Book description
Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.
Focus on the expertise measured by these objectives:
• Implement server hardening solutions
• Secure a virtualization infrastructure
• Secure a network infrastructure
• Manage privileged identities
• Implement threat detection solutions
• Implement workload-specific security
This Microsoft Exam Ref:
• Organizes its coverage by exam objectives
• Features strategic, what-if scenarios to challenge you
• Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles
Table of contents
- Cover
- Title Page
- Copyright Page
- Contents at a glance
- Contents
- Introduction
- Chapter 1 Implement server hardening solutions
- Chapter 2 Secure a Virtualization Infrastructure
-
Chapter 3 Secure a network infrastructure
-
Skill 3.1: Configure Windows Firewall
- Configure Windows Firewall with Advanced Security
- Configure network location profiles and deploy profile rules using Group Policy
- Configure connection security rules using Group Policy, the GUI console, or Windows PowerShell
- Configure Windows Firewall to allow or deny applications
- Configure authenticated firewall exceptions
- Skill 3.2: Implement a software-defined Distributed Firewall
- Skill 3.3: Secure network traffic
- Thought experiment
- Thought experiment answer
-
Skill 3.1: Configure Windows Firewall
-
Chapter 4 Manage Privileged Identities
- Skill 4.1: Implement an Enhanced Security Administrative Environment administrative forest design approach
-
Skill 4.2: Implement Just-in-Time administration
- Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager
- Configure trusts between production and bastion forests
- Create shadow principals in bastion forest
- Configure the MIM web portal
- Request privileged access using the MIM web portal
- Determine requirements and usage scenarios for Privileged Access Management solutions
- Create and implement MIM policies
- Implement just-in-time administration principals using time-based policies
- Request privileged access using Windows PowerShell
-
Skill 4.3: Implement Just-Enough-Administration
- Enable a JEA solution on Windows Server 2016
- Create and configure session configuration files
- Create and configure role capability files
- Create a JEA endpoint
- Connect to a JEA endpoint on a server for administration
- View logs
- Download WMF 5.1 to a Windows Server 2008 R2
- Configure a JEA endpoint on a server using Desired State Configuration
- Skill 4.4: Implement Privileged Access Workstations and User Rights Assignments
- Skill 4.5: Implement Local Administrator Password Solution
- Chapter summary
- Thought experiment
- Thought experiment answers
-
Chapter 5 Implement threat detection solutions
-
Skill 5.1: Configure advanced audit policies
- Determine the differences and usage scenarios for using local audit policies and advanced auditing policies
- Implement auditing using Group Policy and Auditpol.exe
- Implement auditing using Windows PowerShell
- Create expression-based audit policies
- Configure the audit PNP activity policy
- Configure the Audit Group Membership policy
- Enable and configure module, script block, and transcription logging in Windows PowerShell
-
Skill 5.2: Install and configure Microsoft Advanced Threat Analytics
- Determine usage scenarios for ATA
- Determine deployment requirements for ATA
- Install and Configure ATA Gateway on a Dedicated Server
- Install and Configure ATA Lightweight Gateway Directly on a Domain Controller
- Configure alerts in ATA Center when suspicious activity is detected
- Review and edit suspicious activities on the Attack Time Line
- Skill 5.3: Determine threat detection solutions using Operations Management Suite
- Thought experiment
- Thought experiment answers
-
Skill 5.1: Configure advanced audit policies
-
Chapter 6 Implement workload-specific security
-
Skill 6.1: Secure application development and server workload infrastructure
- Determine usage scenarios, supported server workloads, and requirements for Nano Server deployments
- Install and configure Nano Server
- Implement security policies on Nano Servers using Desired State Configuration
- Determine usage scenarios and requirements for Windows Server and Hyper-V containers
- Install and configure Hyper-V containers
-
Skill 6.2: Implement a Secure File Services infrastructure and Dynamic Access Control
- Install the File Server Resource Manager role service
- Configure quotas
- Configure file screens
- Configure Storage Reports
- Configure File Management Tasks
- Configure File Classification Infrastructure using FSRM
- Implement Work Folders
- Configure user and device claim types
- Create and configure resource properties and lists
- Create and configure central access rules and policies
- Implement policy changes and staging
- Configure file access auditing
- Perform access-denied remediation
- Chapter summary
- Thought experiment
- Thought experiment answers
-
Skill 6.1: Secure application development and server workload infrastructure
- Index
- About the Authors
- About the Contributing Authors
- Code Snippetsr
Product information
- Title: Exam Ref 70-744 Securing Windows Server 2016
- Author(s):
- Release date: December 2016
- Publisher(s): Microsoft Press
- ISBN: 9781509304301
You might also like
book
MCSA Windows Server 2016 Complete Study Guide, 2nd Edition
Over 1,000 pages of comprehensive exam prep for the entire MCSA certification process MCSA Windows Server …
book
Exam Ref 70-743 Upgrading Your Skills to MCSA: Windows Server 2016
About the Book: Prepare for Microsoft Exam 70-743–and demonstrate that your skills are upgraded for Windows …
book
Exam Ref 70-742 Identity with Windows Server 2016, First Edition
Prepare for Microsoft Exam 70-742–and help demonstrate your real-world mastery of Windows Server 2016 identity features …
book
Exam Ref AZ-103 Microsoft Azure Administrator, First Edition
Prepare for Microsoft Exam AZ-103—and help demonstrate your real-world mastery of deploying and managing infrastructure in …