070-744 무료 덤프문제 온라인 액세스

The network contains an Active Directory domain named contoso.com. The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10 and are domain members.
All laptops are protected by using BitLocker Drive Encryption (BitLocker).
You have an organizational unit (OU) named OU1 that contains the computer accounts of application servers.
An OU named OU2 contains the computer accounts of the computers in the marketing department.
A Group Policy object (GPO) named GP1 is linked to OU1.
A GPO named GP2 is linked to OU2.
All computers receive updates from Server1.
You create an update rule named Update1.
You need to ensure that you can encrypt the operating system drive of VM1 by using BitLocker.
Which Group Policy should you configure?

• A.Configure use of hardware-based encryption for operating system drives
• B.Configure TPM platform validation profile for native UEFI firmware configurations
• C.Configure TPM platform validation profile for BIOS-based firmware configurations
• D.Require additional authentication at startup

Your network contains an Active Directory domain named contoso.com.The domain contains 1,000 client computers that run either Windows 8.1 or Windows 10.
You have a Windows Server Update Services (WSUS) deployment All client computers receive updates from WSUS.
You deploy a new WSUS server named WSUS2.
You need to configure all of the client computers that run Windows 10 to send WSUS reporting data to WSUS2.
What should you configure?

• A.a Group Policy object (GPO)
• B.an approval rule
• C.a computer group
• D.a synchronization rule

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. The forest contains a single domain. The domain contains multiple Hyper-V hosts.
You plan to deploy guarded hosts.
You deploy a new server named Server22 to a workgroup.
You need to configure Server22 as a Host Guardian Service server.
What should you do before you initialize the Host Guardian Service on Server22?

• A.Raise the forest functional level.
• B.Obtain a certificate.
• C.Install the Active Directory Domain Services server role on Server22.
• D.Join Server22 to the domain.

The Job Title attribute for a domain user named User1 has a value of Sales Manager.
User1 runs whoami /claims and receives the following output:

Kerberos support for Dynamic Access Control on this device has been disabled.
You need to ensure that the security token of User1 has a claim for Job Title. What should you do?

• A.From Active Directory Administrative Center, add a claim type.
• B.From a Group Policy object (GPO), configure KDC support for claims, compound authentication, and Kerberos armoring.
• C.From Active Directory Users and Computers, modify the properties of the User1 account.
• D.From Windows PowerShell, run the New-ADClaimTransformPolicy cmdlet and specify the -Name parameter

Your network contains an Active Directory domain named contoso.com. The domain contains several shielded virtual machines.
You deploy a new server named Server1 that runs Windows Server 2016. You install the Hyper-V server role on Server1.
You need to ensure that you can host shielded virtual machines on Server1.
What should you install on Server1?

• A.the Windows Biometric Framework (WBF)
• B.BitLocker Network Unlock
• C.VM Shielding Tools for Fabric Management
• D.Host Guardian Hyper-V Support