Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named Administration that contains the computer account of Server1.
You import the Active Directory module to Server1.
You create a Group Policy object (GPO) named GPO1. You link GPO1 to the Administration OU. You need to log an event each time an Active Directory cmdlet executed successfully from Server1. What should you do?
Correct Answer:
D
In the following GPO location, you can enable the setting “Turn on Module Logging” to record an
event each
time the PowerShell executes a cmdlet of a specific PowerShell module, for example “ActiveDirectory”.
“Computer Configuration\\\\Administrative Templates\\\\Windows Components\\\\Windows PowerShell”
Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2016.
You deploy a second Active Directory forest named admin.contoso.com.
The forest contains a domain member server named Server1. Server1 has Microsoft Identity Manager (MIM) 2016 deployed.
You need to implement Privileged Access Management (PAM) and to use admin.contoso.com as an administrative forest.
Which two actions should you perform? Each correct answers presents part of the solution.
Correct Answer:
BF
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/configuring-mim-environmentfor- pam
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/step-5-establish-trust-betweenpriv- corpforests
You have a server named Server1 that runs Windows Server 2016. Server1 has the Windows Server Update Services server role installed.
Windows Server Update Services (WSUS) updates for Server1 are stored on a volume named D. The hard disk that contains volume D fails.
You replace the hard disk. You recreate volume D and the WSUS folder hierarchy in the volume. You need to ensure that the updates listed in the WSUS console are available in the WSUS folder. What should you run?
Correct Answer:
B
https://technet.microsoft.com/en-us/library/cc720466(v=ws.10).aspx?f=255&MSPPError=- 2147217396
WSUSutil.exe is a tool that you can use to manage your WSUS server from the command line.
WSUSutil.exe
is located in the %drive%\\\\Program Files\\\\Update Services\\\\Tools folder on your WSUS server.
You can run specific commands with WSUSutil.exe to perform specific functions, as summarized in the
following table.
The syntax you would use to run WSUSutil.exe with specific commands follows the table.
Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers.
You deploy the Local Administrator Password Solution (LAPS) to the network You need to view the password of the local administrator of a server named Server5. Which tool should you use?
Correct Answer:
A
Use “Active Directory Users and Computers” to view the attribute value of “ms-MCS-adminpwd” of the Server5 computer account
https://blogs.technet.microsoft.com/askpfeplat/2015/12/28/local-administrator-password-solutionlapsimplementation- hints-and-security-nerd-commentaryincludingmini-threat-model/
Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. You need to prevent NTLM authentication on Server1.
Solution: From Windows PowerShell, you run the Disable-WindowsOptionalFeature cmdlet. Does this meet the goal?
Correct Answer:
B
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
On Client, the PowerShell approach (Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol)
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
< ><>>>< ><>