You plan to enable Credential Guard on four servers. Credential Guard secrets will be bound to the TPM.
The servers run Windows Server 2016 and are configured as shown in the following table.

You need to identify which server you must modify to support the planned implementation.
Which server should you identify?

• A.Server1
• B.Server2
• C.Server3
• D.Server4

Comment: *

Name: *

Email: *

Verification: *

Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.
You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.
What should you include in the recommendation?

• A.Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.
• B.Provide a Privileged Access Workstation (PAW) for each user account in both forests.
  Join each PAW to the contoso.com domain.
• C.Provide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest
  Join each PAW to the contoso.com domain.
• D.Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.

Comment: *

Name: *

Email: *

Verification: *

You have two servers named Setver1 and Server2 that run Windows Server 2016 and are in a workgroup.
Server1 is used as a reference computer to configure the security baseline for the other computers in the workgroup.
You need to apply the Group Policy computer settings of Server1 to Server2.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation

References:
https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/

Comment: *

Name: *

Email: *

Verification: *

You have a server named Server1 that runs Windows Server 2016.
You need to identify the default action for the inbound traffic when Server1 connects to the domain. Which cmdlet should you use?

• A.Get-NetFirewallAddressFilter
• B.Get-NetFirewallPortFilter
• C.Get-NetFirewallProfile
• D.Get-NetIPSecRule
• E.Get-NetFirewallSetting
• F.Get-NetFirewallApplicationFilter
• G.Get-NetFirewallRule

Comment: *

Name: *

Email: *

Verification: *

Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that contains the computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.
You install Windows Defender on Nano1.
End of repeated scenario
You need to ensure that you can deploy a shielded virtual machine to Server4.
Which server role should you deploy?

• A.Hyper-V
• B.Device Health Attestation
• C.Network Controller
• D.Host Guardian Service

Comment: *

Name: *

Email: *

Verification: *