Microsoft Administration Mid Term-Exam
Which of the following character types are allowed in a UPN? (Select two.)
! #
You are the server administrator for the corpnet.xyz domain. You have an application server named AppSrv01 that runs a stateless web application using IIS. Because of recent growth, this server is becoming unable to process all incoming requests in a timely manner. You would like to add a second server, AppSrv02, to run the application. Your solution should meet the following requirements: Client requests should be divided evenly between the two servers. If one server goes down, all requests should go to the other server. All application data will be stored on internal parallel SCSI drives on each server. You install the application on the second server. You now need to configure a solution to meet the requirements. What should you do?
Configure both servers in a Network Load Balancing (NLB) cluster.
You are the network administrator for corpnet.xyz. The network consists of a single Active Directory domain. The network contains a storage area network (SAN). The network contains two servers, CS1 and CS2. Both servers have the Hyper-V role installed. You create a new cluster named Cluster1 and add both servers to Cluster1. You plan to create multiple virtual machines on the new cluster. You need to ensure that each virtual machine can be moved between CS1 and CS2 independently of the other virtual machines. What should you do?
Enable cluster shared volumes
You are the administrator of several branch offices. The locations are not large enough to provide adequate physical security for a local domain controller. You plan to deploy Read-only domain controllers (RODCs). Which of the following would facilitate faster logins for the branch staff?
Enable credential caching.
Which of the following tools must be used on the reference machine to generate the code integrity policy?
PowerShell
Cluster-Aware Updating (CAU) offers some advanced configuration options you can set up. Which of the following updating run options are available?
PreUpdateScript
When configuring a clustered role, which setting is used to specify the host that should be given priority in running the role, and therefore be used during a failover if possible?
Preferred owners
You are the network administrator for Corpnet.xyz. All the servers run Windows Server. You are in the process of building a failover cluster with six nodes. You need the cluster to recalculate the quorum on the fly so that the cluster can continue to run even if the number of nodes remaining in the cluster is less than 50 percent. What kind of quorum should you use?
Dynamic Quorum
Authentication policy silos provide a way to define high-privilege credentials between the user, computer, and managed service accounts. Which of the following is true about authentication policy silos?
Each account can only belong to one silo.
When hardening a domain controller, it is important to configure network communications to help protect the domain controller from an outside attack. Which of the following actions should be taken?
Prevent domain controllers from directly communicating with hosts on the internet.
Microsoft Sentinel is a cloud-based solution that provides which of the following? (Select two.)
Security orchestration, automation, and response (SOAR) Correct Answer: Security information and event management (SIEM)
You are the network administrator for your company. All computers are joined to a single Active Directory domain. Several computers store sensitive information. You are configuring security settings that will be distributed to all computers on your network. You want to identify attempts to break into a computer by having the computer that denies the authentication attempt note the failed attempt in its security database. How can you create a policy that meets these requirements?
Select Audit Failure for the enabled audit policy
Once a piece of malware is detected and reverse-engineered, its unique characteristics are identified. Anti-malware programs use these characteristics to identify malware. What do anti-malware programs call these unique characteristics of malware?
Signature
You manage a Windows computer that is shared by multiple users. Recently, a user downloaded and installed two malware programs on the computer. The applications had an .msi extension. What is the first line of defense in protecting your system against applications like these from being copied or downloaded to your system?
Use anti-malware software that provides real-time protection.
Microsoft Defender for Cloud has features that help reduce the attack surface. As the administrator for multiple locations, you occasionally need to access a virtual machine remotely. Which of the following can you use to provide access to management ports without leaving these ports open all the time?
Use just-in-time (JIT) VM access.
You had a system that experienced a graphics card failure. You installed the graphics card, and the system would no longer boot. After checking, you discovered the operating system volume was encrypted with BitLocker. Which of the following can be used to recover the system and boot to the encrypted system volume?
Use the BitLocker recovery key.
You need to change how Windows provides notifications when the firewall blocks a new program. Click the links that you would choose to make this change. (Select two.)
Use the Change Notification Settings link. Use the Turn Windows Firewall on or off link
When using the Node and File Share Majority quorum model, what can a witness be configured as? (Select two.)
A disk witness File share on a separate server
Once Azure Key Vault has been set up and configured, you can utilize Azure Disk Encryption to activate BitLocker on IaaS VMs. Which of the following does the server need access to?
Azure storage endpoint
Which of the following are deployment requirements for using protected accounts? (Select two.)
Domain functional level of Windows 2012 R2 or later Windows 8.1 or Windows Server 2012 R2 or later
Which PowerShell cmdlet can be used to enable and configure controlled folder access?
Set-MpPreference
Which PowerShell cmdlet can be used to configure exploit protection?
Set-ProcessMitigation
In server-side encryption with service-managed keys, what manages the creation, storage, and service access of the encryption keys?
The cloud service provider
You have a Windows Server and Linux deployment in Azure. The OS and data disks are encrypted using BitLocker and DM-Crypt, respectively. What can you use to help control and manage disk encryption keys and secrets?
Azure Key Vault
You have a failover cluster named CorpCluster that has the following specifications: Nodes: 4 Witness: 1 Quorum management: Dynamic Quorum mode: Node and File Share Majority What is the maximum number of nodes that can fail at the same time and still maintain quorum?
2
How many old passwords can Windows remember?
24
How many Windows Defender Application Control (WDAC) policies can a computer system have defined for it?
32
How many characters can be entered before the "@" symbol, and how many characters can be entered after the "@" symbol in a UPN?
64 before and 48 after the "@" symbol
Microsoft Defender SmartScreen analyzes downloaded app installers to determine if they are potentially malicious. When a file with a known malicious reputation is detected, which of the following is displayed to the user?
A message that the file was blocked as unsafe and an option to delete the file.
On which of the following computers should a Windows Defender Application Control default policy be created?
A reference computer
Permissions give you the ability to do which of the following?
Access a printer
When configuring a GPO linked to a domain, which policy configuration setting would you use to control the following? Password settings Account lockout settings Kerberos settings
Account Policies
To safeguard the data in your storage account, you have the option to use your own encryption key. If you choose a customer-managed key, it will be utilized to safeguard and regulate access to the key responsible for encrypting your data. This key management method provides more flexibility to regulate access controls. Which of the following can be used to store your customer-managed keys? (Select two.)
Azure Key Vault Azure Key Vault Managed Hardware Security Module (HSM)
You are the administrator of an Active Directory network. Due to recent security concerns, it is now required to use Bitlocker to encrypt all volumes. You have several hundred servers and need to manage the BitLocker recovery keys. Which of the following is the BEST option to store the recovery keys?
Active Directory
You use a Windows desktop system. You need to configure Windows Firewall to allow traffic for a newly installed application that dynamically opens multiple ports as-needed. What should you do?
Add an exception for the application
Which of the following do you use Server Manager to accomplish immediately after installing Windows Server? (Select two.)
Add roles and features Configure the local server
When managing workloads with PowerShell, many built-in cmdlets are available that are specific to Cluster-Aware Updating (CAU). Match the cmdlet on the left to the description on the right. (Each item may be used once, more than once, or not at all.)
Adds the CAU clustered role that provides the self-updating functionality to the cluster Add-CauClusterRole correct answer: Scans the cluster nodes for applicable updates and installs them through an updating run on the cluster Invoke-CauRun correct answer: Sets configuration properties for the CAU clustered role on the cluster Set-CauClusterRole correct answer: Tests whether a cluster is properly set up to apply software updates using CAU Test-CauSetup correct answer: Re-enables the self-updating functionality on the cluster Enable-CauClusterRole correct answer: Stops an updating run in progress on the cluster Stop-CauRun correct answer: Suspends the self-updating functionality on the cluster Disable-CauClusterRole
There are Registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as: Use of Windows features such as BitLocker, offline files, and Parental Controls Customize the Start menu, taskbar, or desktop environment Control notifications Restrict access to Control Panel features Configure Internet Explorer features and options What are these settings known as?
Administrative Templates
Which group is the Allow log on locally right assigned to by default for workstations and member servers?
Administrators
As part of your company's high availability plan, you will deploy cluster sets. Which of the following are requirements? (Select three.)
All clusters in the set must be in the same Active Directory Forest. All nodes must have the same processor architecture if you wish to migrate VMs between clusters in the set. All servers in the set must be running the same version of Windows Server (Windows Server 2019 or newer).
You have installed a new Windows system and have not changed the default configuration of the Windows Firewall. How will the Windows Firewall handle inbound responses to requests sent from the local system?
All such traffic is allowed by default.
You have installed a new Windows 11 system and have not changed the default configuration of the Windows Firewall. How will the Windows Firewall handle inbound traffic initiated from an external server that a hacker is using to spread a worm?
All such traffic is blocked by default.
Click on the user right policy that is used to grant a user local access to the desktop of a Windows server.
Allow log on locally
Which of the following requires rights to perform the action?
Allow members of the IT group to back up the files in the Sales folder on the SalesData server
Windows provides several interfaces that can be used to configure the Windows Defender Firewall. Drag the Windows Firewall interface on the left to its appropriate description on the right. (Each tool may be used once, more than once, or not at all.)
Allows you to create rules based on ports. Windows Defender Firewall with Advanced Security correct answer: Lets you add, change, or remove ports that are allowed through the firewall. Allowed apps correct answer: Allows you to turn a firewall on or off for a specific profile or network. Firewall & Network Protection correct answer: Allows you to create rules based on authentication. Windows Defender Firewall with Advanced Security correct answer: The main interface and starting point for the other two interfaces. Firewall & Network Protection
Which UAC level is recommended as the most secure configuration option because it will always provide a standard user the option to log in as an administrator?
Always notify
As the administrator for a small business, you have several Azure virtual machines running Windows Server. To enhance the security, you want to encrypt the operating system and data volumes on all servers using Azure Disk Encryption.
An Azure key vault
What does exploit protection use to help mitigate exploit techniques?
Antivirus software
App Install Control is a feature of Windows Defender SmartScreen that helps protect computers. Once enabled, which of the following describes a user's ability to install apps?
Apps can only be installed from the Microsoft Store
To decrypt any encrypted data, the encryption key is needed. The encryption key method is combined with different algorithms to encrypt the data fully. Which of the following are common methods of using encryption keys? (Select two.)
Asymmetric Symmetric
What is the term for the various points where an attacker can attempt to enter or extract data from an environment?
Attack surface
You are in charge of managing the servers in your network. Recently, you have noticed that many of the domain member servers are being shut down. You would like to use auditing to track who performs these actions. What should you do only to monitor the necessary events and no others? (Select two. Each choice is a required part of the solution.)
Audit successful system events. Create a GPO to configure auditing. Link the GPO to the domain.
Drag each Group Policy setting on the left to the description of how the setting is enforced on the right.
Causes the policy to be enforced. Enabled Does not change the current setting for the policy. Not configured Prevents the policy from being enforced. Disabled
You are the network administrator for corpnet.xyz. You have created a Network Load Balancing cluster to provide high availability for the intranet website. The NLB cluster consists of three web servers, Web01, Web02, and Web03. Each web server has one network card installed. After configuring the NLB cluster, you determine that the web servers in the cluster are unable to communicate with each other. What must you do to reconfigure the cluster to allow communication between the cluster members?
Change the cluster operation mode to Multicast.
You have an on-premises data center and want to encrypt your data locally before it is received by an Azure service or application. What would meet this criteria?
Client-side encryption
Which of the following quorum witness types uses blob storage accessible by all cluster nodes to maintain clustering information?
Cloud witness
When deploying a cluster set, which of the following should be designated as the management endpoint for all cluster set management actions?
Cluster set manager (CS-Manager)
You want to implement a scale-out file server to provide storage for applications and virtual machines that leave files open for an extended period of time. Which of the following is required for this type of clustered file server?
Clustered shared volume
What does Application Control use to lock down systems so only certain apps can run?
Code integrity policies
Which of the following SIEM components is responsible for gathering all event logs from the configured devices and securely sending them to the SIEM system?
Collectors
You are the server administrator for the corpnet.xyz domain. You have a DHCP server named DHCP-Srv1 configured with a single scope. You are concerned that a failure of the DHCP server could cause disruptions on the network. You would like to provide redundancy for the DHCP server. You install DHCP on a second server named DHCP-Srv2. Your solution should meet the following requirements: DHCP-Srv1 should continue to respond to all client requests. If DHCP-Srv1 is down, DHCP-Srv2 should be able to respond to clients. DHCP-Srv2 should be aware of all leases granted by DHCP-Srv1. Following a failure, when DHCP-Srv1 comes back online, it should resume responding to all DHCP requests. What should you do?
Configure DHCP-Srv1 and DHCP-Srv2 in a failover clustering cluster.
You manage several Windows workstations in your domain. You want to configure a GPO that will make them prompt for additional credentials whenever a sensitive action is taken. What should you do?
Configure User Account Control (UAC) settings.
Your company is responsible for processing payroll for other businesses. Because the paydays for many businesses are the same, your servers experience heavy loads on some days and light loads on other days. Payroll processing is done by a custom application running on an application server. To handle the load, you configure failover clustering on a cluster of six servers. You want the cluster to keep operating even in the event of a failure of up to three of the nodes. If more than three nodes fail, the cluster should stop. What should you do?
Configure a witness disk. Use Node and Disk Majority for the quorum mode.
You are the server administrator for the corpnet.xyz domain. Srv5 is an application server that runs an application used by the sales team. You are concerned that this server is a single point of failure, and if the server goes down, the application will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: All client requests should be directed to Srv5 if available. If Srv5 goes down, all requests should be directed to the new server. Both servers should use the same set of data files. You want to configure Srv10 to provide redundancy for Srv5. Both Srv5 and Srv10 are configured to use DHCP for IP addressing information. You need to configure a solution to meet the requirements. What should you do?
Configure both servers in a failover clustering cluster. Configure a storage area network for the application data.
You are the server administrator for the corpnet.xyz domain. Srv5 is an application server that runs an application used by the sales team. You are concerned that this server is a single point of failure. If the server goes down, the application will be unavailable. You would like to add a second server to provide redundancy. Your solution should meet the following requirements: All client requests should be divided between both servers. If either server goes down, client requests should be redirected to the other server. If the application stops but the server is up, the server should automatically try to restart the application to make it available. You want to configure Srv10 to provide redundancy for Srv5 based on the stated requirements. What should you do?
Configure failover clustering with node and disk majority.
When setting up failover clusters, you can define the startup priority as high, medium, low, or no auto start (manual startup). Which of the following is the purpose of the startup priority?
Defines the order a VM will startup based on roles that may depend on others.
Manage-bde is a command line tool that can administer BitLocker settings. Which of the following can be done using Manage-bde? (Select two.)
Configure recovery methods. Encrypt and decrypt drives.
You manage 20 Windows workstations in your domain network. You want to prevent the sales team members from making system changes. Whenever a change is initiated, you want to allow only those who can enter administrator credentials to be able to make the change. What should you do?
Configure the User Account Control: Behavior of the elevation prompt for standard users setting in Group Policy to prompt for credentials.
Members of the accounting department use a custom application for entering payroll and tracking accounts receivable and accounts payable. The application runs on an application server and is cluster-aware. You would like to use failover clustering to provide redundancy, fault tolerance, and load balancing for the application. Your solution should meet the following requirements: All cluster nodes should be active and respond to client requests. When a cluster node fails, requests should be redistributed between the remaining cluster members. The cluster should continue to operate as long as there are more than half of the cluster members still available. You install Failover Clustering on five servers. Following Microsoft's recommendations, how should you configure the cluster? (Select two. Each choice is a required part of the solution.)
Configure the application as a multiple-instance application. Use node majority for the quorum mode.
Which component of Exploit Guard protects your system from ransomware and malware by preventing changes in protected files and folders?
Controlled folder access
When implementing Storage Spaces Direct to provide network-attached storage through SMB3 file shares, which resiliency option should be used?
Converged deployment
Which of the following can be configured using permissions?
Deny access to files
To configure a witness, you need to follow a few basic steps. Move the correct steps from the left to the right, and then place them in the order they occur. Each item may be used once or not at all.
Create a storage account. Get an access key. Set up the witness.
You are the network administrator for corpnet.xyz. Management has requested that the intranet website intranet.corpnet.xyz be configured for high availability. You have two Windows servers named Web01 and Web02. IIS has been installed and configured with a copy of the website on both servers. The Network Load Balancing feature has also been installed on both servers. You need to prepare the environment to create a Network Load Balancing cluster to provide high availability for the intranet website. What must you do so clients are able to access the website using http://intranet.corpnet.xyz? (Select two.)
Create an A record in DNS that maps intranet.corpnet.com to the IP address reserved for the NLB cluster. Reserve an unused valid IP address on the network to be assigned to the NLB cluster.
You are the network administrator for corpnet.com. You are creating a Network Load Balancing cluster to provide high availability for the intranet website www.corpnet.xyz. You have three web servers, web01.corpnet.xyz, web02.corpnet.xyz, and web03.corpnet.xyz. You have performed the following configuration tasks: Each server has one network card installed. Each server has its own disk storage. Each server has the same data. Each server has a static IP address. Each server has the IIS role installed. Each server has the NLB feature installed. Each server has been added to the cluster. The cluster has been assigned its own IP address. When you test access to www.corpnet.xyz, you get a message that the site can't be reached. Which step still needs to be done?
Create an A record in DNS that points www.corpnet.com to the cluster's IP address.
When configuring access to your domain controllers, you want to provide a more secure method that limits which accounts or groups can have access. You also want to limit the time an account or group can access the domain controller using Kerberos Ticket Granting Ticket (TGT). Move the correct actions from the left to the right, and then place them in the order.
Create an authentication policy. Create an authentication policy silo. Assign the authentication policy silo to AD accounts.
You manage a Windows server with four 1 TB SCSI hard disks installed. The first hard disk contains the system volume, which uses the entire drive. You want to implement a virtual disk using a storage pool on the system that meets the following criteria: You need to create one pool on the system that uses all available space in the system. You need to create four separate 800 GB virtual disks. Each virtual disk must use parity for resiliency. You need to accomplish this using the least amount of hardware and administrative effort possible. What should you do?
Create the virtual disks using the hard disks currently installed.
Microsoft Defender for Identity uses an AD DS account with read permission to all AD DS objects. Which of the following would be included?
Deleted Objects container
You are trying to implement Credential Guard on a Windows 10 Pro machine, but you can't find the Credential Guard option. Which of the following is the most likely reason?
Credential Guard is not available on Windows 10 Pro
Which malware type is designed to facilitate identity theft?
Crimeware
Custom applications and databases can be susceptible to certain web attacks and should be configured to prevent attacks such as SQL injection. Which of the following is a type of SQL injection where malicious code is saved onto an otherwise benign site?
Cross-site Scripting (XSS)
During the process of setting up cluster roles, you are considering which application is cluster-aware and designed to support clustering. Which of the following is a cluster-aware application?
DHCP server
The first screen that you see when logging in to the Azure Portal is the Azure Home page, which cannot be customized. What can you select as an alternative default view that can be customized?
Dashboard
Which Exploit protection mitigation needs to be enabled if you want to prevent executable code from being run from data-only memory pages?
Data Execution Prevention (DEP)
You manage a large number of workstations that belong to a Windows domain. You want to prevent anyone that might try to gain access to a computer from guessing login information by trying multiple passwords. Which GPO contains a policy you can enable to guard all computers in the domain against this security breach?
Default Domain Policy
You are the administrator for 122 Azure Windows virtual machines and 14 Azure Arc-enabled Windows servers. To ensure your server resources are secure, Microsoft Defender for Cloud uses the Azure Monitor Agent (AMA) to send information about the servers to Defender for Cloud. Which of the following can be enabled to deploy the agent to your servers without disruption?
Defender for Server
You want to set up exploit protection. Which of the following steps should you take? (Select two. Each answer is a part of the process.)
Define your exploit protection settings and export to an XML file. Enable the Group Policy setting and enter path to the exported file.
You are the network administrator for corpnet.xyz. The network consists of a single Active Directory domain. The company has a mission-critical database application. You must design a high-availability solution to support this application. You have four servers that connect to Ethernet switches. Your solution should meet the following requirements: Allocate storage to the servers as needed Utilize the existing network infrastructure Maximize fault tolerance What should you do?
Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN).
You have just deployed a new Windows Server 2022 domain controller and want to configure it to apply application allowlisting. Which of the following should be enabled?
Device Guard
Storage Spaces Direct (SSD) allows a single storage pool to function as shared storage within a Windows cluster. This allows the use of a more affordable disk storage option. Which of the following meets this description?
Direct-attached storage (DAS) devices
You are the network administrator for your company. Rodney, a user in the research department, shares a computer with two other users. One day, Rodney notices that some of his documents have been deleted from the computer's local hard drive. You restore the documents from a recent backup. Rodney now wants you to configure the computer, so he can track all users who delete his documents in the future. You enable auditing of successful object access events in the computer's local security policy. Rodney then logs on and creates a sample document. To test auditing, you then log on and delete the document. However, when you examine the computer's security log, no auditing events are listed. How can you make sure an event is listed in the security log whenever one of Rodney's documents is deleted?
Edit the advanced security properties of the folder containing Rodney's documents. Configure an auditing entry for the Everyone group. Configure the entry to audit the success of the Delete permission.
You have a Windows system with wired and wireless network connections. The wired connection is on the internal private network, but the wireless connection is used for public connections. You need to allow help desk users to use Remote Assistance to help you while working on the wired network, but you want to block any such access from the wireless network. How can you configure Windows Firewall to allow and deny access as described?
Enable the Remote Assistance exception only on the private profile.
While managing a failover cluster, sometimes a node will fail. For issues that will take a while longer to fix, which of the following actions should you take? Place the tasks on the left in the correct order on the right.
Evict the node using Remove-ClusterNode cmdlet. correct answer:Use the Clear-ClusterNode cmdlet. correct answer:Repair the node. correct answer:Use Add-ClusterNode cmdlet to add node back. correct answer:Check workload settings for preferred ownership.
You have been asked to troubleshoot a Windows workstation that is a member of your domain. The director who uses the machine said he can install anything he wants and change system settings on demand. He has asked you to figure out why User Account Control (UAC) is not being activated when he performs a sensitive operation. You verify that the director's user account is a standard user and not a member of the local Administrators group. You want the UAC prompt to show. What should you do?
Enable the Run all administrators in Admin Approval Mode setting in the Group Policy.
SMB Direct uses RDMA-compatible NICs. Which of the following cmdlets are used to enable RDMA on a NIC and check to see if it is enabled? (Select two.)
Get-NetAdapterRdma Set-NetAdapterRdma "adapter name" -Enabled $true
A user keeps attempting to open a text file. All that happens is that a Command Prompt window flashes on the screen and then disappears. Which of the following actions will help you determine the cause of this issue?
Enable the option in File Explorer to show file extensions.
During a recent Windows client upgrade, the IT department implemented a new policy that all clients automatically block suspicious sites and warn users about potential threats. The decision was made to use Microsoft SmartScreen for all users. Which of the following would enable the feature for all users?
Enable using the Registry-based Administrative Template policy settings
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server. You are using Storage Spaces Direct (SSD) to set up the shared storage for the cluster, so you install new SATA hard drives in each server and leave them blank, offline, and uninitialized. You used PowerShell cmdlets to verify that the new drives can be added to an SSD pool, and then you created a cluster named FileServ with FS1, FS2, and FS3 as the cluster nodes. From the drop-down list, select the cmdlet you would now enter to enable SSD on the FileServ cluster.
Enable-ClusterStorageSpacesDirect
Which of the following options under Credential Guard Configuration would you select if you need to be able to disable Credential Guard remotely?
Enabled without lock
Which of the following describes the Prevent bypassing SmartScreen Filter warning policy?
Enabling the policy prevents users from bypassing the warnings when they attempt to download or run an app that is not recognized.
Recently the cluster that you manage had a hardware failure. After checking on the availability of the replacement hardware, it will take several weeks for the parts to arrive. Which of the following actions should be taken FIRST?
Evict the cluster node.
What tool is used to set up the witness in a failover cluster?
Failover Cluster Manager
When configuring a cluster role, you need to set what to do if a failure occurs for a storage resource, application, or service. Which of the following tools would you use?
Failover Cluster Manager
When using Windows Admin Center to manage failover clusters, which of the following should you ensure is installed and updated to manage failover clusters on the server?
Failover clustering extension
Encrypting File System (EFS) was added to the NTFS file system with the release of Windows 2000. EFS is exclusive to the Windows Operating System. EFS encrypts individual files and folders. Which of the following does EFS use for symmetric encryption?
File Encryption Key (FEK)
Many attacks attempt to modify system files, critical data files, registry settings, and application software. Which of the following is a Defender for Cloud feature that addresses these types of attacks?
File Integrity Monitoring (FIM)
Which of the following are supported quorum witnesses in failover clustering?
File share Cloud Disk
You need to create a storage space on a Windows server that will store files used by the research and development employees in your organization. Because the data stored in the storage space is vital to the success of your organization, you decide to use three-way mirroring to provide redundancy for the storage space. To enhance redundancy, you decide to use the enclosure awareness feature of Windows Server to mirror data between multiple storage enclosures. Because of the critical nature of the data, you need the storage space to be able to tolerate up to two failed enclosures. How many compatible storage enclosures will be required to meet these design requirements?
Five
When a user creates a new password, the strength of the password goes through a series of evaluation steps, then is compared to the banned password lists. The second step in the evaluation checks the password to determine if it should be banned. Which of the following checks the password to see if it matches any passwords on the global or custom lists?
Fuzzy matching
A user has complained about being unable to remove a program that is no longer needed on a computer. The Programs and Features page is not available in Control Panel. You suspect that a policy is enabled that hides this page from the user. But after opening the Local Group Policy Editor, you see that the Hide Programs and Features page is set to Not configured. You know that other users in this domain can access the Programs and Features page. To determine whether the policy is enabled, where should you look next?
GPOs linked to organizational units that contain this user's object
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server and have created a cluster with FS1, FS2, and FS3 as the cluster nodes. You are using Storage Spaces Direct (SSD) to set up the shared storage for the cluster, so you install new SATA hard drives in each server and leave them blank, offline, and uninitialized. You open a PowerShell session to begin the SSD implementation. From the drop-down list, select the command you would enter to identify all storage devices that can be added to an SSD pool.
Get-PhysicalDisk -CanPool $True
The following PowerShell cmdlet lets you check for a SBM Multichannel connection:
Get-SmbConnection
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You want to implement failover clustering to make these servers highly available for your users, so you have installed the Failover Clustering feature on each server. You used PowerShell cmdlets to create a cluster named FileServ with FS1, FS2, and FS3 as the cluster nodes, and then you enabled Storage Spaces Direct (SSD) on the FileServ cluster. From the drop-down list, select the cmdlet you would now enter to verify that the SSD pool was created.
Get-StoragePool
When deploying Defender for Identity, a special AD DS account should be used so Defender for Identity can perform various functions, such as querying a domain controller for information on various events that have been discovered. Which of the following should be created?
Group Managed Service Account (gMSA)
Sentinel components include data connectors, log retention, workbooks, automation playbooks, analytic alerts, incident response, and threat investigation with artificial intelligence. Which of the following describes Azure workbooks?
Helps you get an overall visualization of your data.
The very best security measures can be rendered useless by a simple misconfiguration error. Missing a setting or forgetting to check a box can create a vulnerability. To prevent this type of error, ensure that the server implementation is well thought out. Plan your configuration, accounts, permissions, restrictions, and policies. Test your configurations both before and after implementation. Which of the following should be considered to avoid misconfigurations that can create vulnerabilities?
Implement secure administrative hosts.
You are the network administrator for corpnet.xyz. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. You plan to implement high availability through Failover Clustering and to use Storage Spaces Direct (SSD) to set up the shared storage for the cluster. Your file servers have been in production for a while. Their data disks use varying sizes of SATA drives and have varying amounts of space available. What must you do before you can implement Storage Spaces Direct? (Select two.)
Install new hard drives in each server and leave the drives blank, offline, and uninitialized. Install the Failover Clustering feature on each server.
Which of the following determines the reputation of an app by which WDAC rules can be defined?
Intelligent Security Graph
Under which security option category would you enable a prompt for users to change their password before it expires?
Interactive logon
Which of the following are TRUE about PowerShell in Windows? (Select two.)
It is built on the .NET Framework It uses commands called cmdletst
What type of security ticket is used to establish the session with servers in an AD DS network?
Kerberos
Which of the following is a single sign-on authentication and authorization service based on a time-sensitive, ticket-granting system that is used in conjunction with authentication policies?
Kerberos
Where are Kerberos tickets stored on the local system?
LSA
The event log for Microsoft Defender SmartScreen is disabled by default. In order to display messages to users that are logged in, which of the following actions will enable the debug log?
Launch Event Viewer and enable the Debug log
To ensure the overall security of a system when applications are installed and configured to use an Active Directory account, what principle should be applied?
Least privilege
You are the security administrator for your organization. Your multiple-domain Active Directory forest uses Windows servers for domain controllers and member servers. The computer accounts for your member servers are located in the Member Servers OU. Computer accounts for domain controllers are in the Domain Controllers OU. Computer accounts for workstations are located in the Workstations OU. You are creating a security template that you plan to import into a GPO. What should you do to log whenever a user is unable to log on to any computer using a domain user account? (Select two. Each choice is a required part of the solution.)
Link the GPO to the Domain Controllers OU Enable the logging of failed account logon events
Which of the following statements is true regarding workload migration in a cluster set configuration in Windows?
Live migration of virtual machines can be performed across different failover clusters within a cluster set.
You are managing a workstation that is not part of a Windows domain. Users on this computer should not be permitted to download applications from the Windows Store. Which administration tool can you use to enable a policy that turns off the Store application for all users on this computer?
Local Group Policy Editor
You are managing rights on a standalone server. You want to make changes to the settings of the Restore files and directories policy. Which of the following is the tool you must use to make changes to this policy?
Local Group Policy Editor
You have deployed client-side encryption for your on-premises Windows servers. Where are encryption keys stored in client-side encryption?
Locally
As the administrator for 43 Azure virtual machines running Windows Server, you have onboarded all systems to Microsoft Defender for Cloud. Microsoft Defender for Cloud utilizes a feature called workflow automation to provide alerts and recommendations. During the process of adding a workflow automation in Azure, what can you configure that allows the grouping of workflows as logical units so they can be easily managed?
Logic App
You are consulting with the owner of a small network with a Windows server functioning as a workgroup server. There are six Windows desktop computers. There is no internet connectivity. The server contains possibly sensitive information, so the owner wants to ensure that no unauthorized access occurs. You suggest that auditing be configured so that access to sensitive files can be tracked. What can you do to ensure that the files generate audit results? (Select three. Each correct answer is part of the required solution.)
Make sure the Object Access auditing policy is configured for success and failure. Make sure the files to be audited are on NTFS partitions. Make sure the correct users and groups are listed in the auditing properties of the files.
Microsoft Defender for Endpoint includes several security components depending on the selected security plan. Match the component on the left with the description on the right. (Each item may be used once, more than once, or not at all.)
Manages assets to protect them from attackers. Collects information about suspicious activities that occur on endpoints, which helps to allow security teams an opportunity to respond to threats quickly. Endpoint detection and response A managed service provides attacks targeted to an organization's specific needs. Microsoft Threat Experts Threat and vulnerability management is used to discover and prioritize your organization's real-time vulnerabilities and configuration errors. Threat and vulnerability management When a threat is discovered, Defender for Endpoint will attempt to fix and resolve the threat. Automatic investigation and remediation It was created to gather real-time behavior and cloud-based information from various locations and use it to protect a network from emerging threats. Next-generation protection
In an enterprise environment, which of the following tools is used to manage keys, automate encryption, and check compliance for BitLocker?
Microsoft BitLocker Administration and Monitoring (MBAM)
What Microsoft cloud-based security solution includes Azure Active Directory, Windows Defender Advanced Threat Protection (ATP), and Microsoft Cloud App Security?
Microsoft Defender for Identity
Microsoft Defender SmartScreen is integrated into Windows 10 and later clients. Which of the following can be used to manage it? (Select two.)
Microsoft Intune Group Policy
Which setting would you set to 0 to allow all users to reset their password immediately?
Minimum password age
You suspect that sensitive information has been leaked. Which audit logs could you review to track who opened a file containing the sensitive data?
Object Access
Which of the following is a characteristic of a virus?
Must be attached to a file or program to run
What must be done before Sentinel can begin to provide security analytics and threat intelligence and response throughout an enterprise?
Must be successfully added to a workspace.
Which of the following is a valid Azure AD password?
My Password
Which of the following allows a Windows Server with TPM enabled and a pre-boot network connection to automatically unlock a BitLocker-encrypted operating system volume without user intervention?
Network Unlock
Which statements are true regarding firewalls? (Select two.)
Network firewalls are typically implemented using hardware and positioned at the network's perimeter Host-based firewalls are implemented using software and reside on the individual hosts within the network.
Which component of Exploit Guard helps prevent access to internet domains that may host phishing scams, exploits, and other malicious content?
Network protection
Which PowerShell cmdlet is used to generate the code integrity policy XML file?
New-CIPolicy
You are the network administrator for corpnet.xyz. You are creating a Network Load Balancing cluster to provide high availability for the intranet website. You have three web servers, Web01, Web02, and Web03, which are configured as follows: Each server has one network card installed. Each server has its own disk storage. Each server has the same data. Each server receives an IP address dynamically from the DHCP server. Each server has the IIS role installed. Each server has the NLB feature installed. Are you ready to configure these servers into an NLB cluster?
No. Each server should be assigned a static IP address.
You need to create a storage space on a Windows server that will store files used by the research and development employees in your organization. During the product development process, many files stored in the storage space will be accessed frequently. Disk performance is critical for these files. However, an archive of files used for previous designs will also be stored in the same storage space. This archive is very large, but it will be accessed infrequently. To accommodate these requirements, you decide to implement tiering within a mirrored storage space. You plan to complete the following: Install four SSDs and eight HDDs in the server. Create a storage pool using all of the space on all 12 drives. Create a new virtual disk from the space in the pool with storage tiers and thin provisioning enabled. Create an NTFS volume on the virtual disk. Will this configuration work?
No. Tiering requires that virtual disks use fixed provisioning.
You are the administrator of a cluster containing virtual machines running Windows Server. You want to configure the VMs so that if they fail a specific number of times within a timeframe, they will not rejoin the cluster. This gives you the opportunity to investigate the problem and resolve it.
Node quarantine
Which of the following UAC levels prompts the user only when a program tries to change the computer or a program not included with Windows attempts to modify Windows settings?
Notify me only when apps try to make changes to my computer (do not dim my desktop)
Windows Defender Exploit Guard is a host-based intrusion protection solution. One of the four main components is Attach Surface Reduction Policies. Which policy/option prevents the creation of child processes and executable content?
Office threats
When should you disable the Windows firewall
Only if the computer is protected by a different firewall program
Which of the following BEST describes the role of an access control list within a Windows firewall?
Permits or denies network traffic through a firewall.
You manage a single domain named widgets.com. This morning, you noticed that a trust relationship you established with another forest has changed. You reconfigured the trust, but you want to be able to identify if this change happens again in the future. You want to configure auditing to track this event. Which auditing category should you enable?
Policy Change events
Match each controlled folder access configuration option to its description.
Prevents suspicious or malicious software from making changes to protected folders. Block correct answer: Prevents untrusted apps from writing to disk sectors. Block disk modification only correct answer: Stops the Controlled Folder Access feature. Disable correct answer: Tracks untrusted apps that write to disk sectors. Audit disk modification only correct answer: Tracks rather than prevents changes to protected folders. Audit Mode
You have several servers running Windows Server 2022 and a corporate domain controller. Which of the following is part of a strategy to manage user credential exposure using non-configurable protections?
Protected Users security group
Kerberos single sign-on authentication is made up of several components. Match the component on the left with the definition on the right. (Each item may be used once, more than once, or not at all.)
Provides or holds network resources Service server (SS) correct answer: Grants tickets that are valid for specific resources on specific servers Ticket-granting server (TGS) correct answer: A single entity that combines the authentication server and ticket-granting server correct answer: Accepts and processes authentication requests Authentication server (AS)
What is a requirement for using SMB Direct?
RDMA-compatible NICs
Which of the following types of malware are designed to scam money from the victim? (Select two.)
Ransomware Scareware
Due to a recent acquisition, your company now has several small branch offices. The physical security for the local server is minimal, and you need to provide Active Directory Domain Services for the branch users. Which of the following should you deploy at the branch office?
Read-only domain controller (RODC)
You have a computer running Windows. Prior to installing some software, you turn off User Account Control (UAC), reboot the computer, and install the software. You turn UAC back on, but it does not prompt you before performing sensitive actions. You want the protection of UAC, but it is not working at all. What should you do?
Reboot the machine.
Microsoft Defender for Identity is a cloud-based security solution that protects identities and data within an organization by identifying, detecting, and investigating advanced threats by utilizing on-premise Active Directory sensors. Defender for Identity is designed to detect potential threats across the entire cyber-attack kill chain. Given the following description: By using adaptive technology, it can identify unusual activity, providing insights into potential security threats such as advanced attacks, user compromise, and insider threats. Which of the following threats matches the description?
Reconnaissance
Microsoft Defender for Cloud continually assesses resources for security issues and provides a secure score. The secure score is part of the Security posture. To improve the secure score, Defender for Cloud makes recommendations on how to resolve security issues. When viewing a recommendation, which of the following are provided as part of the recommendation? (Select four.)
Related recommendations Affected resources Description Remediation steps
Which of the following predefined exceptions in Windows Firewall allow users to view and control remote desktops?
Remote Assistance
Which of the following can be used to access BitLocker encrypted data from a hard disk drive that has been critically damaged?
Repair-bde
A company has deployed a new cluster configuration using Microsoft Failover Cluster Management. They want to ensure the configuration is ready for production use, so they run the validation tool. The validation tool reports that one of the disks attached to the cluster is not recommended for use with clustering. Which of the following actions should the company take in response to this validation result?
Replace the disk with a recommended disk and rerun the validation tool.
Your company recently implemented the Banned Passwords List for the domain. You want to ensure that all active passwords are checked against the lists. Which of the following would be the BEST way to accomplish this?
Require all users to change their passwords.
Which of the following are options available from the Power button at the bottom left of the Start menu? (Select three.)
Restart Sleep Hibernate
As an IT administrator, you want to access the Computer Management utility from the Start menu on an employee's desktop. How would you access this advanced feature?
Right-click the Start button
Your Windows system has been infected with malware that has replaced the standard boot loader on the hard disk with its own malicious software. Which type of exploit is being used in this scenario?
Rootkit
You have enabled Credential Guard in Group Policy and need it to take effect immediately. Which of the following actions will make this happen? (Select two.)
Run gpudpate /force from an elevated Command Prompt. Log the user out and back in.
After creating your code integrity policy XML file, you have gone into Group Policy and enabled the Deploy Windows Defender Application Control option. You specified the path to the code integrity policy file.
SIPolicy.p7b
Which of the following statements is true?
SMB Multichannel increases throughput.
As the administrator of corpnet.xyz, you have deployed Azure IaaS virtual machines and set up a failover cluster. The cluster automatically recognizes when it is running in Azure IaaS VMs and will optimize settings to provide proactive failover and logging with the highest level of availability. When configuring this kind of cluster, you need a managed disk shared between the VMs using the Azure shared disk feature. Which of the following disks should be used for this to work? (Select two.)
SSD-managed disks Azure ultra disks
Which of the following is the option provided by Azure AD for users that forget their password or get locked out of their account?
SSPR
Which of the following resources can you access from the page header in the Azure interface? (Select three.)
Search bar Your account Global controls
An anti-malware program uses a heuristic-based analysis to detect which of the following? (Select two.)
Second-generation malware Zero-day attacks
Which of the following includes the Policy Analyzer?
Security Compliance Toolkit (SCT)
Updates for failover cluster nodes can be automated using Cluster-Aware Updating (CAU). Which of the following are CAU modes that can be selected?
Self-updating Remote updating
Microsoft Sentinel is an enterprise cloud solution that utilizes SIEM and SOAR systems with Azure services and on-premise environments. Which of the following Sentinel features can integrate non-Microsoft solutions such as Syslog and Common Event Format (CEF) and third-party services such as Amazon Web Services and Google Workspaces?
Sentinel data connectors
As part of a new installation, you are deploying a domain controller. To prevent malicious actors from trying to gain access to the domain controller, you want to take all the necessary steps to harden the domain controller. Which of the following installation options for Windows Server 2022 should be used?
Server Core
Which type of encryption is used by the majority of Azure-managed disks?
Server-side encryption
Drag each GPO category on the left to the associated policy on the right
Software that should be installed on a specific computer Computer Configuration policies correct answer: Internet Explorer user settings User Configuration policies correct answer: Scripts that should run at logon or logoff User Configuration policies correct answer: Network communication security settings Computer Configuration policies correct answer: Password restrictions that must be met for all user accounts Computer Configuration policies correct answer: Software that should be installed for a specific user User Configuration policies correct answer: Scripts that should run at startup or shutdown Computer Configuration policies
When considering whether or not to implement a failover cluster for an application, which of the following works best with clustering?
Stateful applications
You are the network administrator for corpnet.xyz. The network consists of a single Active Directory domain. The network contains three Windows servers named FS1, FS2, and FS3. These servers are used for storing files in shared folders. Your users must have access to these shared folders to do their jobs, so you want to implement high availability through failover clustering. However, there is no budget for purchasing a SAN to use as the shared storage in a failover cluster. Which of the following allows you to create a failover cluster without having to purchase a SAN?
Storage Spaces Direct
The notification area is available at the right end of the taskbar on the Windows desktop. Which of the following does the notification area display? (Select three.)
System management icons for networks, sound volume, and removable devices Application icons The current date and time
Microsoft releases patches for their operating systems and other software products on the second Tuesday of every month - "Patch Tuesday." Which of the following is a patch management best practice?
Test the results of the update by applying it first in a test environment before applying it to servers on the network.
Group Policies can be used to set the same notification levels at the domain level that can be set for local machines using the User Account Control (UAC) tool. You need to configure the Notify me only when programs try to make changes to my computer notification level using Group Policy. Which of the following Group Policies must be set to complete this configuration?
The Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent for non-Windows binaries. The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is enabled.
The Hide Programs and Features page setting is configured for a specific user as follows:
The GPO linked to the user's organizational unit is applied last so this setting takes precedence
An important aspect of managing failover clusters is upgrading their OS as needed. Which of the following should you check before upgrading the OS to ensure the nodes run optimally?
The functional level
Drag the load balancing term on the left to the appropriate description on the right.
The process that cluster members use to reach a consistent state. Convergence Periodic heartbeat signals sent by cluster members to maintain consistent information about cluster membership. Heartbeat Cluster hosts retain their network adapter's original hardware MAC address. Multicast mode MAC addresses used by cluster hosts are replaced by a single cluster MAC address. Unicast mode
You have 124 virtual machines running Windows Server 2022. In the case of disks with encryption at the host, what provides encryption for the data?
The server hosting the VM
Cluster-Aware Updating (CAU) offers some advanced configuration options. When an update fails, which of the following describes what happens after a certain number of failures?
The update is rolled back across all nodes in the cluster.
User Account Control (UAC) is a tool that generates an alert when a task or operation needs administrative privileges. You use the UAC settings in Control Panel to configure the sensitivity of UAC. Drag the UAC notification level on the left to the appropriate description of what it does on the right.
The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is not displayed. Notify me only when apps try to make changes to my computer (do not dim the desktop) correct answer: A UAC prompt and the secure desktop are displayed for 150 seconds. The user cannot perform any other actions until they respond to the prompt. Always notify correct answer: The user is prompted only when programs try to make changes to the computer or Windows settings. The secure desktop is displayed for 150 seconds. Notify me only when apps try to make changes to my computer correct answer: If logged on as a standard user, all actions requiring privilege elevation are automatically denied. Never notify
A user reports that they receive a warning message when trying to access a particular website. As an administrator, you suspect that this might be due to Defender SmartScreen. What could be the reason for this warning message?
The user is trying to access a website that is on the list of known malicious sites
Which of the following is a password restriction that applies to Azure AD?
There is a global banned password list
Administrators can select to block a suspicious site or warn the user about potential threats through policies. Match the policy on the left with the description on the right. (Each item may be used once or not at all.)
This policy helps to prevent malicious executable files from impacting user devices. This policy applies to files that are downloaded from the internet. Configure App Install Control This policy is used to enable or disable the SmartScreen for all users. Configure Windows Defender SmartScreen This policy is used to clear the SmartScreen event logs. This policy indicates whether a user can bypass any warnings that are provided by Defender SmartScreen. If this policy is enabled, the user can bypass the warnings. Prevent bypassing SmartScreen Filter warnings
What is the role of a witness in a failover cluster with an even number of servers?
To break the tie during failover.
What is the primary purpose of a quorum in a failover cluster?
To cast votes on which server should take over the primary role during failover.
What is the purpose of Credential Guard?
To prevent attackers from stealing credentials
Why should failover clusters always have an odd number of quorum members?
To prevent deadlocks and cluster shutdowns
BitLocker is used to encrypt an entire volume, not just individual files and folders. Which of the following does BitLocker utilize for encryption? (Select two.)
Trusted Platform Module (TPM) Advanced Encryption Standard (AES)
You have several computers running Windows 11. The computers are members of a domain. For all computers, you want to remove access to administrative tools from the Start menu and hide notifications from the System Tray. What should you do?
Use Group Policy
Which of the following methods can be used to launch Cluster-Aware Updating (CAU) in Windows Server? (Select two.)
Use the Windows Admin Center. Server Manager > Tools.
Match the cluster quorum modes on the left with the correct description on the right. (Each item may be used once, more than once, or not at all.)
Used when there are an even number of nodes. Node and Disk Majority correct answer: Used when the quorum is stored on a network share. Node and File Share Majority correct answer: Used when the disk hosting the witness fails but the quorum is not lost. correct answer: Used when there are an odd number of nodes, but mainly for testing. Disk Only correct answer: Used when there are an odd number of nodes. Node Majority
If a standard user tries to perform an administrative task, they will be prompted to enter administrative credentials. Which security option is responsible for this prompting
User Account Control
Select the policy node you would choose to configure who is allowed to manage the auditing and security logs.
User Rights Assignment
Which of the following can be added to the Protected Users group?
User accounts
Which technology does Credential Guard use to isolate secrets stored within the LSA?
VBS
Which of the following can tag processes running on the local system as belonging to a VM running within Hyper-V?
VSM
Which of the following tasks can be performed using the Windows Admin Center (WAC) for failover clusters in Windows Server?
View detailed information on each cluster
ou have recently upgraded your laptop computer from Windows 10 to Windows 11. What new features are available to you in Windows 11? (Select two.)
Virtual desktops Teams
Privilege use tracks which of the following? (Select two.)
When an administrator takes ownership of an object. When a user exercises a user right
Which of the following Windows 11 interface components is designed to provide information such as local weather, trending news, and options to personalize the news feed and interests?
Widgets
Which of the following versions of Windows meets the minimum requirements to create WDAC policies?
Windows 10 Pro build 1903
Group Policy can be used to deploy WDAC policies to which of the following versions of Windows 11?
Windows 11 Enterprise
You have deployed a new Windows client to a group of employees and want to ensure the employees remain productive by having access to the applications needed to perform their jobs. Which of the following should you implement?
Windows Defender Application Control (WDAC)
Which of the following are the minimum requirements to implement Credential Guard? (Select three.)
Windows Secure Boot CPU virtualization extensions Trusted Platform Module (TPM)
Which of the following methods can be used to enable/disable Defender SmartScreen? (Select three.)
Windows Security settings Internet Properties Edge browser
Azure Disk Encryption warrants using an Azure Key Vault to manage and regulate disk encryption keys and secrets. Where must the key vault and VMs be located?
Within the same Azure region and subscription.
You have noticed malware on your network spreading from computer to computer and deleting files. Which type of malware are you most likely dealing with?
Worm
Which of the following allows you to enable Windows Defender Credential Guard?
group Policy
You have a system that has BitLocker enabled. You run the cmdlet Get-BitLockerVolume with the appropriate options to retrieve information on the MountPoint for the system volume (C) and the data volume (D). You determine that the data volume (D) does not unlock automatically when the server restarts. What command or cmdlet should you run to ensure the data volume (D) will unlock automatically when the server starts?
manage-bde -autounlock -enable D:
You are an administrator for a company that uses Windows servers. In addition to Active Directory, you provide file and print services, DHCP, DNS, and email services. There is a single domain and a single site. There are two member servers, one that handles file and print services only and one database server. You are considering adding additional servers as business increases. Your company produces mass mailings for its customers. The mailing list and contact information provided to your company by its clients are strictly confidential. Because of the private information sometimes contained in the data (one of your clients is a hospital) and because of the importance of the data to your operation, the data can also be considered a trade secret. You want to ensure the data stored on your member servers is only accessed by authorized personnel for business purposes. You've set file permissions to restrict access, but you want to track the authorized users. How should you configure your security policy to track access to the data files?
onfigure Object Access auditing in a GPO and link it to the domain
Which command can be used to attempt to repair infected files?
sfc
Which of the following would you link to an authentication policy silo to only allow specific accounts access to particular sensitive servers?
silo claim
Microsoft Defender SmartScreen is integrated into Windows 10 clients and newer. Which of the following commands is used to view the Defender SmartScreen event logs?
wevtutil sl Microsoft-Windows-SmartScreen/Debug /e:true
After selecting an Azure resource, where are the details and information for the selected resource displayed?
working pane