Your network contains an Active Directory domain named adatum.com.
The domain contains a file server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named OU1 that contains Server1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
A user named User1 is a member of group named Group1. The properties of User1 are shown in follow:

-User1 has permissions to two files on Server1 configured as shown in the following table.
File name Permission
File1.doc Allow Read
File2.doc Deny Modify
From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown
in the SACL figure:-

Which of the following statements are true? Choose Three.

You have a Hyper-V host named Server1 that runs Windows Server 2016.
Server1 hosts the virtual machines configured as shown in the following table.

All the virtual machines have two volumes named C and D.
You plan to implement BitLocker Drive Encryption (BitLocker) on the virtual machines.
Which virtual machines can have their volumes protected by using BitLocker? Choose Two.

You have 100 computers that run Windows 10 and are members of a workgroup.
You need to configure Windows Defender to meet the following requirements:
-Exclude a C:\\Sales\\Salesdb from malware scans.
-Configure a full scan to occur daily.
What should you run to meet each requirement?

You are implementing Privileged Access Management (PAM) for an Active Directory forest named
contoso.com.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in
adatum.com.
How should you configure the group? Choose Two.

Your network contains an Active Directory forest named contoso.com.
The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains
multiple Hyper-V hosts.
You plan to deploy guarded hosts.
You deploy a new server named Server22 to a workgroup.
You need to configure Server22 as a Host Guardian Service server.
What should you do before you initialize the Host Guardian Service on Server22?

You have the Windows Server 2016 operating system images as described in the answer choices.
Your company’s security policy states that you must minimize the attack surface when provisioning new
servers.
You need to deploy a Host Guardian Service cluster. Which image should you use for the deployment?

You have 10 Hyper-V hosts that run Windows Server 2016.
Each Hyper-V host has eight virtual machines that run a distributed web application named App1.
You plan to implement a Software Load Balancing (SLB) solution for client access to App1.
You deploy two new virtual machines named SLB1 and SLB2.
You need to install the required components on the Hyper-V hosts and the new servers for the planned
implementation.
Which components should you install? Choose Two.

Your network contains an Active Directory domain named contoso.com.
The domain contains two DNS servers that run Windows Server 2016.
The servers host two zones named contoso.com and admin.contoso.com.
You sign both zones.
You need to ensure that all client computers in the domain validate the zone records when they query the zone.
What should you deploy?

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From a Group Policy, you configure the Security Options.
Does this meet the goal?

Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2016.
You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the New-ADAuthenticationPolicy cmdlet.
Does this meet the goal?