HOTSPOT
You have a Hyper-V host named Server1 that runs Windows Server 2016. A new security policy states that all the virtual machines must be encrypted.
Server1 hosts the virtual machines configured as shown in the following table.

An administrator runs the following commands.
Get -VM | Stop-VM
Get -VM | Update-VMVersion
Get -VM | Start-VM
For each of the following statements, Select Yes, if the statement is true. Otherwise Select
No.

Correct Answer:

Explanation:
You can configure VM1 as an encryption-supported virtual machine: Yes
You can configure VM2 as an encryption-supported virtual machine: Yes
You can configure VM3 as an encryption-supported virtual machine: Yes
After the "Update-VMVersion" is executed against all three virtual machines, they become:-
VM1 Generation 2 Version 8VM2 Generation 1 Version 8VM3 Generation 2 Version 8Pay attention to VM2, and the question has not mention to use TPM protector. You can configure this VM asEncryption Supported by using a Key Storage Driveadded to the virtual machine setting.

Within the guest, there is no Virtual TPM

Then , start Encrypt the C system drive with the guest 2012R2 bitlocker feature

After the encryption is completed:-

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2016.
The Microsoft Advanced Threat Analytics (ATA) Center service is installed on Server1.
The domain contains the users shown in the following table.

You are installing ATA Gateway on Server2.
You need to specify a Gateway Registration account. Which account should you use?

• A.User1
• B.User2
• C.User3
• D.User4
• E.User5
• F.User6
• G.User7
• H.User8

Correct Answer: F

https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-role-groups


The user who installed ATA will be able to access the management portal (ATA Center) as members of the"Microsoft Advanced Threat Analytics Administrators"local group on the ATA Center server.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
The services on Server1 are shown in the following output.

Server1 has the AppLocker rules configured as shown in the exhibit (Click the Exhibit button.)

Rule1 and Rule2 are configured a$ shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:

Explanation
On Server1, User1 can run D:\\Folder2\\App1.exe : Yes
On Server1, User1 can run D:\\Folder1\\Program1.exe : Yes
If Program1 is copied from D:\\Folder1 to D:\\Folder2, User1 can run Program1.exe on Server1 : NO
https://docs.microsoft.com/en-us/windows/device-security/applocker/configure-the-application-identity-service The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced.In this question, Server1's Application Identity service is stopped, therefore, no more enforcement onAppLocker rules, everyone could run everything on Server1.

Comment: *

Name: *

Email: *

Verification: *

Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2. Server1 and Server2 run Windows Server 2016.
Contoso.com trusts adatum.com.
You plan to deploy shielded virtual machines to Server1.
Which component should you install and which cmdlet should you run on Server1? To answer, select the appropriate options in the answer area.

Correct Answer:

Explanation:
Key for this question is Admin-trusted attestation or (AD mode) for guarded fabric "Server1.contoso.com", while Server2.adatum.com is running the Host Guardian Service.

https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricguarded-host-prerequisites https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabricconfirm-hosts-can-attest-successfully

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com.
You download Microsoft Security Compliance Toolkit 1.0 and all the security baselines.
You need to deploy one of the security baselines to all the computers in an organizational unit (OU) named OU1.
What should you do?

• A.Run 1gpo.exe and specify the /g parameter. From Policy Analyzer, click Add.
• B.From Group Policy Management, create and link a Group Policy object (GPO). Select the GPO and run the Import Settings Wizard.
• C.From Group Policy Management, click Group Policy Objects, and then click Manage Backups...
• D.From Group Policy Management, create and link a Group Policy object (GPO). Run 1gpo.exe and specify the /g parameter.

Comment: *

Name: *

Email: *

Verification: *