70-660 Microsoft TS: Windows Internals

70-660 Microsoft TS: Windows Internals

http://www.TwPass.com

70-660

Microsoft

TS: Windows Internals

http://www.twpass.com/twpass.com/exam.aspx?eCode= 70-660

The 70-660 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 70-660 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently.

The 70-660 exam is very challenging, but with our 70-660 questions and answers practice exam, you can feel confident in obtaining your success on the 70-660 exam on your FIRST TRY!

Microsoft 70-660 Exam Features

- Detailed questions and answers for 70-660 exam

- Try a demo before buying any Microsoft exam

- 70-660 questions and answers, updated regularly

- Verified 70-660 answers by Experts and bear almost 100% accuracy

- 70-660 tested and verified before publishing

- 70-660 exam questions with exhibits

- 70-660 same questions as real exam with multiple choice options

Acquiring Microsoft certifications are becoming a huge task in the field of I.T. More over these exams like 70-660 exam are now continuously updating and accepting this challenge is itself a task.

This 70-660 test is an important part of Microsoft certifications. We have the resources to prepare you for this. The 70-660 exam is essential and core part of Microsoft certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 70-660 Test and save time and money while developing your skills to pass

your Microsoft 70-660 Exam? Let us help you climb that ladder of success and pass your 70-660 now!

70-660

QUESTION:

1

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network has a Windows

Server 2008 application server named ABC-SR01. ABC.com has entered into partnership with Weyland Industries. Weyland Industries has recently developed an application for their network users, which will be run from ABC-SR01. During the course of the day you receive complaints from the Weyland Industries network users that the application as result of heap corruption. After a brief analysis, you instruct the Weyland Industries network users to enable the full page heap dump when creating a user dump file for troubleshooting. You would like to verify whether the Weyland Industries network users had indeed enabled the full page heap dump when they created the user dump. Which of the following actions should you take?

A. You should consider making use of the WinDbg !Locks command.

B. You should consider making use of the WinDbg !runaway command.

C. You should consider making use of the WinDbg !gflag command.

D. You should consider making use of the Debub: D (dump file) command.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=1

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

2

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network has a Windows

Server 2008 application server named ABC-SR01. ABC.com has recently developed an application that uses a service for their network users which will be run from ABC-SR01.

While performing daily system maintenance on ABC-SR01 you notice that the CPU is operating at maximum capacity. You have been tasked with determining which service results in the CPU utilization being heavy by performing a process dump of the service. Which of the following actions should you take?

A. You should consider making use of the System Monitor utility after running the dump.

B. You should consider making use of the Adplus.vbs utility after running the dump. 2

C. You should consider making use of a Process Viewer utility after running the dump.

D. You should consider making use of the Task Manager utility after running the dump.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=2

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

3

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. ABC.com has recently developed an application that makes use of an I/O dispatch routine, which supports buffered I/O. The CIO from ABC.com has asked you to modify the application to make use of a 5-KB I/O request packet (IRP). The CIO from Weyland Industries has also asked you to obtain the kernel address of the 5-KB buffer. Which of the following statements are true with regard to the kernel address of the 5-KB buffer?

A. The Irp->Overlay.Driver[1] field of the IRP would contain the kernel address of the

5-KB buffer.

B. The Irp->UserBufferContext field of the IRP would contain the kernel address of the

5-KB buffer.

C. The Irp->AssociatedIrp.SystemBuffer field of the IRP would contain the kernel address of the 5- KB buffer.

D. The Irp->Overlay.Context field of the IRP would contain the kernel address of the 5-

KB buffer.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=3

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

4

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. ABC.com has recently developed a multithreaded application for their network users, which will be run from ABC-SR01. A current ABC.com written security policy states that all applications should be tested for heap leaks. You have been given the task of enforcing this policy. 3 Which of the following actions should you take?

A. You should consider making use of the Process\Handle Count counter of

Performance Monitor.

B. You should consider making use of the Process %Privilege Time counter of

Performance Monitor.

C. You should consider making use of the Process\Private Byte counter of Performance

Monitor.

D. You should consider making use of the Process %Elapsed Time counter of

Performance Monitor.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=4

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

5

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. ABC.com has recently developed a driver for newly developed hardware. A current

ABC.com written security policy states that verification on the process interrupts and

processor time is used by new drivers. You have been instructed to enforce this security policy. Which of the following actions should you take?

A. You should consider making use of the Windows Event Viewer utility.

B. You should consider making use of the Performance Monitor utility.

C. You should consider making use of the System MonitorTaskmgr.exe utility.

D. You should consider making use of a Process Viewer utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=5

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

6

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains an application server named ABC-SR01. ABC.com has recently developed an application for their network users, which will be run from 4 ABC-SR01. A new ABC.com written security policy states that all network users should be required to use Active Directory user accounts with passwords when accessing applications hosted on ABC-SR01. The CIO has instructed you to make sure that the new security policy is enforced. Which of the following actions should you take?

A. You should consider making use of the CredUIPromptForCredentials() routine to ensure the network users use Active Directory user accounts and credentials.

B. You should consider making use of the CredUILogonProcess() routine to ensure the network users use Active Directory user accounts and credentials.

C. You should consider making use of the CredWriteLocalCredentials() routine to ensure the network users use Active Directory user accounts and credentials.

D. You should consider making use of the CredWriteDomainUserName() routine to ensure the network users use Active Directory user accounts and credentials.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=6

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

7

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the network run Microsoft

Windows Server 2008 and all client computers run Microsoft Windows XP Professional or

Microsoft Windows Vista. The ABC.com network contains an application server named ABC-

SR01. ABC.com has developed an audio driver for an application that will be run from ABC-

SR01. You receive instruction from ABC.com to make sure that the new audio driver is checked for memory used after it has been released. It must also be checked for Memory underruns and overruns. Which of the following actions should you take?

A. You should consider making use of Windows File Protection to check the driver.

B. You should consider using the Special pool option of the Driver Verifier tool.

C. You should consider making using of the System File Checker (SFC) tool.

D. You should consider making use of the File Signature Verification tool. 5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=7

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

8

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008 and all workstations run either Windows XP Professional or Microsoft

Windows Vista. The ABC.com network contains an application server named ABC-SR01.

ABC.com has recently developed an application, which is programmed to write to a local transaction log. You have been instructed to make sure that the application is able to have write operations committed to the hard disk in sequential order, in the event of a server operating system failure. Which of the following actions should you take?

A. You should consider having the application configured with its own memory space using the Memory mapped I/O method.

B. You should consider making use of the Asynchronous I/O method for the application.

C. You should consider making use of the Write-through I/O method for the application.

D. You should consider making use of the Synchronous I/O method for the application.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=8

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

9

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008 and all workstations run either Windows XP Professional or Microsoft

Windows Vista. The ABC.com network contains an application server named ABC-SR01.

ABC.com has recently developed an application, which will be run from ABC-SR01. During the course of the day, you receive complaints from network users stating that the application fails as a result of a missing Dynamic Link Library (DLL). 6 The CIO has requested that you determine which DLL file is missing from the application. Which of the following actions should you take?

A. You should consider making use of the Depends.exe utility.

B. You should consider making use of the Windows Task Manager utility.

C. You should consider making use of a Process Viewer utility.

D. You should consider making use of auditing to audit the files that the application calls.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=9

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

10

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008 and all workstations run either Windows XP Professional or Microsoft

Windows Vista. The ABC.com network contains an application server named ABC-SR66.

ABC.com has recently developed a device driver for newly acquired hardware. A new

ABC.com written security policy states that all driver routines that utilize half the CPU should be identified. You have been instructed by the CIO to make sure that the new policy is adhered to. Which of the following actions should you take?

A. You should consider making use of the Performance Monitor utility.

B. You should consider making use of the Kernrate.exe utility.

C. You should consider making use of the Task Manager utility.

D. You should consider making use of a Process Viewer utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=10

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

11

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. 7 ABC.com has entered into partnership with Weyland Industries. Weyland Industries recently developed an application for their network users, which will be run from ABC-SR01.

You have received reports from the Weyland Industries network users that the application fails and generates an error message stating �the application failed due to an access violation caused by heap corruption�. You have been tasked with determining the reason for the heap corruption. Which of the following actions should you take?

A. You should consider making use of the Performance.msc snap-in.

B. You should consider making use of the Network Monitor 3.0 utility.

C. You should consider making use of the Application Verifier utility.

D. You should consider making use of the System Monitor utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=11

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

12

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR66. ABC.com has entered into partnership with Weyland Industries. Weyland Industries network users share a computer, named WEYLAND-WS01, which has a uniprocessor.

Weyland Industries has recently developed a device driver for newly attached hardware that

creates a system thread and Deffered Procedure Call (DPC), which is invoked using a repeating timer. You have received instruction from Weyland Industries to modify the application to make sure that the DPC and system threads are able to process entries in the same work queue, while also ensuring the threads are synchronized. Which of the following actions should you take?

A. You should consider making use of the NORMAL_LEVEL IRQ Level (IRQL).

B. You should consider making use of the ACTIVE_LEVEL IRQ Level (IRQL).

C. You should consider making use of the HIGH_LEVEL IRQ Level (IRQL).

D. You should consider making use of the DISPATCH_LEVEL IRQ Level (IRQL). 8

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=12

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

13

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. ABC.com has recently created an application which uses a service. This application will be run from ABC-SR01. You have discovered that a process named ABCThread, which was created by the application, places a heavy load on the CPU. ABC.com has requested that you determine the amount of CPU resources used by ABCThread. Which of the following actions should you take?

A. You should consider making use of the WinDbg !runaway WinDbg command.

B. You should consider making use of the WinDbg !vm WinDbg command.

C. You should consider making use of the WinDbg !Locks WinDbg command.

D. You should consider making use of the WinDbg !Heaps WinDbg command.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=13

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

14

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008 and all workstations run either Windows XP Professional or Microsoft

Windows Vista. The ABC.com network contains an application server named ABC-SR01.

ABC.com recently developed an application for that reads synchronously from the I/O. A new

ABC.com written security policy states that all I/O operations should be initiated. The CIO has instructed you to enforce the new policy. Which of the following actions should you take?

A. You should consider making use of the ReadFile function method whilst having a null value for 9 the OVERLAPPED structure parameter set.

B. You should consider making use of the ReadFile function method whilst having a configured value for the OVERLAPPED structure parameter set.

C. You should consider making use of the ReadFile function. You should additionally have a value of one defined for the I/O.

D. You should consider making use of the ReadFile function. You should additionally have a value of one defined for the OVERLAPPED structure parameter set.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=14

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

15

You work as the desktop support technician at ABC.com. The ABC.com network contains an application server named ABC-SR01, which runs a recently developed application. You have received instruction from the CIO to modify the application to read from COM port 15. To accomplish this, you decide to modify the application with the CreateFile function. Which of the following actions should you take?

A. You should consider making use of the device name \\ABC-SR01.\\COM15.

B. You should consider making use of the device name \\\\.\\COM15.

C. You should consider making use of the device name "\\\\.ABC-SR01.\\COM15".

D. You should consider making use of the device name "\\ABC-SR01.\\\\%COM15%".

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=15

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

16

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. Network users in ABC.com�s Marketing division share a workstation named ABC-

WS660. After attaching new hardware to ABC-WS660, you are instructed to have the

Functional Device Object (FDO) creation debugged for the attached hardware. Which of the following actions should you take? 10

A. You should consider debugging the RemoveDecive () routine of the functional device object (FDO).

B. You should consider debugging the StartIoDriver() routine of the functional device object (FDO).

C. You should consider debugging the StartIoBuffer() routine of the functional device object (FDO).

D. You should consider debugging the AddDevice() routine of the functional device object (FDO).

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=16

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

17

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run either Windows XP Professional or

Microsoft Windows Vista. The ABC.com network contains an application server named ABC-

SR66. You have recently deployed a newly developed application on ABC-SR66. While performing routine maintenance on ABC-SR66, you discover that all the processes on

ABCSR66 utilize fifty five percent of the CPU�s resources, but that the total CPU usage is at eighty five percent. You have been tasked with identifying which processes are making heavy use of the CPU. Which of the following actions should you take? (Choose two)

A. You should consider making use of the Process\Handle Count Performance Monitor counters.

B. You should consider making use of the Processor\% Interrupt Time Performance

Monitor counters.

C. You should consider making use of the System\Context Performance Monitor counters.

D. You should consider making use of the Process %Privilege Time Performance

Monitor counters.

E. You should consider making use of the Process %Elapsed Time Performance

Monitor counters.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=17

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

18

You work as the desktop support technician at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All servers on the network run Microsoft

Windows Server 2003 and all client computers run Microsoft Windows XP Professional or

Microsoft Windows Vista. 11 The ABC.com network contains an application server named

ABC-SR01. ABC.com also makes use of a computer named ABC-SR05 for authenticating their network users. ABC.com has recently designed an application that has a service named

KingServices, which is part of a shared process hosted by the \ generic host process svchost.exe. The CIO at ABC.com has instructed you to have the KingServices service process isolated. Which of the following actions should you take?

A. You should consider running the command sc.exe config KingServices1 type= own.

B. You should consider running the command sc.exe config KingServices1 type= kernel.

C. You should consider running the command sc.exe config KingServices1 type= filesys.

D. You should consider running the command sc.exe config KingServices1 interact type= share.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=18

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

19

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains an application server named

ABC-SR01. Network users in ABC.com�s Marketing division share a workstation, named

ABC-WS660. You have received instructions from ABC.com to have kernel debugging enabled. You start by performing a partial check build of the kernel and the HAL on the intended debugging target. Which of the following actions should you take next?

A. You should consider having the ntoskrnl.chk and halacpi.chk files copied into the

\Windows\System folder. You should then make use of the bootcfg.exe /redirect command run on the halacpi.chk and ntoskrnl.chk files.

B. You should consider having the ntoskrnl.chk and halacpi.chk files copied into the

\Windows\System32 folder. You should then make use of the bcdedit.exe /set HAL halacpi.chk and the command bcdedit.exe /set KERNEL ntosnrnl.chk. commands

C. You should consider having the ntoskrnl.chk and halacpi.chk files copied into the

\Windows\System folder. You should then make use of the bootcfg.exe /scan command run on the halacpi.chk and ntoskrnl.chk files. 12

D. You should consider having the ntoskrnl.chk and halacpi.chk files copied into the

\Windows\System folder. You should then make use of the bootcfg.exe /debug command run on the halacpi.chk and ntoskrnl.chk files.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=19

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

20

You work as the desktop support technician at ABC.com All servers on the ABC.com network run Windows Server 2008 and all workstations run either Windows XP Professional or

Microsoft Windows Vista. ABC.com currently makes use of an application server, named

ABC-SR01. Network users in ABC.com�s Marketing division share a workstation named

ABC-WS660. When you receive from users in the marketing division saying that the LSASS process utilizes the CPU heavily, you decide to review the user and kernel-mode stacks for threads in the LSASS process by generating a thorough dump of the memory. Which of the following actions should you take?

A. You should consider making use of the WindDbg ed nt!PoolHitTag 1GAT command.

B. You should consider making use of the WindDbg !vm command.

C. You should consider making use of the WindDbg !heap command.

D. You should consider making use of the WindDbg !pool command.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=20

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

21

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run either Windows XP Professional or

Microsoft Windows Vista. The ABC.com network contains an application server named

ABC-SR01. Network users in ABC.com�s Marketing division share a workstation named

ABC-WS651. ABC.com has recently developed an application for their network users which

will be run from ABC-SR01. ABC.com has introduced a new written security policy that states a bug report should be generated for all applications prior to installation. When you receive complaints from the Marketing 13 division users stating the application quits when handled leaks occur, you are instructed to identify which call stack is responsible for the handled leaks. Which of the following actions should you take?

A. You should consider making use of the WindDbg !pool command.

B. You should consider making use of the WindDbg use!vm command.

C. You should consider making use of the command WindDbg use!htrace enable and

!htrace diff command.

D. You should consider making use of the Debug: xs command.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=21

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

22

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run either Windows XP Professional or

Microsoft Windows Vista. The ABC.com network contains an application server named ABC-

SR01. Network users in ABC.com�s Marketing division share a workstation named ABC-

WS651. A new The ABC.com written security policy states that before adding applications, the maximum accessible paged pool size should be determined. The CIO has instructed you to make sure that the security policy is adhered to. Which of the following actions should you take?

A. You should consider making use of the Task Manager utility.

B. You should consider making use of the Performance.msc snap-in.

C. You should consider making use of the Windows debugger (WinDbg.exe) utility.

D. You should consider making use of the File Signature Verification utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=22

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

23

You work as the desktop support technician at All servers on the ABC.com network run

Windows Server 2008. The ABC.com network contains an application server named ABC-

SR01. ABC.com network users share a workstation named ABC-WS660.ABC.com has recently developed a device drive for the newly installed hardware device using a PCI slot. 14

After receiving instruction to test the device drivers prior to the installation, you determine that the interrupt processing of the device driver hangs the workstation. The CIO has instructed you to create a crash dump and locate the interrupt handling routines in the dump file. Which of the following actions should you take?

A. You should consider making use of the command WindDbg !locks command.

B. You should consider making use of the command WindDbg !heap command.

C. You should consider making use of the command WindDbg !idt command.

D. You should consider making use of the command WindDbg !vm command.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=23

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

24

You work as the desktop support technician at ABC.com. ABC.com makes use of an application server, named ABC-SR01. Network users in ABC.com�s Sales division share a workstation named ABC-WS65. ABC.com has just completed developing a sales application that will be run from ABC-SR01. The new application was then modified to make use of User

Account Control (UAC) to run the program. You immediately receive complaints from Sales division users saying that that the application does not run. ABC.com has instructed you to make sure that Sales division users are able to access the application with elevated privileges.

Which of the following actions should you take?

A. You should consider having the executable published and Group Policy should be used to install the program.

B. You should consider having the executable placed on network share with Full

Control permission for all users. You should additionally have the application added to the Software Restriction Policy.

C. You should consider configuring the manifest of the installer as marked for elevation.

D. You should consider having the executable published and Group Policy should be used to install the program into the %SystemRoot%\inf folder.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=24

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

25

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains an application server named

ABC-SR01. ABC.com has entered into partnership with Weyland Industries, who has recently developed an application which runs in user mode and runs two processes. Weyland Industries makes use of an application server, named WEYLAND-SR01. You receive instruction from the CIO to make sure that the processes of the application are configured to have access to the shared data location synchronized. Which of the following actions should you take?

A. You should consider making use of the Mutex synchronization.

B. You should consider making use of the Spinlock synchronization.

C. You should consider making use of the Critical Section synchronization.

D. You should consider making use of the ERESOURCE synchronization.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=25

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

26

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network contains an application server named

ABC-SR01. The CIO has requested that you create a device driver that generates a report which displays a timeline showing the processor time spent in interrupt service routine (ISR), as well as deferred procedure calls (DPCs). The CIO a also wants the report to show the complementary call stack. Which of the following actions should you take?

A. You should consider making use of the System Monitor utility.

B. You should consider making use of the Performance Monitor utility.

C. You should consider making use of the Xperf utility.

D. You should consider making use of the Task Manager and Network Monitor 3.0 utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=26

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

27

You work as the desktop support technician at ABC.com. The ABC.com network contains an application server named ABC-SR01. ABC-SR01 is configured to run a newly developed

Finance application. Network users in ABC.com�s Finance division share a workstation named ABC-WS66. Users in the Finance division have reported that when they close the application, some files remain active. The CIO has instructed you to make sure that all files are closed when the application closes. Which of the following actions should you take?

A. You should consider making use of the Task Manager utility to end all process of the application.

B. You should consider making use of a Group Policy which configured auditing of the application processes and files opened.

C. You should consider having auditing configured for the application.

D. You should consider making use of the Handle.exe utility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=27

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

28

You work as the desktop support technician at ABC.com. All servers on the ABC.com network have Windows Server 2003 x64 Edition installed and all workstations have either Windows XP

Professional or Microsoft Windows Vista installed. The ABC.com network contains an application server named ABC-SR01. When ABC-SR01 suddenly fails, a dump file is generated before it restarts. You then receive instruction from the CIO to access the dump file to identify which instruction exception was caused by the kernel-mode device driver. The CIO also instructs you to check whether the driver is damaged. Which of the following actions should you take?

A. You should consider making use of the command WindDbg !chkimg command.

B. You should consider making use of the command WindDbg !idt and WinDbg !heap commands.

C. You should consider making use of the command WindDbg !vm and WinDbg

!idtcommand.

D. You should consider making use of the command WindDbg !heap and WinDbg

!locks 17 commands.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=28

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

29

You work as the desktop support technician at ABC.com. ABC.com makes use of a computer named ABC-SR01 for accessing the Internet. ABC.com network users also make use of

ABCSR01 to access the Internet. The CIO at has asked you to confirm whether the updated device drivers acquired from the Internet are digitally signed. Which of the following actions should you take?

A. You should consider opening Control Panel to access System and configure File

Signature Verification under the hardware tab.

B. You should consider making use of the Signtool.exe utility to verify the drivers.

C. You should consider making use of the Windows File Protection utility to verify the drivers.

D. You should consider making use of the System File Checker utility to verify the drivers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=29

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

30

You work as the desktop support technician at ABC.com. All servers on the ABC.com network run Windows Server 2008 and all workstations run either Windows XP Professional or

Microsoft Windows Vista. The ABC.com network contains an application server named

ABC-SR01. ABC.com has recently developed a Sales application, which has two processes and several custom Dynamic Link Libraries (DLL). The Sales application will be run from

ABC-SR01. Network users in ABC.com�s Sales division share a workstation named ABC-

WS660. During the course of the day you receive instruction to modify the application to make sure that WeyDLL, which loads the third-party DLL, is used as the DLL entry point. You are also instructed to make sure that loader is not deadlocked, and that the application makes use of the third-party DLL. 18 Which of the following actions should you take?

A. You should consider having the third-party DLL loading deferred to another export function.

B. You should consider modifying the application to use the CreateProcess to load the third-party DLL.

C. You should consider having the application reassembled with the third-party DLL.

D. You should consider modifying the application to use the Call process which loads the thirdparty DLL.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=30

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

31

In a Windows-based system, which of the following drivers are optional drivers that add value to the behavior of a device and may be considered as non-device drivers?

A. Function drivers

B. Class drivers

C. Filter drivers

D. Bus drivers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=31

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

32

For programmers, software architects, testers, and security consultants, one of the biggest challenges is to understand the consequences of their applications when deployed into production. In spite of access to the source code, it is difficult for them to grasp everything that may occur during the execution of applications due to a variety of dependencies. Some of the common problems that are faced when an application is deployed into the production stage are as follows: 1. To check whether the application is able to hide access violations using structured exception handling 2. To check whether the application is attempting to use invalid handles 3. To check whether there are memory corruptions or issues in the heap 4. To check whether the application runs out of memory under low resources 19 5. To check whether the correct usage of critical sections is occurring Microsoft has designed a runtime verification tool, known as Application Verifier (AppVerifier) that plays a critical role to help manage the complexity and the potential side effects of bugs. Which of the above-mentioned problems can be verified by an Application Verifier?

A. Only 1

B. All the mentioned problems can be verified with the help of application verifier.

C. Only 1 and 2

D. Only 1, 2, 3, and 5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=32

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

33

On 32-bit x86 systems, the total virtual address space is of 4GB. By default, Windows allocates half of this address space to processes for their unique private storage and the other half for its own protected system memory utilization. Since 2GB is not enough virtual address space to

map very large databases, which Windows mechanism can be used by 32-bit applications to allocate up to 64GB of physical memory and to map views into its 2GB virtual address space?

A. Driver signing mechanism

B. Tracer

C. Address Windowing Extension

D. Trap dispatching

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=33

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

34

You work as an Application Developer for ABC Inc. You have been assigned the task of developing a device driver that performs the following tasks: � Disk mirroring � Encryption

� Interception of I/Os � Added-value processing before passing the I/O to the next level 20

Which of the following types of drivers will you create?

A. Function drivers

B. Bus drivers

C. File system drivers

D. File system filter drivers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=34

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

35

Mark works as a Software Developer for ABC.com. The company has a Windows NT-based network. Mark is developing a scalable high-performance server application. In the development process, he finds that the I/O services that allow environment subsystems to implement their respective I/O functions are not supported. To resolve the issue, he diagnoses the internal system files and finds that the environment subsystem of the user mode of his computer is not able to pass the I/O requests to the appropriate kernel mode software drivers.

What can be the reasons due to which environment subsystems are not able to pass the I/O requests? Each correct answer represents a complete solution. Choose all that apply.

A. The integral subsystem does not support the environment subsystem.

B. The I/O manager does not support the environment subsystem.

C. The I/O manager does not support the integral subsystem.

D. The kernel mode has restricted access to the system memory.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=35

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

36

Peter works as an Application Programmer for ABC.com . He has developed a software

program. When he compiles and runs the program for the first time, the memory gets corrupted. To find the bug in his program, he tries to run the same program on another computer. The second system also shows memory corruption after running the program. To resolve the issue, he consults John, an Escalation Engineer of the company. John tells Peter that there is a dangling pointer in the program, which is causing the memory corruption. What is the most likely reason of a dangling pointer corrupting memory?

A. It uses memory beyond its allocation.

B. It causes faulty heap memory management.

C. It uses un-initialized memory.

D. It uses un-owned memory.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=36

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

37

Mark works as a Desktop Engineer for ABC.com. The company uses Windows NT systems.

One of the computers of the company is not able to isolate the device drivers and the kernel from the platform-specific hardware components. Which of the following kernel-mode components does he need to troubleshoot to resolve the problem?

A. The Windows executive

B. The hardware abstraction layer

C. The Windows kernel

D. The windowing and graphics system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=37

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

38

Mark works as an Application Engineer for ABC.com. The company has Windows-based systems. Mark develops a driver that can help find and isolate bugs in device drivers and other kernel-mode system code. He wants to ensure that the driver verifier monitors disk read and write operations and that the devices are allowed to transfer data to or from the physical memory without involving the CPU. To accomplish this, he does the following configuration on his driver verifier: microsoft&c=70-660&q=1 The driver verifier is able to monitor disk read and write operations and is also able to transfer data but only with the help of the CPU.

What can be the most likely cause of the CPU being involved in the transfer of data?

A. The DMA checking option is disabled.

B. The Disk Integrity Checking option is enabled.

C. The Enhanced I/O Verification option is enabled.

D. The Force Pending I/O Requests option is disabled.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=38

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

39

John works as a Software Engineer for ABC.com. The company has a Windows-based network. John has developed a driver that can help find and isolate bugs in device drivers and other kernelmode system code. He has enabled the following options in his driver verifier: �

I/O verification � DMA checking � IRP logging The driver verifier is able to allocate IRPs for the verified drivers and is also able to track their usage. However, it is not able to monitor all IRPs to ensure that drivers mark them correctly while completing them asynchronously.

What can be done to resolve the issue?

A. Enable the Disk Integrity Checking option

B. Enable the Force Pending I/O Request option

C. Disable the I/O Verification option

D. Enable the Enhanced I/O Verification option 23

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=39

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

40

You work as a Network Administrator for ABC.com. Rick, a Sales Manager, complains that his Windows 98 computer is not displaying the taskbar. You reboot his computer and find that the taskbar is still missing. How will you resolve the issue?

A. Replace WIN.INI from backup.

B. Reinstall Windows 98 on Rick s computer.

C. Use Registry Editor to delete the following registry key:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerStuckR ects

D. Copy the registry from backup.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=40

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

41

John works as an Escalation Engineer for ABC.com . The company uses Windows systems.

John has to troubleshoot a system in which committed pages have reached its commit limit due to virtual memory exhaustion. Which of the following commands can John use to determine the virtual memory exhaustion?

A. The !vm command

B. The !irp command

C. The lm command with the kv option

D. The ! process 0 0 debugger command

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=41

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

42

Mark works as an Escalation Engineer for ABC Inc. The company has a Windows-based network. John, an application programmer of the company, complains to Mark that whenever he runs a program in release mode, it works fine, but if he tries to run the same program in debug mode, it shows an error. 24 After an analysis of the problem, Mark tells John that the information provided by him is not sufficient to resolve the issue. Mark asks John if he is able to see some of the following symptoms while running the program: � System errors, such as access violations � Unexpected data in program output � Unexpected paths of program execution John replies that sometimes the program shows the error message of access violation. What can be the most likely cause of the error?

A. He has retained a pointer to a COM interface in the calling subprogram.

B. He is deleting an object prematurely while retaining a pointer to it.

C. In the program, he is using a very large value to index the array.

D. He is casting a pointer to a data type larger than the original allocation s data type.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=70-660&qno=42

-------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features;

- TwPass offers over

2500

Certification exams for professionals.

- More than

98,800

Satisfied Customers Worldwide.

- Average

99.8%

Success Rate.

- Over

120

Global Certification Vendors Covered.

- Services of Professional & Certified Experts available via support.

- Free 90 days updates to match real exam scenarios.

- Instant Download Access!

No Setup required.

- Price as low as $19, which is 80% more cost effective than others.

- Verified answers researched by industry experts.

- Study Material

updated

on regular basis.

- Questions / Answers are downloadable in

PDF

format.

- Mobile Device Supported (Android, iPhone, iPod, iPad)

-

No authorization

code required to open exam.

-

Portable

anywhere.

-

Guaranteed Success

.

- Fast, helpful support 24x7.

View list of All Exams (AE);

http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO.

http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement