NEW QUESTION 1
HOTSPOT
Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain. You install the ATA Gateway on a server named Server1.
To assist in detecting Pass-the-Hash attacks, you plan to configure ATA Gateway to collect events. You need to configure the query filter for event subscriptions on Server1.
How should you configure the query filter? To answer, select the appropriate options in the answer aree.

Answer:

Explanation: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757.These can either be read automatically by the ATA Lightweight Gateway or in case the ATA Lightweight
Gateway is not deployed,
it can be forwarded to the ATA Gateway in one of two ways, by configuring the ATA Gateway to listen for SIEM events or by configuring Windows Event Forwarding.

Event ID: 4776 NTLM authentication is being used against domain controller Event ID: 4732 A User is Added to Security-Enabled DOMAIN LOCAL Group, Event ID: 4733 A User is removed from Security-Enabled DOMAIN LOCAL Group Event ID: 4728 A User is Added or Removed from Security-Enabled Global Group Event ID: 4729 A User is Removed from Security-Enabled GLOBAL Group
Event ID: 4756 A User is Added or Removed From Security-Enabled Universal Group Event ID: 4757 A User is Removed From Security-Enabled Universal Group

NEW QUESTION 2
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2021.
A user named User1 is a member of the local Administrators group.
Server1 has the AppLocker rules configured as shown in the exhibit. (Click the Exhibit button.) Exhibit:

Rule1 and Rule2 are configured as shown in the following table.

You verify that User1 is unable to run App2.exe on Server1.
Which changes will allow User1 to run D:Folder1Program.exe and D:Folder2App2.exe? To answer select the appropriate options in the answer area.

Answer:

Explanation: References:
https://technet.microsoft.com/en-us/library/ee449492(v=ws.11).aspx

NEW QUESTION 3
Your network contains an Active Directory domain named contoso.com.
You download Microsoft Security Compliance Toolkit 1.0 and all the security baselines.
You need to deploy one of the security baselines to all the computers in an organizational unit (OU) named OU1.
What should you do?

• A. Run 1gpo.exe and specify the /g paramete
• B. From Policy Analyzer, click Add.
• C. From Group Policy Management, create and link a Group Policy object (GPO). Select the GPO and run the Import Settings Wizard.
• D. From Group Policy Management, click Group Policy Objects, and then click Manage Backups…
• E. From Group Policy Management, create and link a Group Policy object (GPO). Run 1gpo.exe and specify the /g parameter.

Answer: B

Explanation:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/distributecertificates- to-client-computers-by-using-group-policy

NEW QUESTION 4
Your network has an internal network and a perimeter network. Only the servers on the perimeter network can access the Internet. You create a Microsoft Operations Management Suite (OMS) instance in Microsoft Azure.
You deploy Microsoft Monitoring Agent to all the servers on both the networks. You discover that only the servers on the perimeter network report to OMS. You need to ensure that all the servers report to OMS.
What should you do?

• A. Install a Web Application Proxy on the perimeter network and install an OMS Gateway on the internal networ
• B. Publish the OMS Gateway from the Web Application Proxy.
• C. Install a Web Application Proxy and an OMS Gateway on the perimeter networ
• D. Publish the OMS Gateway from the Web Application Proxy.
• E. Configure the network firewalls to allow the internal servers to access the IP addresses of the Azure OMS instance by using TCP port 443.
• F. On the internal servers, run the Add-AzureRmUsageConnect cmdlet and specify the –AdminUri parameter.

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway

NEW QUESTION 5
Your network contains an Active Directory domain named contoso.com.
The domain contains 10 computers that are in an organizational unit (OU) named OU1. You deploy the Local Administrator Password Solution (LAPS) client to the computers.
You link a Group Policy object (GPO) named GPO1 to OU1, and you configure the LAPS password policy
settings in GPO1.
You need to ensure that the administrator passwords on the computers in OU1 are managed by using LAPS.
Which two actions should you perform? Each correct answer presents part of the solution.

• A. Restart the domain controller that hosts the PDC emulator role.
• B. Update the Active Directory Schema.
• C. Enable LDAP encryption on the domain controllers.
• D. Restart the computers.
• E. Modify the permissions on OU1.

Answer: BE

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server
2021.
The Microsoft Advanced Threat Analytics (ATA) Center service is installed on Server1. The domain contains the users shown in the following table.

You are installing ATA Gateway on Server2.
You need to specify a Gateway Registration account. Which account should you use?

• A. User1
• B. User2
• C. User3
• D. User4
• E. User5
• F. User6
• G. User7
• H. User8

Answer: F

Explanation: https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-role-groups

The user who installed ATA will be able to access the management portal (ATA Center) as members of the
“Microsoft Advanced Threat Analytics Administrators” local group on the ATA Center server.

NEW QUESTION 7
You have a server named Server1 that runs Windows Server 2021.
You need to identify the default action for the inbound traffic when Server1 connects to the domain. Which cmdlet should you use?

• A. Get-NetIPSecRule
• B. Get-NetFirewallRule
• C. Get-NetFirewallProfile
• D. Get-NetFirewallSetting
• E. Get-NetFirewallPortFilter
• F. Get-NetFirewallAddressFilter
• G. Get-NetFirewallApplicationFilter

Answer: C

NEW QUESTION 8
Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario b repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.
Start of repeated scenario
Your network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.
The domain contains the servers configured as shown m the following table.

All servers run Windows Server 2021. All client computers run Windows 10.
You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that contains the computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU. You install Windows Defender on Nano1.
End of repeated scenario
You need to disable SMB 1.0 on Server2. What should you do?

• A. From File Server Resource Manager, create a classification rule.
• B. From the properties of each network adapter on Server2. modify the bindings.
• C. From Windows PowerShell, run the Set -SmbClientConfiguration cmdlet.
• D. From Server Manager, remove a Windows feature.

Answer: D

Explanation: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-andsmbv3- inwindows-and-windows

NEW QUESTION 9
Note: This question is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1 connects to a home network and a corporate network.
The corporate network uses the 172.16.0.0/24 address space internally. Computer1 runs an application named App1 that listens to port 8080.
You need to prevent connections to App1 when Computer1 is connected to the home network. Solution: From Group Policy Management, You create an Applocker rule.

• A. Yes
• B. No

Answer: B

Explanation: AppLocker does not filter incoming network traffic, what you actually need is Windows Firewall Inbound Rule on the Private profile.
https://technet.microsoft.com/en-us/library/dd759068(v=ws.11).aspx

NEW QUESTION 10
Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2021.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.

• A. Raise the forest functional level of admm.contoso.com.
• B. Deploy Microsoft Identify Management (MIM) 2021 to admin.contoso.com.
• C. Configure contoso.com to trust admin.contoso.com.
• D. Deploy Microsoft Identity Management (MIM) 2021 to contoso.com.
• E. Raise the forest functional level of contoso.com.
• F. Configure admin.contoso.com to trust contoso.co

Answer: DE

Explanation: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/deploy-pam-with-windowsserver- 2021
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/windows-server-2021-functionallevels

For the bastion forest which deploys MIM, you should raise the Forest Functional Level to “Windows Server
2021?

NEW QUESTION 11
Note: The question is part of a series of questions th« present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2021. The forest contains 2,000 client computers that run Windows 10. All client computers are deployed from a customized Windows image.
You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by all users.
Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customized Windows image.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation: References:
https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privilegedaccess/privileged-access-workstations

NEW QUESTION 12
HOTSPOT
You plan to implement a guarded fabric in TPM-trusted attestation mode. The fabric will contain a three-node Host Guardian Service (HGS) cluster and four guarded hosts.
All the hosts will have matching hardware and will run the same workload. You need to add the hosts to the HGS cluster.
What is the minimum number of times you must run each cmdlet to implement the HGS cluster? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
References:
https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shieldedvm/ guarded-fabric-tpm-trusted-attestation-capturing-hardware

NEW QUESTION 13
Your network contains an internal network and a perimeter network. The internal network contains an Active Directory forest named contoso.com.
You deploy five servers to the perimeter network.
All of the servers run Windows Server 2021 and are the members of a workgroup.
You need to apply a security baseline named Perimeter.inf to the servers in the perimeter network. What should you use to apply Perimeter.inf?

• A. Local Computer Policy
• B. Security Configuration Wizard (SCW)
• C. Group Policy Management
• D. Server Manager

Answer: A

Explanation: https://docs.microsoft.com/en-us/windows-server/get-started/deprecated-features https://blogs.technet.microsoft.com/secguide/2021/01/21/lgpo-exe-local-group-policy-objectutility- v1-0/
https://msdn.microsoft.com/en-us/library/bb742512.aspx

NEW QUESTION 14
Your network contains an Active Directory forest named corp.contoso.com.
You are implementing Privileged Access Management (PAM) by using a bastion forest named priv.contoso.com.
You need to create shadow groups in priv.contoso.com. Which cmdlet should you use?

• A. New-RoleGroup
• B. New-ADGroup
• C. New-PamRole
• D. New-PamGroup

Answer: D

Explanation: https://social.technet.microsoft.com/wiki/contents/articles/33363.mim-2021-privileged-accessmanagementpam- faq.aspx
https://docs.microsoft.com/en-us/powershell/identitymanager/mimpam/vlatest/new-pamgroup

NEW QUESTION 15
DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a user named User1 and a computer named Computer1. Remote Server Administration Tools (RSAT) is installed on Computer1.
You need to add User1 as a data recovery agent in the domain.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
References:
https://msdn.microsoft.com/library/cc875821.aspx#EJAA
https://www.serverbrain.org/managing-security-2003/using-the-cipher-command-to-add-datarecovery- agent.html

NEW QUESTION 16
Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.
You need to deploy several critical line-of-business applications to the network to meet the following requirements:
*The resources of the applications must be isolated from the physical host
*Each application must be prevented from accessing the resources of the other applications.
*The configurations of the applications must be accessible only from the operating system that hosts the application.
Solution: You deploy one Windows container to host all of the applications. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/

NEW QUESTION 17
The “Network Security: Restrict NTLM: NTLM authentication in this domain” policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller.
Which value would you choose so that the domain controller will deny all NTLM authentication logon attempts using accounts from this domain to all servers in the domain.
The NTLM authentication attempts will be blocked and will return an NTLM blocked error unless the server name is on the exception list in the Network security: Restrict NTLM: Add server exceptions in this domain policy setting.

• A. Deny for domain accounts
• B. Deny for domain accounts to domain servers
• C. Deny all
• D. Deny for domain servers

Answer: B