Windows 10. A security audit reveals that the network recently
experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed
Active Directory objects restricted to the members of the Domain Admins group. You need to
minimize the impact of another successful Pass-the-Hash attack on the domain. What should you
recommend?
You need to disable SMB 1.0 on Server2
Note: This question is part of a series of questions that use the same scenario. For your
convenience, the scenario is repeated in each question. Each question presents a different
goal and answer choices, but the text of the scenario is exactly the same in each question
in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the
forest and the domain is Windows Server 2008 R2. The domain contains the servers configured as
shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10. You have an
organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named Finance that contains the computers in the finance department. You have
an OU named AppServers that contains application servers. A Group Policy object (GPO) named
GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install
Windows Defender on Nano1.
End of repeated scenario
You need to disable SMB 1.0 on Server2. What should you do?
What should you include in the recommendation?
Your network contains two single-domain Active Directory forests named contoso.com and
contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the
servers in contoso.com. You need to recommend a workstation solution that provides the highest
level of protection from vulnerabilities and attacks. What should you include in the recommendation?
Which information must you use to configure the Honeyto…
Your network contains an Active Directory domain named contoso.com. You are deploying
Microsoft Advanced Threat Analytics (ATA). You create a user named User1. You need to
configure the user account of User1 as a Honeytoken account. Which information must you use to
configure the Honeytoken account?
You need to manage FS1 and FS2 by using Just Enough Adm…
Your network contains an Active Directory domain named contoso.com. The domain contains four
servers. The servers are configured as shown in the following table.
You need to manage FS1 and FS2 by using Just Enough Administration (JEA). What should you
do before you can implement JEA?
Which server role should you deploy?
Note: This question is part of a series of questions that use the same scenario. For your
convenience, the scenario is repeated in each question. Each question presents a different
goal and answer choices, but the text of the scenario is exactly the same in each question
in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the
forest and the domain is Windows Server 2008 R2. The domain contains the servers configured as
shown in the following table.
All servers run Windows Server 2016. All client computers run Windows 10. You have an
organizational unit (OU) named Marketing that contains the computers in the marketing department.
You have an OU named Finance that contains the computers in the finance department. You have
an OU named AppServers that contains application servers. A Group Policy object (GPO) named
GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install
Windows Defender on Nano1.
End of repeated scenario
You need to ensure that you can deploy a shielded virtual machine to Server4. Which server role
should you deploy?
Which tool should you use?
Note: This question is part of a series of questions that use the same or similar answer
choices. An answer choice may be correct for more than one question in the series. Each
question is independent of the other questions in this series. Information and details
provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2016. Server1 has a shared folder named Share1.
You need to encrypt the contents of Share1. Which tool should you use?
Which two actions should you perform?
Your network contains an Active Directory forest named contoso.com. The forest functional level
is Windows Server 2012. All servers run Windows Server 2016. You create a new bastion forest
named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server
2012 R2. You need to implement a Privileged Access Management (PAM) solution. Which two
actions should you perform? Each correct answer presents part of the solution.
Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a
correct solution. After you answer a question in this section, you will NOT be able to return
to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. All servers run Windows
Server 2016. The forest contains 2,000 client computers that run Windows 10. All client computers
are deployed (rom a customized Windows image. You need to deploy 10 Pnvileged Access
Workstations (PAWs). The solution must ensure that administrators can access several client
applications used by all users.
Solution: You deploy 10 physical computers and configure each wie as a virtualization host. You
deploy the operating system on each host by using the customized Windows image. On each host
you create a guest virtual machine and configure the virtual machine as a PAW.
Does this meet the goal?
Which tool should you use?
Note: This question is part of a series of question that use the same or similar answer
choices. An answer choice may be correct for more than one question in the series. Each
question is independent of the other questions in this series. Information and details
provided in a question apply only to that question.
Your network contains an Active Directory domain named contoso.com. The domain contains a file
server named Server1 that runs Windows Server 2016. Server1 has a volume named Volume1.
Dynamic Access Control is configured. A resource property named Property1 was created in the
domain. You need to ensure that Property1 is set to a value of Big for all of the files in Volume1
that are larger than 10 MB. Which tool should you use?