Exam 70-744: Securing Windows Server 2016

The Securing Windows Server 2016 (70-744) exam is one of the other criterion exams of Microsoft that helps candidates to secure their expected roles and salaries in the industry. This credential increases the value of their CV and enhances it. For this exam, the candidates showcase their skills while securing the Windows Server 2016 environments. These skills include multiple checkpoints; for eg, Implement Server Hardening, Solutions, Secure a Virtualization Infrastructure, Secure a Network Infrastructure, Manage Privileged Identities, Implement Threat Detection Solutions, Implement Workload-Specific Security, etc.

Target Audience

The Securing Windows Server 2016 (70-744) exam is for IT professionals ready to move their careers ahead in their desired direction with the Microsoft credential. It is also for educators and freelancers whose careers revolve around the subject.

Recommended Knowledge and Prerequisites

There are no traditional prerequisites to fulfill as an aspirant for this exam. Though, they are a few essentials that candidates must learn/know before applying for the exam. Here are a few examples;

Must be familiar with different methods and technologies utilized to strengthen server environments and secure virtual machine infrastructures with the help of Shielded and encryption-supported virtual machines and Guarded Fabric.
Knowing how to manage the protection of Active Directory and Identity infrastructures.
Knowing how to manage privileged identities using Just in Time (JIT) and Just Enough Administration (JEA) approaches, implement Privileged Access Workstations (PAWs), and secure servers by using the Local Administrator Password Solution (LAPS).
Have the ability to use threat detection solutions such as auditing access, implementing Advanced Threat Analytics (ATA), deploying Operations Management Suite (OMS) solutions, and recognizing treatments for particular workloads.

Exam Details

Exam Name Securing Windows Server 2016	Exam Code (70-744)
Exam Duration 120 mins	Exam Format Multiple Choice and Multi-Response Questions
Exam Type Windows Server	Number of Questions 40-60 Questions
Eligibility/Pre-Requisite NIL	Exam Fee $165 USD
Exam Language English, Spanish, Chinese (Simplified), French, German, Japanese, Portuguese (Brazil)	Pass Score 700 (on a scale of 1-1000)

Schedule Your Exam

Follow the steps below to schedule your Microsoft certification exam –

Go to the Microsoft portal, to register yourself
Click on “Schedule Exam” to schedule an exam date at your convenience
Fill all your details asked in the next page that appears
Select the exam delivery option on the Pearson VUE page
Pay your exam fees. You have successfully registered for the Microsoft 70-744 Exam

Exam Retake Policy

General Microsoft Certification exam has the following retake policy:

If a candidate fails to achieve the passing marks in the exam the first time, the candidate must wait 24 to 30 hours before retaking the exam. Candidates can log onto their certification dashboard and reschedule the exam after the aforesaid time period.
If a candidate fails to get the passing scores the second time, he/she must wait for at least 14 days before retaking the exam a third time.
For the fourth and fifth subsequent exam retakes a 14 day waiting period is required.
Any candidate is not liable to give an exam more than 5 times per year. He/she is eligible for the exams 12 months from that date.

Exam retakes exceptions will be accepted when there is a failure due to the lab crash, internet connectivity issues, equipment failure, or in case of requests that include a Pearson VUE case number. The exception requests must be mailed to [email protected]. These requests include candidate ID, first/last name, email associated with the candidate ID, exam registration ID, exam number, description of error, Pearson VUE case number.

Exam Cancellation Policy

For Microsoft exams, there is no charge if any candidate reschedules/cancel an examination appointment at least 6 business days prior to your appointment. If he/she cancels or reschedules the examination within 5 days of the registered exam time, some fee will be applied. If he/she fails to cancel/ reschedule the appointment or fails to appear for the appointment at least 24 hours before the candidate`s scheduled exam appointment, then he/she forfeits the full examination fees.

Recertification Policy

Microsoft certification is expected to expire when the products are out of mainstream support although the person`s certification will be recognized. Officially, the MCSA certification will never expire.

Exam Result

Right after successfully completing your Microsoft 70-744 Exam, you will be notified of your pass or fail status within a few minutes of completing your exam. Also, printed reports providing your exam score and feedback on your performance will also be provided to you. Your score will be forwarded to Microsoft within five business days. As far as Beta exam results are concerned, your result will be visible on your Microsoft transcript. However, you will see your result only if you’ve achieved a passing score. Also, this result will be published on Pearson VUE’s site within 14 business days, after the live exam is published.

Note – If you are able to clear the beta exam, you will earn Microsoft credit for that exam and will also receive a resulting certification. Moreover, you are not required to retake the exam in its live version after clearing its beta version.

For More Details See – Microsoft 70-744 FAQ – Securing Windows Server 2016

Microsoft 70-744 Course Outline

The Securing Windows Server 2016 (70-744) exam covers the following domains.

Implement Server Hardening Solutions (25-30%)

Configure disk and file encryption – This objective may include but is not limited to: Determine hardware and firmware requirements for secure boot and encryption key functionality; deploy BitLocker encryption; deploy BitLocker without a Trusted Platform Module (TPM); deploy BitLocker with a TPM only; configure the Network Unlock feature; configure BitLocker Group Policy settings; enable Bitlocker to use the secure boot for the platform and BCD integrity validation; configure BitLocker on Cluster Shared Volumes (CSVs) and Storage Area Networks (SANs); implement BitLocker Recovery Process using self-recovery and recovery password retrieval solutions; configure Bitlocker for virtual machines (VMs) in Hyper-V; determine usage scenarios for Encrypting File System (EFS); configure the EFS recovery agent; manage EFS and BitLocker certificates, including backup and restore
Implement malware protection – This objective may include but is not limited to: Implement the antimalware solution with Windows Defender; integrate Windows Defender with WSUS and Windows Update; configure Windows Defender using Group Policy; configure Windows Defender scans using Windows PowerShell; implement AppLocker rules; implement AppLocker rules using Windows PowerShell; implement Control Flow Guard; implement Code Integrity (Device Guard) Policies; create Code Integrity policy rules; create Code Integrity file rules
Protect credentials – This objective may include but is not limited to: Determine requirements for implementing Credential Guard; configure Credential Guard using Group Policy, WMI, command prompt, and Windows PowerShell; implement NTLM blocking
Create security baselines – This objective may include but is not limited to: Install and configure Microsoft Security Compliance Toolkit; create, view, and import security baselines; deploy configurations to a domain and non-domain joined servers

Secure a Virtualization Infrastructure (5-10%)

Implement a Guarded Fabric solution – This objective may include but is not limited to: Install and configure the Host Guardian Service (HGS); configure Admin-trusted attestation; configure TPM-trusted attestation; configure the Key Protection Service using HGS; migrate Shielded VMs to other guarded hosts; troubleshoot guarded hosts
Implement Shielded and encryption-supported VMs – This objective may include but is not limited to: Determine requirements and scenarios for implementing Shielded VMs; create a shielded VM using only a Hyper-V environment; enable and configure vTPM to allow an operating system and data disk encryption within a VM; determine requirements and scenarios for implementing encryption-supported VMs; troubleshoot Shielded and encryption-supported VMs

Secure a Network Infrastructure (10-15%)

Configure Windows Firewall – This objective may include but is not limited to: Configure Windows Firewall with Advanced Security; configure network location profiles; configure and deploy profile rules; configure firewall rules for multiple profiles using Group Policy; configure connection security rules using Group Policy, the GUI management console, or Windows PowerShell; configure Windows Firewall to allow or deny applications, scopes, ports, and users using Group Policy, the GUI management console, or Windows PowerShell; configure authenticated firewall exceptions; import and export settings
Implement a Software-Defined Datacenter Firewall – This objective may include but is not limited to: Determine requirements and scenarios for Datacenter Firewall implementation with Software Defined Networking; determine usage scenarios for Datacenter Firewall policies and network security groups; Configure Datacenter Firewall Access Control Lists
Secure network traffic – This objective may include but is not limited to: Configure IPsec transport and tunnel modes; configure IPsec authentication options; configure connection security rules; implement isolation zones; implement domain isolation; implement server isolation zones; determine SMB 3.1.1 protocol security scenarios and implementations; enable SMB encryption on SMB Shares; configure SMB signing via Group Policy; disable SMB 1.0; secure DNS traffic using DNSSEC and DNS policies; install and configure Microsoft Message Analyzer (MMA) to analyze network traffic

Manage Privileged Identities (25-30%)

Implement Just-In-Time (JIT) Administration – This objective may include but is not limited to: Create a new administrative (bastion) forest in an existing Active Directory environment using Microsoft Identity Manager (MIM); configure trusts between production and bastion forests; create shadow principals in bastion forest; configure the MIM Web portal; request privileged access using the MIM Web portal; determine requirements and usage scenarios for Privileged Access Management (PAM) solutions; create and Implement MIM policies; implement Just-in-Time administration principals using time-based policies; request privileged access using Windows PowerShell
Implement Just-Enough-Administration (JEA) – This objective may include but is not limited to: Enable a JEA solution on Windows Server 2016; create and configure session configuration files; create and configure role capability files; create a JEA endpoint; connect to a JEA endpoint on a server for administration; view logs; download WMF 5.1 to a Windows Server 2008 R2; configure a JEA endpoint on a server using Desired State Configuration (DSC)
Implement Privileged Access Workstations (PAWs) and User Rights Assignments – This objective may include but is not limited to: Implement a PAWS solution; configure User Rights Assignment group policies; configure security options settings in Group Policy; enable and configure Remote Credential Guard for remote desktop access; Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach; Determine usage scenarios and requirements for implementing ESAE forest design architecture to create a dedicated administrative forest
Implement Local Administrator Password Solution (LAPS) – This objective may include but is not limited to: Install and configure the LAPS tool; secure local administrator passwords using LAPS; manage password parameters and properties using LAPS

Implement Threat Detection Solutions (15-20%)

Configure advanced audit policies – This objective may include but is not limited to: Determine the differences and usage scenarios for using local audit policies and advanced auditing policies; implement auditing using Group Policy and AuditPol.exe; implement auditing using Windows PowerShell; create expression-based audit policies; configure the Audit PNP Activity policy; configure the Audit Group Membership policy; enable and configure Module, Script Block, and Transcription logging in Windows PowerShell
Install and configure Microsoft Advanced Threat Analytics (ATA) – This objective may include but is not limited to: Determine usage scenarios for ATA; determine deployment requirements for ATA; install and configure ATA Gateway on a dedicated server; install and configure ATA Lightweight Gateway directly on a domain controller; configure alerts in ATA Center when suspicious activity is detected; review and edit suspicious activities on the attack timeline
Determine threat detection solutions using Operations Management Suite (OMS) – This objective may include but is not limited to: Determine usage and deployment scenarios for OMS; determine security and auditing functions available for use; determine Log Analytics usage scenarios

Implement Workload-Specific Security (5-10%)

Secure application development and server workload infrastructure – This objective may include but is not limited to: Determine usage scenarios, supported server workloads, and requirements for deployments; determine usage scenarios and requirements for Windows Server and Hyper-V containers; install and configure containers
Implement a secure file services infrastructure and Dynamic Access Control (DAC) – This objective may include but is not limited to: Install the File Server Resource Manager (FSRM) role service; configure quotas; configure file screens; configure storage reports; configure file management tasks; configure File Classification Infrastructure (FCI) using FSRM; implement work folders; configure file access auditing; configure user and device claim types; implement policy changes and staging; perform access-denied remediation; create and configure Central Access rules and policies; create and configure resource properties and lists

Preparation Guide for the Securing Windows Server 2016 (70-744) exam

While preparing for the exam, it is very crucial to make the right choice regarding the preparation material. While some prefer online education stuffs to equip themselves with the necessary skills, others prefer the traditional methods of going through sets of books to ace the exam. Below are the preparation resources that will assist your in your preparation and gain command of the required skills.

Learning Resource 1: Microsoft Website

The official Microsoft website has many resources for their aspirants to get on and get the most out of them. To increase their efficiency and confidence to pass the Microsoft 70-744 exam, here are a few resources that one can find via the official website:

1. Official Practice Test – This link takes you directly to the place where you can purchase your official practice test. Unlike other sample tests, this official test will be from head to toe like your real examination. This will provide you with a better gist of the exam. The final purchase will cost you around $100.

2. The Dashboard – This is the most basic page you will be visiting unless your a good, obedient student who keeps all the important things downloaded and in one secure place; for eg. The exam outline, the scheduled appointment’s details, list of required prerequisites/skills, etc.

3. Request Accommodations – If any candidates need any kind of assistance or accommodation for the exam. Candidates can visit this link and choose their preferred option to continue with. The only documents that the candidates will need for this will be a detailed letter from their psychologist or physiotherapist or the necessary one. You can also submit other vital documents like a copy of test reports and a certificate.

4. Exam Replay – This option is for every examinee. The Exam replay button gives you two services to choose from; viz, 1. an exam voucher with a one-time chance to retake the exam (if you fail) and 2. an exam voucher with the Official Practice Test and one time chance to retake the exam (if you fail).

Learning Resource 2: Microsoft Official Academic Course (MOAC) Textbook

The Microsoft Official Academic Course (MOAC) textbook is the best book that covers all your important elements for the exam. It’s the epitome and the central book for studying for the exam. It’s the official book for aspirants opting for the Microsoft 70-744 exam.

This book mainly highlights and interprets the information on the securing windows. Also, this book is just a textbook of the Microsoft Official Academic course program. Thus, this means that you are getting instructional backing from Microsoft. The materials mentioned in the book are certainly precise, factual, and reliable.

Learning Resource 3: Securing Windows Server 2016 Training Course

Securing Windows Server 2016 course is 5 days, instructor-led course for the aspirants to learn how to strengthen the security of the IT infrastructure that they administer. This course also educates on how to use auditing and the Advanced Threat Analysis feature in Windows Server 2016 to identify security issues. Candidates will also get to learn how to encounter malware threats, secure the visualization setting, and use deployment options such as Nano servers and containers to enrich the security.

This course is for the candidates appearing for the Microsoft 70-744 exam and also for IT professionals who commonly work with networks that are configured as Windows Server domain-based environments along with managed access to the internet and cloud services.

Learning Resource 4: Online Microsoft Community

While the above-mentioned site works for you or not, an online community is always an alternative for accessing content and hacks for the exam. As always, the internet can be scary as well as a heavenly place for everything you want. You can either encounter a fake community and end up being taken advantage of or genuinely come across brilliant competitors who expand your mastery and likelihood of passing the exam with scholarly interactions.

Evaluate with Practice Tests

Practice tests are all over the internet, one can find it in bundles too! Practicing via the Microsoft 70-744 Practice Tests can truly upgrade your game and elevate the odds of them failing. Candidates may study and revise via viva and watch as many videos as possible. But an online test stimulation or standardized test stimulation really helps you climb the steepest slopes of the mountain. It enhances your speed too. Practicing can be time-consuming but it stands for a beneficial reason. Thus, we have been taught the significance of practicing our subjects since elementary school.