Book description
Prepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level.
Focus on the expertise measured by these objectives:
• Implement server hardening solutions
• Secure a virtualization infrastructure
• Secure a network infrastructure
• Manage privileged identities
• Implement threat detection solutions
• Implement workload-specific security
This Microsoft Exam Ref:
• Organizes its coverage by exam objectives
• Features strategic, what-if scenarios to challenge you
• Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles
Table of contents
- Cover
- Title Page
- Copyright Page
- Contents at a glance
- Contents
- Introduction
- Chapter 1 Implement server hardening solutions
- Chapter 2 Secure a Virtualization Infrastructure
-
Chapter 3 Secure a network infrastructure
-
Skill 3.1: Configure Windows Firewall
- Configure Windows Firewall with Advanced Security
- Configure network location profiles and deploy profile rules using Group Policy
- Configure connection security rules using Group Policy, the GUI console, or Windows PowerShell
- Configure Windows Firewall to allow or deny applications
- Configure authenticated firewall exceptions
- Skill 3.2: Implement a software-defined Distributed Firewall
- Skill 3.3: Secure network traffic
- Thought experiment
- Thought experiment answer
-
Skill 3.1: Configure Windows Firewall
-
Chapter 4 Manage Privileged Identities
- Skill 4.1: Implement an Enhanced Security Administrative Environment administrative forest design approach
-
Skill 4.2: Implement Just-in-Time administration
- Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager
- Configure trusts between production and bastion forests
- Create shadow principals in bastion forest
- Configure the MIM web portal
- Request privileged access using the MIM web portal
- Determine requirements and usage scenarios for Privileged Access Management solutions
- Create and implement MIM policies
- Implement just-in-time administration principals using time-based policies
- Request privileged access using Windows PowerShell
-
Skill 4.3: Implement Just-Enough-Administration
- Enable a JEA solution on Windows Server 2016
- Create and configure session configuration files
- Create and configure role capability files
- Create a JEA endpoint
- Connect to a JEA endpoint on a server for administration
- View logs
- Download WMF 5.1 to a Windows Server 2008 R2
- Configure a JEA endpoint on a server using Desired State Configuration
- Skill 4.4: Implement Privileged Access Workstations and User Rights Assignments
- Skill 4.5: Implement Local Administrator Password Solution
- Chapter summary
- Thought experiment
- Thought experiment answers
-
Chapter 5 Implement threat detection solutions
-
Skill 5.1: Configure advanced audit policies
- Determine the differences and usage scenarios for using local audit policies and advanced auditing policies
- Implement auditing using Group Policy and Auditpol.exe
- Implement auditing using Windows PowerShell
- Create expression-based audit policies
- Configure the audit PNP activity policy
- Configure the Audit Group Membership policy
- Enable and configure module, script block, and transcription logging in Windows PowerShell
-
Skill 5.2: Install and configure Microsoft Advanced Threat Analytics
- Determine usage scenarios for ATA
- Determine deployment requirements for ATA
- Install and Configure ATA Gateway on a Dedicated Server
- Install and Configure ATA Lightweight Gateway Directly on a Domain Controller
- Configure alerts in ATA Center when suspicious activity is detected
- Review and edit suspicious activities on the Attack Time Line
- Skill 5.3: Determine threat detection solutions using Operations Management Suite
- Thought experiment
- Thought experiment answers
-
Skill 5.1: Configure advanced audit policies
-
Chapter 6 Implement workload-specific security
-
Skill 6.1: Secure application development and server workload infrastructure
- Determine usage scenarios, supported server workloads, and requirements for Nano Server deployments
- Install and configure Nano Server
- Implement security policies on Nano Servers using Desired State Configuration
- Determine usage scenarios and requirements for Windows Server and Hyper-V containers
- Install and configure Hyper-V containers
-
Skill 6.2: Implement a Secure File Services infrastructure and Dynamic Access Control
- Install the File Server Resource Manager role service
- Configure quotas
- Configure file screens
- Configure Storage Reports
- Configure File Management Tasks
- Configure File Classification Infrastructure using FSRM
- Implement Work Folders
- Configure user and device claim types
- Create and configure resource properties and lists
- Create and configure central access rules and policies
- Implement policy changes and staging
- Configure file access auditing
- Perform access-denied remediation
- Chapter summary
- Thought experiment
- Thought experiment answers
-
Skill 6.1: Secure application development and server workload infrastructure
- Index
- About the Authors
- About the Contributing Authors
- Code Snippetsr
Product information
- Title: Exam Ref 70-744 Securing Windows Server 2016
- Author(s):
- Release date: December 2016
- Publisher(s): Microsoft Press
- ISBN: 9781509304301
You might also like
book
Windows Server 2016 Security, Certificates, and Remote Access Cookbook
This book contains more than 25 hands-on recipes that will equip you to build a PKI …
book
Exam Ref MD-101: Managing Modern Desktops
Prepare for Microsoft Exam MD-101–and help demonstrate your real-world mastery of skills and knowledge required to …
book
Windows 10 for Enterprise Administrators
Tag line About This Book Learn the art of configuring, deploying, managing and securing Windows 10 …
video
Microsoft Exchange Server 2016
10+ Hours of Video Instruction Learn from an expert while you become the expert. This video …