Microsoft 70-744 Securing Windows Server 2016 Study Guide

Microsoft 70-744 Securing Windows Server 2016 Exam Study Guide

This page is a directory that links to posts I have written that cover the official objectives in the Microsoft’s 70-744 Securing Windows Server 2016 exam. Basically if you’re after detailed information on any of the exam objectives below simply click the link for further information. I passed the exam in April 2017 with a score of 916 and started creating these posts while studying as I found the amount of information online at the time to be lacking.

The official objectives for the 70-744 exam can be found here.

Study Materials

Below is a list of material that I am using while studying for the 70-744 exam.

Below you will find links to posts that I have created covering different areas of the 70-744 exam which will help you study for the exam.

Implement server hardening solutions (25-30%)

Secure a virtualization infrastructure (5-10%)

  • Implement a Guarded Fabric solution
    • Install and configure the Host Guardian Service (HGS)
    • Configure Admin-trusted attestation
    • Configure TPM-trusted attestation
    • Configure the Key Protection Service using HGS
    • Migrate Shielded VMs to other guarded hosts
    • Configure Nano Server as TPM attested guarded host
    • Troubleshoot guarded hosts
  • Implement Shielded and encryption-supported VMs
    • Determine requirements and scenarios for implementing Shielded VMs
    • Create a Shielded VM using only a Hyper-V environment
    • Enable and configure vTPM to allow an operating system and data disk encryption within a VM
    • Determine requirements and scenarios for implementing encryption-supported VMs
    • Troubleshoot Shielded and encryption-supported VMs

Secure a network infrastructure (10-15%)

  • Configure Windows Firewall
    • Configure Windows Firewall with Advanced Security
    • Configure network location profiles
    • Configure and deploy profile rules
    • Configure firewall rules for multiple profiles using Group Policy
    • Configure connection security rules using Group Policy, the GUI management console, or Windows PowerShell
    • Configure Windows Firewall to allow or deny applications, scopes, ports, and users using Group Policy, the GUI management console, or Windows PowerShell
    • Configure authenticated firewall exceptions
    • Import and export Windows Firewall settings
  • Implement a software-defined Distributed Firewall
    • Determine requirements and scenarios for Distributed Firewall implementation with software-defined networking
    • Determine usage scenarios for Distributed Firewall policies and network security groups
  • Secure network traffic

Manage privileged identities (25-30%)

  • Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach
    • Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest
    • Determine usage scenarios and requirements for implementing clean source principals in an Active Directory architecture
  • Implement Just-in-Time (JIT) Administration
    • Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager (MIM)
    • Configure trusts between production and bastion forests
    • Create shadow principals in bastion forest
    • Configure the MIM web portal
    • Request privileged access using the MIM web portal
    • Determine requirements and usage scenarios for Privileged Access Management (PAM) solutions
    • Create and implement MIM policies
    • Implement Just-in-Time administration principals using time-based policies
    • Request privileged access using Windows PowerShell
  • Implement Just-Enough-Administration (JEA)
    • Enable a JEA solution on Windows Server 2016
    • Create and configure session configuration files
    • Create and configure role capability files
    • Create a JEA endpoint
    • Connect to a JEA endpoint on a server for administration
    • View logs
    • Download WMF 5.1 to a Windows Server 2008 R2
    • Configure a JEA endpoint on a server using Desired State Configuration (DSC)
  • Implement Privileged Access Workstations (PAWs) and User Rights Assignments
    • Implement a PAWS solution
    • Configure User Rights Assignment group policies
    • Configure security options settings in Group Policy
    • Enable and configure Remote Credential Guard for remote desktop access
  • Implement Local Administrator Password Solution (LAPS)
    • Install and configure the LAPS tool
    • Secure local administrator passwords using LAPS
    • Manage password parameters and properties using LAPS

Implement threat detection solutions (15-20%)

  • Configure advanced audit policies
    • Determine the differences and usage scenarios for using local audit policies and advanced auditing policies
    • Implement auditing using Group Policy and AuditPol.exe
    • Implement auditing using Windows PowerShell
    • Create expression-based audit policies
    • Configure the Audit PNP Activity policy
    • Configure the Audit Group Membership policy
    • Enable and configure Module, Script Block, and Transcription logging in Windows PowerShell
  • Install and configure Microsoft Advanced Threat Analytics (ATA)
    • Determine usage scenarios for ATA
    • Determine deployment requirements for ATA
    • Install and configure ATA Gateway on a dedicated server
    • Install and configure ATA Lightweight Gateway directly on a domain controller
    • Configure alerts in ATA Center when suspicious activity is detected
    • Review and edit suspicious activities on the attack time line
  • Determine threat detection solutions using Operations Management Suite (OMS)
    • Determine usage and deployment scenarios for OMS
    • Determine security and auditing functions available for use
    • Determine Log Analytics usage scenarios

Implement workload-specific security (5-10%)

Please note that Microsoft may update these at any time in the future, so if you find any differences please let me know.

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to and affiliated sites.