Microsoft Securing Windows Server 2016 Set 1

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016. You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2. You need to implement a Privileged Access Management (PAM) solution. Which two actions should you perform? Each correct answer presents part of the solution.

Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 is configured as a domain controller. You configure Server1 as a Just Enough Administration (JEA) endpoint. You configure the required JEA rights for a user named User1. You need to tell User1 how to manage Active Directory objects from Server2. What should you tell User1 to do first on Server2?

Your network contains an Active Directory domain named contoso.com. The domain contains 100 servers. You deploy the Local Administrator Password Solution (LAPS) to the network. You deploy a new server named FinanceServer5, and join FinanceServer5 to the domain. You need to ensure that the passwords of the local administrators of FinanceServer5 are available to the LAPS administrators. What should you do?

Your network contains an Active Directory domain named contoso.com. The domain contains four servers. The servers are configured as shown in the following table. You need to manage FS1 and FS2 by using Just Enough Administration (JEA). What should you do before you can implement JEA?

Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com. You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks. What should you include in the recommendation?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016. A technician is testing the deployment of Credential Guard on Server1. You need to verify whether Credential Guard is enabled on Server1. What should you do?

Your network contains an Active Directory domain named contoso.com. You install the Windows Server Update Services server role on a member server named Server1. Server1 runs Windows Server 2016. You need to ensure that a user named User1 can perform the following tasks: View the Windows Server Update Services (WSUS) configuration. Generate WSUS update reports. The solution must use the principle of least privilege. What should you do on Server1?

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server5 that has the Windows Server Update Services server role installed. You need to configure Windows Server Update Services (WSUS) on Server5 to use SSL. You install a certificate in the local Computer store. Which two tools should you use? Each correct answer presents part of the solution.

Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 8.1 and 1,000 client computers that run Windows 10. You deploy a Windows Server Update Services (WSUS) server. You create a computer group for each organizational unit (OU) that contains client computers. You configure all of the client computers to receive updates from WSUS. You discover that all of the client computers appear in the Unassigned Computers computer group in the Update Services console. You need to ensure that the client computers are added automatically to the computer group that corresponds to the location of the computer account in Active Directory. Which two actions should you perform? Each correct answer presents part of the solution.

Your network contains an Active Directory domain named contoso.com. You are deploying Microsoft Advanced Threat Analytics (ATA). You create a user named User1. You need to configure the user account of User1 as a Honeytoken account. Which information must you use to configure the Honeytoken account?