Your network contains an Active Directory domain The domain contains the computers shown in the following table.

server 1 is a file server that has two shared folders named Share1 and Share2. Share1 has encryption enabled. Share2 has encryption disabled. Domain users have read access to both shares.
From PowerShell, you run set-smbServerConfiguration -EncryptData $true -Force.
For each of the following statements select Yes if the statement is true. Otherwise, Select No.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2016.
You need to install Microsoft Advanced Threat Analytics (ATA) on Server1 and Server2.
Which four actions should you perform in sequence?

Correct Answer:

Explanation

Correct Order of Actions:-1. Install ATA Center (on Server1 for example)2. Install ATA Gateway (on Server2 for example, if Server2 has internet connectivity)3. Set the ATA Gateway configuration settings. (Register Server2 ATA Gateway to Server1's ATA Center)4. Install the ATA Lightweight Gateway.Since there are not switch-based port mirroring choice used to capture domain controller's inbound andoutbound traffic, installing ATA Lightweight Gateway on DCs to forward security related events to ATA Center is necessary.

Comment: *

Name: *

Email: *

Verification: *

You plan to deploy three encrypted virtual machines that use Secure Boot. The virtual machines will be configured as shown in the following table.

How should you protect each virtual machine? To answer, select the appropriate options in the answer area.

Correct Answer:

Explanation:
Shielded VM Prevents Virtual Machine connection and PowerShell Direct, it prevent the Hyper-V host to interact in any means with the Shielded VM.
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-andshielded-vms

Comment: *

Name: *

Email: *

Verification: *

You plan to implement a guarded fabric in TPM-trusted attestation mode. The fabric will contain a three-node Host Guardian Service (HGS) cluster and four guarded hosts.
All the hosts will have matching hardware and will run the same workload.
You need to add the hosts to the HGS cluster.
What is the minimum number of times you must run each cmdlet to implement the HGS cluster? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-tpm-

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.

• A.Raise the forest functional level of admm.contoso.com.
• B.Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
• C.Configure contoso.com to trust admin.contoso.com.
• D.Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
• E.Raise the forest functional level of contoso.com.
• F.Configure admin.contoso.com to trust contoso.com.

Correct Answer: D,E

Explanation
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/deploy-pam-with-windows-server-2016
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/windows-server-2016-functional-levels

For the bastion forest which deploys MIM, you should raise the Forest Functional Level to "Windows Server
2016

Comment: *

Name: *

Email: *

Verification: *