book

Exam Ref 70-744 Securing Windows Server 2016

Name: Exam Ref 70-744 Securing Windows Server 2016
ISBN: 9781509304301

by Timothy Warner, Craig Zacker

December 2016

Intermediate to advanced

352 pages

9h 39m

English

Microsoft Press

Read now

Unlock full access

Cover
Title Page
Copyright Page
Contents at a glance
Contents
Introduction
Organization of this bookMicrosoft certificationsAcknowledgmentsFree ebooks from Microsoft PressMicrosoft Virtual AcademyQuick access to online referencesErrata, updates, & book supportWe want to hear from youStay in touchPreparing for the exam
Chapter 1 Implement server hardening solutions
Skill 1.1: Configure disk and file encryptionDetermine hardware and firmware requirements for Secure Boot and encryption key functionalityDeploy BitLocker Drive EncryptionConfigure Network UnlockImplement the BitLocker Recovery ProcessManage Encrypting File SystemSkill 1.2: Implement server patching and updating solutionsInstall and configure WSUSCreate computer groups and configure Automatic UpdatesManage updates using WSUSConfigure WSUS reportingTroubleshoot WSUS configuration and deploymentSkill 1.3: Implement malware protectionImplement an antimalware solution with Windows DefenderIntegrate Windows Defender with WSUS and Windows UpdateImplement AppLocker rulesImplement Control Flow GuardImplement Device Guard policiesSkill 1.4: Protect credentialsDetermine requirements for Credential GuardConfigure Credential GuardImplement NTLM blockingSkill 1.5: Create security baselinesInstall and Configure Security Compliance ManagerCreate and import security baselinesDeploy configurations to domain and non-domain-joined serversChapter summaryThought ExperimentThought experiment answers
Chapter 2 Secure a Virtualization Infrastructure
Skill 2.1: Implement a Guarded Fabric solutionInstall and configure the Host Guardian ServiceConfigure admin and TPM-trusted attestationConfigure Key Protection Service Using HGSConfiguring the guarded hostMigrate shielded VMs to other guarded hostsTroubleshoot guarded hostsSkill 2.2: Implement shielded and encryption-supported VMsDetermine requirements and scenarios for implementing shielded VMsCreate a shielded VM using Hyper-VEnable and configure vTPMDetermine requirements and scenarios for implementing encryption-supported VMsShielded VM recoveryChapter summaryThought experimentThought experiment answers
Chapter 3 Secure a network infrastructure
Skill 3.1: Configure Windows FirewallConfigure Windows Firewall with Advanced SecurityConfigure network location profiles and deploy profile rules using Group PolicyConfigure connection security rules using Group Policy, the GUI console, or Windows PowerShellConfigure Windows Firewall to allow or deny applicationsConfigure authenticated firewall exceptionsSkill 3.2: Implement a software-defined Distributed FirewallDetermine requirements and scenarios for Distributed Firewall implementation with Software Defined NetworkingDetermine usage scenarios for Distributed Firewall policies and network security groupsSkill 3.3: Secure network trafficDetermine SMB 3.1.1 protocol security scenarios and implementationsEnable SMB encryption on SMB sharesConfigure SMB signing and disable SMB 1.0Secure DNS traffic using DNSSEC and DNS policiesInstall and configure Microsoft Message Analzyer to analyze network trafficChapter summaryThought experimentThought experiment answer
Chapter 4 Manage Privileged Identities
Skill 4.1: Implement an Enhanced Security Administrative Environment administrative forest design approachDetermine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forestDetermine usage scenarios and requirements for implementing clean source principles in an Active Directory architectureSkill 4.2: Implement Just-in-Time administrationCreate a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity ManagerConfigure trusts between production and bastion forestsCreate shadow principals in bastion forestConfigure the MIM web portalRequest privileged access using the MIM web portalDetermine requirements and usage scenarios for Privileged Access Management solutionsCreate and implement MIM policiesImplement just-in-time administration principals using time-based policiesRequest privileged access using Windows PowerShellSkill 4.3: Implement Just-Enough-AdministrationEnable a JEA solution on Windows Server 2016Create and configure session configuration filesCreate and configure role capability filesCreate a JEA endpointConnect to a JEA endpoint on a server for administrationView logsDownload WMF 5.1 to a Windows Server 2008 R2Configure a JEA endpoint on a server using Desired State ConfigurationSkill 4.4: Implement Privileged Access Workstations and User Rights AssignmentsImplement a PAWS solutionConfigure User Rights Assignment group policiesConfigure security options settings in group policyEnable and configure Remote Credential Guard for remote desktop accessSkill 4.5: Implement Local Administrator Password SolutionInstall and configure the LAPS toolSecure local administrator passwords using LAPSManage password parameters and properties using LAPSChapter summaryThought experimentThought experiment answers

Chapter 5 Implement threat detection solutions
Skill 5.1: Configure advanced audit policiesDetermine the differences and usage scenarios for using local audit policies and advanced auditing policiesImplement auditing using Group Policy and Auditpol.exeImplement auditing using Windows PowerShellCreate expression-based audit policiesConfigure the audit PNP activity policyConfigure the Audit Group Membership policyEnable and configure module, script block, and transcription logging in Windows PowerShellSkill 5.2: Install and configure Microsoft Advanced Threat AnalyticsDetermine usage scenarios for ATADetermine deployment requirements for ATAInstall and Configure ATA Gateway on a Dedicated ServerInstall and Configure ATA Lightweight Gateway Directly on a Domain ControllerConfigure alerts in ATA Center when suspicious activity is detectedReview and edit suspicious activities on the Attack Time LineSkill 5.3: Determine threat detection solutions using Operations Management SuiteDetermine Usage and Deployment Scenarios for OMSDetermine security and auditing functions available for useDetermine log analytics usage scenariosChapter summaryThought experimentThought experiment answers
Chapter 6 Implement workload-specific security
Skill 6.1: Secure application development and server workload infrastructureDetermine usage scenarios, supported server workloads, and requirements for Nano Server deploymentsInstall and configure Nano ServerImplement security policies on Nano Servers using Desired State ConfigurationDetermine usage scenarios and requirements for Windows Server and Hyper-V containersInstall and configure Hyper-V containersSkill 6.2: Implement a Secure File Services infrastructure and Dynamic Access ControlInstall the File Server Resource Manager role serviceConfigure quotasConfigure file screensConfigure Storage ReportsConfigure File Management TasksConfigure File Classification Infrastructure using FSRMImplement Work FoldersConfigure user and device claim typesCreate and configure resource properties and listsCreate and configure central access rules and policiesImplement policy changes and stagingConfigure file access auditingPerform access-denied remediationChapter summaryThought experimentThought experiment answers
Index
About the Authors
About the Contributing Authors
Code Snippetsr

Overview

Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.

Focus on the expertise measured by these objectives:

• Implement server hardening solutions

• Secure a virtualization infrastructure

• Secure a network infrastructure

• Manage privileged identities

• Implement threat detection solutions

• Implement workload-specific security

This Microsoft Exam Ref:

• Organizes its coverage by exam objectives

• Features strategic, what-if scenarios to challenge you

• Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Exam Ref 70-345 Designing and Deploying Microsoft Exchange Server 2016

Publisher Resources

ISBN: 9781509304301Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills