Your network contains two Active Directory forests named corp.contoso.com and priv.contoso.com. Both forests have only a single domain. The priv.contoso.com domain contains a server named Server1 that runs Windows Server 2016.
You install Microsoft Identity Manager (MIM) 2016 on Server1.
You plan to deploy MIM-based Privileged Access Management (PAM) between the two forests.
You run New-PAMTrust in the priv.contoso.com domain.
You need to configure the trust relationship between the forests to support the PAM deployment.
Which three settings should you configure for the trust? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A.quarantine to no
• B.enablesidhistory to yes
• C.transitive to no
• D.enablepimtrust to yes
• E.foresttransitive to no

Comment: *

Name: *

Email: *

Verification: *

You have a guarded fabric that consists of the servers shown in the following table.

You need to ensure that you can start the shielded virtual machines on the Hyper-V hosts if the Hyper-V hosts cannot connect to the HGS.
What should you do?

• A.On Server1, run Set-HgsKeyProtectionConfiguration.
• B.On Server1, Server2, and Server3, configure admin-trusted attestation.
• C.On Server1, run Set-HgsKeyProtectionAttestationSignerCertificatePolicy.
• D.On Server4, and Server5, disable the heartbeat integration service on the shielded virtual machines.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10.
You plan to deploy a Remote Desktop connection solution for the client computers.
You have four available servers in the domain that can be configured as Remote Desktop servers. The servers are configured as shown in the following table.

You need to ensure that all Remote Desktop connections can be protected by using Remote Credential Guard.
Solution: You deploy the Remote Desktop connection solution by using Server3.
Does this meet the goal?

• A.Yes
• B.No

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com.
You deploy a server named Server1 that runs Windows Server 2016. Server1 is in a workgroup.
You need to collect the logs from Server1 by using Log Analytics in Microsoft Operations Management Suite (OMS).
What should you do first?

• A.Join Server1 to the domain.
• B.Create a Data Collector Set.
• C.Install Microsoft Monitoring Agent on Server1.
• D.Create an event subscription.

Correct Answer: C

Explanation
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agentsYou need to install and connect Microsoft Monitoring Agent for all of the computers that you

You can install the OMS MMA on stand-alone computers, servers, and virtual machines.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
A user named User1 is a member of the local Administrators group.
Server1 has the AppLocker rules configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:

Rule1 and Rule2 are configured as shown in the following table.

You verify that User1 is unable to run App2.exe on Server1.
Which changes will allow User1 to run D:\Folder1\Program.exe and D:\Folder2\App2.exe? To answer select the appropriate options in the answer area.

Correct Answer:

Explanation

References: https://technet.microsoft.com/en-us/library/ee449492(v=ws.11).aspx

Comment: *

Name: *

Email: *

Verification: *