User manual | RealTest.70-687.425Questions

RealTest.70-687.425Questions
Number: 70-687
Passing Score: 800
Time Limit: 120 min
File Version: 30.3
http://www.gratisexam.com/
Excellent Questions, I pass with 90% with these inquiries. Fellows simply read this just
I have redressed few inquiries and now score will be 95% above Guaranteed.
Best stuff I have ever utilized for my exam planning. I adore Examcollection fellows.
Included Explanations and Exhibits the majority of the inquiries.
At last, I got right inquiries for this exam and offer with you folks. All the best.
I just utilized these inquiries and got 900 imprints with this. Immaculate Show.
Exam A
QUESTION 1
A company has an Active Directory Domain Services domain. All client computers run Windows 8.1 and are joined to the domain.
You run the ipconfiq command on a client computer. The following output depicts the results.
Ethernet adapter Local Area Connection 3:
You need to ensure that you can establish a DirectAccess connection from the client computer to the network.
What should you do?
A.
B.
C.
D.
Create a new VPN connection.
Remove the computer from the domain.
Enable IPv6 on the network adapter.
Configure a static IPv4 address.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/dd637767%28v=ws.10%29.aspx DirectAccess Connections
DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network.
DirectAccess is built on a foundation of proven, standards-based technologies: Internet Protocol security (IPsec) and Internet Protocol version 6 (IPv6).
Further Information:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-3-configure-networkconnectivity-15/
A few Windows 8 functions only work with IPv6 such as DirectAccess and HomeGroup.
QUESTION 2
An organization has client computers that run Windows 7. You upgrade the client computers to Windows 8.1 without migrating the local user profiles. You install the
Windows Assessment and Deployment Kit (ADK) in the environment.
You need to migrate the user profiles from the Windows 7 installation to the Windows 8.1 installation.
What should you do first on each client computer?
A.
B.
C.
D.
E.
Run the scanstate command.
Run Windows Easy Transfer and select the user profile to migrate
Run the Ioadstate command.
Copy the Default Profile to a folder on drive C.
Run the ImaqeX command.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh825093.aspx
The ScanState command is used with the User State Migration Tool (USMT) 5.0 to scan the source computer, collect the files and settings, and create a store.
QUESTION 3
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
A local printer is shared from a client computer. The client computer user is a member of the Sales AD security group.
You need to ensure that members of the Sales security group can modify the order of documents in the print queue, but not delete the printer share.
Which permission should you grant to the Sales group?
A. Manage queue
B. Manage this printer
C. Print
D. Manage spooler
E. Manage documents
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx Group types
There are two types of groups in Active Directory: distribution groups and security groups. You can use distribution groups to create e-mail distribution lists and
security groups to assign permissions to shared resources.
Security groups
Used with care, security groups provide an efficient way to assign access to resources on your network.
Using security groups, you can:
Assign user rights to security groups in Active Directory
Assign permissions to security groups on resources
http://my.safaribooksonline.com/book/operating-systems/9780133118025/sharing-printers/ch21lev2sec24 Setting Printer Permissions
If you have a workgroup network and have disabled Password Protected Sharing, or if you have set up a homegroup, you don't need to worry about setting
permissions for printers: anyone can use your shared printer. If you're on a domain network or have chosen to use detailed user-level permissions on your
workgroup network, you can control access to your shared printers with security attributes that can be assigned to users or groups, as shown in Figure 21.9 and
described next:
The Security tab lets you assign printer-management permissions for users, groups, and the creator of each print job.
QUESTION 4
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
http://www.gratisexam.com/
A notification appears when domain users change Windows settings and when applications try to make changes to client computers.
You need to ensure that a notification appears only when an application tries to make changes to the computer.
What should you do?
A.
B.
C.
D.
Configure the Notification Area Icons settings on the client computers.
Create a Group Policy object (GPO) that enables the Admin Approval Mode for the built-in Administrator account policy.
Configure the User Account Control (UAC) settings on the client computers.
Create a Group Policy object (GPO) that disables the Run all administrators in Admin Approval Mode policy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://www.thewindowsclub.com/change-user-account-settings-windows-8 Change User Account Control settings in Windows 8
The User Account Control basically notifies you before changes are made to your PC not all changes, but only those which require Administrator level permissions.
These changes could have been initiated by the user, by the operation system, by a genuine software or even malware! Every time such an administrator level
change is initiated, Windows UAC will prompt the user for approval or denial. If the user ap- proves the change, the change is made; in not, no changes are made
to the system.
Settings:
Always notify me
Notify me only when apps try to make changes to my computer (default) Notify me only when apps try to make changes to my computer (don't dim my desktop)
Never notify me
QUESTION 5
Your computer runs Windows 8.1 and is connected to an Active Directory Domain Services (AD DS) domain.
You create a folder and share the folder with everyone in your organization.
You need to modify the NTFS permissions of the folder to meet the following criteria:
Users from the Marketing security group must be able to open files, but not modify them.
Users from the Supervisors security group must be able to create, modify, and delete files.
Users from both groups must not be able to delete the folder.
Which permissions should you set?
A. Assign the Marketing group the Read permission.
Assign the Supervisors group the Read and Write permissions and the Delete Subfolders and Files special permission.
B. Assign the Marketing group the Read and Write permissions.
Assign the Supervisors group the Full Control permission.
C. Assign the Marketing group the Read and Write permissions.
Assign the Supervisors group the Modify permission and the Delete Subfolders and Files special permission.
D. Assign the Marketing group the Read permission.
Assign the Supervisors group the Read and Write permissions and the Delete special permission.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/bb727008.aspx
File and Folder Permissions
..
On NTFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.
File and Folder Permissions:
Special Permissions for Files:
Special Permissions for Folders:
QUESTION 6
You deploy several tablet PCs that run Windows 8.1.
You need to minimize power usage when the user presses the sleep button.
What should you do?
A.
B.
C.
D.
In Power Options, configure the sleep button setting to Hibernate.
Disable the C-State control in the computer's BIOS.
Configure the active power plan to set the system cooling policy to passive.
In Power Options, configure the sleep button setting to Sleep.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://www.howtogeek.com/102897/whats-the-difference-between-sleep-and-hibernate-in-windows/ If you're using a laptop computer, the best option is most likely
Hibernate, because it saves the most power compared to Sleep and Hybrid Sleep.
http://windows.microsoft.com/en-us/windows7/sleep-and-hibernation-frequently-asked-questions Sleep and hibernation: frequently asked questions
..
What's the difference between sleep, hibernate, and hybrid sleep?
Sleep is a power-saving state that allows a computer to quickly resume full-power operation (typically within several seconds) when you want to start working again.
Putting your computer into the sleep state is like pausing a DVD player -- the computer immediately stops what it's doing and is ready to start again when you want
to resume working.
Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power,
hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation
uses the least amount of power. On a laptop, use hibernation when you know that you won't use your laptop for an extended period and won't have an opportunity to
charge the battery during that time.
Hybrid sleep is designed primarily for desktop computers. Hybrid sleep is a combination of sleep and hibernate -- it puts any open documents and programs in
memory and on your hard disk, and then puts your computer into a low-power state so that you can quickly resume your work. That way, if a power failure occurs,
Windows can restore your work from your hard disk. When hybrid sleep is turned on, putting your computer into sleep automatically puts your computer into hybrid
sleep. Hybrid sleep is typically turned on by default on desktop computers.
Further information:
http://www.hardwaresecrets.com/article/611
Everything You Need to Know About the CPU C-States Power Saving Modes
In order to save energy when the CPU is idle, the CPU can be commanded to enter a low-power mode. Each CPU has several power modes and they are
collectively called "C-states" or "C-modes".
QUESTION 7
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored in the registry.
What should you do?
A. Enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 for the Configure TPM validation profile for native UEFI firmware configuration policy
setting.
B. Create a Group Policy object (GPO) that disables the Configure the level of TPM owner authorization information available to operating system policy setting.
C. Create a Group Policy object (GPO) that sets the Configure the level of TPM owner authorization information available to operating system policy setting to
None.
D. Create a Group Policy object (GPO) that enables the Turn on TPM Local Encryption policy setting.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj679889.aspx#BKMK_tpmgp_oauthos Configure the level of TPM owner authorization information available to the
operating system
This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of
TPM owner authorization information that is stored locally, the Windows operating system and TPM-based applications can perform certain actions in the TPM that
require TPM owner authorization without requiring the user to enter the TPM owner password.
There are three TPM owner authentication settings that are managed by the Windows operating system.
You can choose a value of Full, Delegate, or None.
Full - This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this
setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do
not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting
is changed before features that depend on the TPM anti-hammering logic can be used. Delegated - This setting stores only the TPM administrative delegation
blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering
logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value--for example, backing up the value in
Active Direc- tory Domain Services (AD DS).
None - This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot
be stored locally. Using this setting might cause issues with some TPM-based applications.
Further Information:
http://technet.microsoft.com/en-us/library/cc770660.aspx
Active Directory Domain Services (AD DS) can be used to store Trusted Platform Module (TPM) recovery information.
There is only one TPM owner password per computer; therefore, the hash of the TPM owner password is stored as an attribute of the computer object in AD DS.
The attribute has the common name (CN) of ms- TPM-OwnerInformation.
http://www.group-policy.com/ref/policy/2859/Configure_TPM_platform_validation_profile Configure TPM platform validation profile
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy
setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the
BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to
unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to
unlock the drive.
If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup
script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23, The default platform validation profile
secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code
(PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the
BitLocker Access Control (PCR 11). The descriptions of PCR settings for computers that use an Ex- tensible Firmware Interface (EFI) are different than the PCR
settings described for computers that use a standard BIOS. The BitLocker Drive Encryption Deployment Guide on Microsoft TechNet contains a complete list of
PCR settings for both EFI and standard BIOS.
Warning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform
modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.
QUESTION 8
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain.
You have the following requirements:
Ensure that files in shared network folders are
available offline.
Minimize all data access times.
Reduce network bandwidth usage.
You need to configure Group Policy settings to meet the requirements.
What should you do first?
A.
B.
C.
D.
Enable the Enable file synchronization on costed networks policy setting.
Enable and configure the Configure slow-link mode policy setting.
Enable and configure the specify administratively assigned Offline Files policy setting.
Enable the Synchronize all offline files when logging on policy setting.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To enable the Always Offline mode, use Group Policy to enable the Configure slow-link mode policy setting and set the latency to 1 (millisecond). Doing so causes
client computers running Windows 8.1 or Windows Server 2012 to automatically use the Always Offline mode. Computers running Windows 7, Windows Vista,
Windows Server 2008 R2, or Windows Server 2008 mightcontinue to transition to the Online mode if the latency of the network connection drops below one
millisecond.
Specify administratively assigned Offline Files - This will not minimize data access times, nor reduce network bandwidth usage.
QUESTION 9
A company has client computers that run Windows 8.1. The company uses Windows BitLocker Drive Encryption with the data-only option o all client computers.
You need to remove data fragments that exist in the free space on the local computer disk drives, without affecting current user data.
Which command should you run on the computers?
A.
B.
C.
D.
BdeHdCfg
diskpart
chkdsk
manage-bde
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj647761.aspx
Manage-bde WipeFreeSpace|-w [<Drive>] [-Cancel] [-computername<Name>] [{-?|/?}] [{- help|-h}]
Wipes the free space on the volume removing any data fragments that may have existed in the space. Running this command on a volume that was encrypted
using the "Used Space Only" encryption method provides the same level of protection as the "Full Volume Encryption" encryption method.
http://technet.microsoft.com/en-us/library/ff829850.aspx
Bdehdcfg
Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption
QUESTION 10
A company has 100 client computers that run Windows 8.1.
The client computers are connected to a corporate private network.
Users are currently unable to connect from their home computers to their work computers by using Remote Desktop.
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate
network resource from their home computers.
What should you do?
A. Configure a Virtual Private Network connection.
B. Configure the Remote Desktop Gateway IP address in the advanced Remote Desktop Connection settings on each client.
C. Configure the local resource settings of the Remote Desktop connection.
D. Configure a DirectAccess connection.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
You install Windows 8.1 on a desktop computer and install a third-party desktop app. The computer runs optimally until you install another third-party desktop app.
You need to remove only the most recently installed third-party desktop app.
You start the computer from a system repair disk.
Which troubleshooting option should you use?
A.
B.
C.
D.
System Image Recovery
Remove everything and install Windows
System Restore
Refresh your PC without affecting your files
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you think an app or driver that you recently installed caused problems with your PC, you can restore Windows back to an earlier point in time, called a restore
point. System Restore doesn't change your personal files, but it might remove recently installed apps and drivers.
QUESTION 12
A company has a main office and three branch offices. The company has 20 portable computers that run Windows 8.1. Portable computer users can install local
devices while in any branch office.
Your manager has instructed you to collect information about faulty devices and drivers within the company's branch offices.
You need to create a performance report that includes a list of incorrectly installed devices by using the least amount of administrative effort.
What should you do?
A.
B.
C.
D.
Add counters from each portable computer to Performance Monitor, and then print the Performance Monitor output.
Start the System Performance Data Collector Set on each portable computer.
Start the System Diagnostics Data Collector Set on each portable computer.
Create and start a custom Data Collector Set on each portable computer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
System Diagnostics You can use this DCS when troubleshooting reliability problems such as problematic hardware, driver failures, or STOP errors. It logs all the
information included in the System Performance DCS, plus detailed system information.
Explanation:
http://technet.microsoft.com/en-us/library/cc722173%28v=ws.10%29.aspx Windows Vista Performance and Reliability Monitoring Step-by-Step Guide
Microsoft® Windows Vista® includes Windows Reliability and Performance Monitor, which is a Microsoft Management Console (MMC) snap-in that combines the
functionality of previous stand-alone tools including Performance Logs and Alerts, Server Performance Advisor, and System Monitor. It provides a graphical
interface for customizing Data Collector Sets and Event Trace Sessions.
..
What is performance and reliability monitoring?
..
The reliability of a system is the measure of how often the system operates as it is configured and expected to perform. Reliability can be reduced when
applications stop responding, services stop and restart, drivers fail to initialize, or in the worst case, when operating systems fail.
Reliability Monitor provides you with a quick, visual view of the average stability of your system. In addition, it tracks events that will help you identify what causes
reductions in reliability. By recording not only failures (including memory, hard disk, application, and operating system failures), but also key events re- garding the
configuration of your system (including the installation of new applications and operating system updates), you can see a timeline of changes in both the system
and reliability, and can identify how to get your system back to optimal reliability when it does not behave as expected.
..
Data Collector Sets
An important new feature in Windows Reliability and Performance Monitor is the Data Collector Set, which groups data collectors into reusable elements for use
with different performance monitoring scenarios. Once a group of data collectors is stored as a Data Collector Set, operations such as scheduling can be applied
to the entire set through a single property change. You can schedule repeated collection of a Data Collector Set to create logs, load it in Performance Monitor to see
the data in real time, and save it as a template to use on other computers.
Windows Reliability and Performance Monitor also includes default Data Collector Set templates to help you begin collecting performance data immediately.
...
Further Information:
http://blogs.interfacett.com/how-to-use-windows-7-performance-tools How to use Windows 7 Performance Tools
..
We can go to data collector sets, there's some system defined ones or you can create your own. I'm going to do system diagnostics.
All of these elements are going to be monitored.
I'm going to start this and run it for 10 seconds. I'm going to stop it.
That's going to generate a report that's under the system defined system diagnostics. There's the report I ran.
And it's generating a report of this system for me to take a look at. It's going to tell me whether the diagnostics passed or failed.
QUESTION 13
A company has an Active Directory Domain Services (AD DS) domain. Client computers in the Test department run Windows 8.1 and are connected to the domain.
You need to ensure that Windows updates are not automatically applied and cannot be enabled by users.
What should you do?
A. Create a Group Policy object (GPO) to enable the Turn on recommended updates via Automatic Updates policy setting.
B. Configure Windows Update to install updates automatically.
C. Create a Group Policy object (GPO) to configure the Remove access to use all Windows Update features policy setting.
D. Create a Group Policy object (GPO) to configure the Configure Automatic Updates policy setting.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Remove access to use all Windows Update features:
This Group Policy setting is located in User Configuration\Administrative Templates\Windows Components\Windows Update.
When you enable this setting, the operating system cannot be updated through Windows Update, and Automatic Updates is disabled. Users or administrators can
still perform actions such as clicking the Windows Update option on the Start menu, and the Windows Update Web site will appear in the browser. However, it will
not be possible to update the operating system through Windows Update, regardless of the type of account being used to log on.
QUESTION 14
You administer Windows 8.1 client computers in your company network.
You receive a virtual hard disk (VHD) file that has Windows 8.1 Pro preinstalled, along with several business applications.
You need to configure your client computer to start from either the VHD file or from your current operating system.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
F.
Import the contents of the system store from a file.
Export the contents of the system store into a file.
Attach the VHD file by using Disk Management.
Make the VHD disk bootable.
Create a new empty boot configuration data store.
Create a new entry in the boot configuration data store.
Correct Answer: CDF
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/gg318049%28v=ws.10%29.aspx Creating Bootable Virtual Hard Disks
Using the Disk Management Tools
This section describes how to create a bootable VHD by using the Disk Management tools. You create a VHD and then apply a Windows image from a .wim file to a
partition in the VHD. After you complete the steps in this section, you can configure the VHD for native boot or configure it to boot in a virtual machine by following
the instructions in Preparing Virtual Hard Disks for Boot.
http://blogs.technet.com/b/haroldwong/archive/2012/08/18/how-to-create-windows-8-vhd-for-boot-to-vhd-using- simple-easy-to-follow-steps.aspx
How to Create Windows 8 VHD for Boot to VHD using simple, easy to follow steps
...
I. Once I make a backup copy of the VHD file for future use, I will go ahead and Mount the VHD again to add that installation to the boot menu. To do this, I will right
click Disk Management and select Attach VHD. The Attach VHD Wizard will start. I can either browse to the VHD or just type it in the Location field.
J. The VHD will be mounted and will be assigned a drive letter by the system. In my case, it is drive F:
again.
K. Go back to the Administrative Command Prompt and type the following command to add the installation to the Boot Menu:
bcdboot F:\windows
L. Once the command finishes, you will now have the new Windows 8 entry in your boot menu.
Further Information:
F: Commands to add an existing VHD to your boot menu:
bcdedit /copy {originalguid} /d "New Windows 7 Installation" bcdedit /set {newguid} device vhd=[D:]\Im- age.vhd
bcdedit /set {newguid} osdevice vhd=[D:]\Image.vhd
bcdedit /set {newguid} detecthal on
QUESTION 15
A company has client computers that run Windows 8.1. The client computer systems frequently use IPSec tunnels to securely transmit data.
You need to configure the IPSec tunnels to use 256-bit encryption keys.
Which encryption type should you use?
A.
B.
C.
D.
3DES
DES
RSA
AES
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/dd125356%28v=ws.10%29.aspx Descriptions of the IPsec Algorithms and Methods
..
Encryption algorithms
Data encryption algorithms are used to provide confidentiality to the data payload of an IPsec-protected network packet. Encryption algorithms can be very
computationally intensive and can significantly impact computer performance. We recommend that you only encrypt network traffic that requires encryption. If you
find that encryption impacts performance more than expected, consider using a network adapter that supports IPsec task offload.
DES
DES is a block cipher encryption protocol that uses a 56-bit key and is documented in Federal Informa- tion Processing Standards Publication 46-3 (http://
go.microsoft.com/fwlink/?linkid=128014). A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks
using a 64-bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.
3DES
Triple-DES or 3DES is an encryption protocol that provides stronger encryption than DES. It is documented in Federal Information Processing Standards
Publication 46-3 (http://go.microsoft.com/fwlink/? linkid=128014). 3DES is a block cipher that uses a three-step encryption process that is more secure than DES. A
block cipher is an encryption algorithm that operates on a fixed size block of data.
AES-CBC 128, 192, and 256
The AES in Cipher Block Chaining mode (AES-CBC) encryption algorithms are part of the NSA "Suite B" and are documented in RFC 3602 (http://
go.microsoft.com/fwlink/?linkid=127990). AES is documented in Federal Information Processing Standards Publication 197 (http://go.microsoft.com/fwlink/?
linkid=127986). The AES algorithm is a symmetric block cipher that can encrypt and decrypt information in data blocks of 128 bits, using cipher keys with lengths of
128, 192, and 256 bits. Longer key lengths provide better security at the cost of CPU performance due to the more intensive computational requirements. Cipher
block chaining (CBC) is used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first
random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This
ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks.
AES-GCM 128, 192, and 256
AES-GCM is both an integrity and encryption algorithm and is described in the Integrity algorithms section.
QUESTION 16
You are configuring a computer that will be used in a kiosk in a public area. You install a new internal hard drive.
You need to protect the computer from starting an unauthorized operating system.
What should you do?
A. Ensure that the computer BIOS supports Unified Extensible Firmware Interface (UEFI) and is enabled.
Install Windows 8.1 Pro 64-bit using UEFI and install it on the internal hard drive.
B. Install Windows 8.1 Pro 64-bit on the internal hard drive.
Enable BitLocker on the internal hard disk.
C. Partition the internal hard drive as MBR disk.
Install Windows 8.1 Enterprise 64-bit.
D. Partition the internal hard drive as GPT disk.
Install Windows 8.1 Pro 64-bit.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/windows/dn168169.aspx
Windows 8 Boot Security FAQ
What is UEFI?
UEFI (Unified Extensible Firmware Interface) is a specification that defines an interface between a PC's firmware and an operating system. It replaces or can work
in concert with the Basic Input/Output System (BIOS) firmware that PCs have traditionally used. For Windows 8, a key part of this specification is Se- cure Boot,
which protects the PC from malware by allowing only authorized boot loaders to run when the computer starts.
How does Windows 8 prevent attackers from replacing boot components? All systems with the Windows 8 certification use Secure Boot (part of the UEFI
specification) to protect hardware-related firmware and the operating-system loader from tampering. Secure Boot can prevent the system from booting if
unauthorized changes have been made or possibly even refresh the some boot components, such as the UEFI firmware, to a known good state.
What is Trusted Boot?
Trusted Boot is a Windows 8 feature that secures the entire Windows boot process. It prevents malware from hiding and taking up permanent residence within the
PC by ensuring none of the Windows components loaded during boot have been tampered with. Trusted Boot also ensures that anti-malware software is loaded
before any third-party drivers and applications using its Early Launch Anti-Malware (ELAM) capability. This prevents malware from inserting itself in front of the
anti-malware engine so that it can compromise the anti-malware engine's ability to protect the system. In the event that malware was able to successfully
compromise the any of the Windows boot process, Trusted Boot will attempt to automatically remediate the issue.
What editions of Windows 8 will include Trusted Boot?
All editions of Windows 8 include Trusted Boot.
QUESTION 17
A desktop computer that runs Windows 8.1 downloads updates but does not install them. The computer is connected to the corporate network by using a wired
network connection.
http://www.gratisexam.com/
You need to ensure that the computer automatically installs updates.
What should you do?
A.
B.
C.
D.
Set the wired network connection to non-metered.
Configure the Automatic Maintenance setting.
Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.
Set the wired network connection to metered.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/hh848037%28v=vs.85%29.aspx Automatic Maintenance
Windows depends on execution of inbox and third party maintenance activity for much of its value-add, including Windows Update, and automatic disk
defragmentation, as well as antivirus updates and scans.
The goal of Automatic Maintenance is to combine all background maintenance activity in Windows and help third-party developers add their maintenance activity to
Windows without negatively impacting performance and energy efficiency. Additionally, Automatic Maintenance enables users as well as enterprises to be in
control of maintenance activity scheduling and configuration.
http://blogs.msdn.com/b/olivnie/archive/2013/04/05/updates-and-maintenance.aspx Windows 8: Updates and Maintenance
Automatic Maintenance
One of the most important maintenance-related improvements in Windows 8 is Automatic Maintenance. This is a new system maintenance service that can be
used by Windows components and apps to schedule maintenance activities on the PC in one scheduled window per day.
Automatic Maintenance is shown in Action Center in the Maintenance section.
The Maintenance Settings interface is shown below.
Further Information:
http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx Configure Automatic Updates by Using Group Policy
Reschedule Automatic Update Scheduled Installations
This policy specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed
previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes after the computer is
next started.
If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation.
If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started.
This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is
disabled, this policy has no effect.
To reschedule Automatic Update scheduled installation
In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows
Update.
In the details pane, click Reschedule Automatic Update scheduled installations, click Enable, and type a value in minutes.
Click OK.
QUESTION 18
You administer a group of 10 client computers that run Windows 8.1. The client computers are members of a local workgroup. Employees log on to the client
computers by using their Microsoft accounts.
The company plans to use Windows BitLocker Drive Encryption.
You need to back up the BitLocker recovery key.
Which two options can you use? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
Save the recovery key to a file on the BitLocker-encrypted drive.
Save the recovery key in the Credential Store.
Save the recovery key to SkyDrive.
Print the recovery key.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
BitLocker in Windows 8 has added support to back up a BitLocker recovery key to Microsoft SkyDrive if the computer is NOT a member of a domain and the
Windows Live ID user account is used to log on.
Ref: http://windowsitpro.com/windows-8/q-i-heard-bitlocker-windows-8-can-save-recovery-key- skydrive-so-why-dont-i-have-option
QUESTION 19
You administer Windows 8.1 computers in your company network.
You install a new video driver. The computer will not start properly after restart. You are able to enter Safe Mode with Command Prompt.
You need to be able to start normally. You also need to ensure that user data is not lost.
What should you do?
A.
B.
C.
D.
Run the rstrui.exe command.
Roll back the driver.
Turn on File History.
Create a restore point.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Personal comment:
Creating a restore point will not help you at this moment.
Nor will File History.
You cannot roll back the driver, only disable it from starting - see the Further information section. Your only hope is using System Restore to restore the system to
the state previous to the driver installation. This will also preserve the user data. This has been available since Windows XP. One can only hope it still works in
Windows 8...
Explanation:
http://support.microsoft.com/kb/304449
How to start the System Restore tool by using the safe mode option with the Command prompt in Windows XP
How to start System Restore by using the Command prompt
..
5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
6. Follow the instructions that appear on the screen to restore your computer to a functional state.
Further Information:
http://support.microsoft.com/kb/927525
After you install a device or update a driver for a device, Windows Vista or Windows 7 may not start
...
Use the Windows Recovery Environment to repair Windows Vista or Windows 7 ..
3. Use the Command Prompt option in the Windows Recovery Environment to disable the driver that stops the operating system from starting.
QUESTION 20
A company has client computers that run Windows 8.1. File History is on.
An employee downloads data to a folder on drive D named Archives.
You need to ensure that the user can restore files from the Archives folder by using File History.
What should you do?
A.
B.
C.
D.
Create a library named History and add the Archives folder to the library.
Start the Windows Backup service.
Turn on the Volume Shadow Copy Service.
Start the Block Level Backup Engine service.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx What is File History?
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
http://blogs.windows.com/windows/b/extremewindows/archive/2012/12/20/a-new-way-to-backup-file-history-in- windows-8.aspx
A New Way to Backup: File History in Windows 8
File History is a new feature in Windows 8 that helps to ensure that your personal files are safe. In addition to being a backup solution, File History also provides
the capability to restore multiple backup copies (versions) of your files. File history in Windows 8 is easy to setup, powerful, and reliable. This means you can have
more confidence when working with files, and also keep less redundant copies around for your own personal "data history". You can easily configure File History to
protect some or all of the files that are in your libraries on Windows 8. You can add folders to your libraries easily in Windows 8, giving you the ability to use File
History with any group of folders and files that you choose.
QUESTION 21
You administer Windows 8.1 client computers in you company network.
You deploy an application that requires a specific Windows update to be installed on the computers.
You need to verify that the update is installed on specific computers.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two)
A.
B.
C.
D.
E.
Run The system update readiness tool
Open View updates history
Open the Check for updates applet
Run the DISM command with the /image and /get-packageinfoswiches
Run the DISM command with the /online and /get-packageinfoswiches
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
http://www.sevenforums.com/tutorials/24367-windows-update-view-update-history-details.html Windows 7: Windows Update - View Update History Details
http://technet.microsoft.com/en-us/library/dd744382%28v=ws.10%29.aspx Deployment Image Servicing and Management Command-Line Options
/Online
Specifies that the action is to be taken on the operating system that is currently running. This option cannot be used with the /Image or the /WinDir option. When /
Online is used the Windows directory for the online image is automatically detected.
/Image:<path_to_offline_image_directory>
This is the full path to the root directory of the offline Windows image that you will service. If the directory named Windows is not a subdirectory of the root
directory, /WinDir must be specified.
This option cannot be used with /Online.
http://technet.microsoft.com/en-us/library/hh825265.aspx
DISM Operating System Package Servicing Command-Line Options
/Get-PackageInfo {/PackageName:< name_in_image> | /PackagePath:< path_to_cabfile>} Displays detailed information about a package provided as a .cab file.
Only .cab files can be specified. You cannot use this command to obtain package information for .msu files. /PackagePath can point to either a .cab file or a folder.
You can use the /Get-Packages option to find the name of the package in the image, or you can specify the path to the .cab file. The path to the .cab file should
point to the original source of the package, not to where the file is installed on the offline image.
Further Information:
http://blogs.msdn.com/b/olivnie/archive/2013/04/05/updates-and-maintenance.aspx Windows 8: Updates and Maintenance
http://windows.microsoft.com/en-us/windows7/what-is-the-system-update-readiness-tool What is the System Update Readiness Tool?
The System Update Readiness Tool can help fix problems that might prevent Windows updates and service packs from installing. For example, an update might
not install if a damaged system file prevents the update from recognizing the version of Windows that's running on your computer.
QUESTION 22
You administer Windows 8.1 Pro computers in your company network.
A user named User1 encrypts a sensitive file named file.txt by using Encrypting file systems (EFS) A user named User2 must be able to read file.txt.
You need to configure unencrypted read access to file.txt for User2
What should you do?
A.
B.
C.
D.
Configure Advanced Attributes
Configure Effective Access
Configure Advanced Security Settings
Share the folder that contains file.txt.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Further Information:
http://www.howtogeek.com/178912/how-to-encrypt-files-and-folders-in-windows-8.1-using-efs/ How to Encrypt Files and Folders in Windows 8.1 Pro Using EFS
If you are concerned about other users of your system having access to your files, there has been a simple way to encrypt files and folders in every version of
Windows since XP called Encrypted File Service (EFS). We will show you how to apply EFS to your files and folders.
NOTE: Files and folders you encrypt using EFS can only be decrypted using the Windows login that encrypted the file. Other users on the system will be able to
see the files but will not be able to open them, even if they are running as administrator. That means that you also need to be careful you do not forget your login, or
you will be locked out of your own files.
http://technet.microsoft.com/en-us/library/bb457007.aspx
How to Share Files Using Encrypting File System
This article describes how to share files using EFS, and is intended to assist system architects and administrators in developing best practices for creating data
recovery and data protection strategies using Windows XP.
..
In Windows XP, EFS supports file sharing between multiple users on a single file. This provides an opportunity for data recovery by adding additional users to an
encrypted file. Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of
encrypted files by multiple users without actually using groups, and without sharing private keys between users.
Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before
additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Indi- vidual users
may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS.
..
To add users
1. Click the Add button as shown in Figure 2 below.
Figure 2. Adding users
A new dialog box will be presented showing the existing users and certificates that are cached in the "Other People" certificate store of the local machine. It will also
allow new users to be added from the Ac- tive Directory by clicking the Find User button.
Note A user must have a valid EFS certificate in the Active Directory to be added.
2. Click the Find User button to find new users as shown in Figure 3 below.
Figure 3. Finding new users from Active Directory
The standard object picker dialog box will be displayed and a search will be conducted.
...
QUESTION 23
You plan to purchase new Windows 8.1 tablets for you company network.
You need to ensure that tablet users are able to use the Windows 8.1 Snap feature.
Which hardware specifications should you meet in choosing tablets?
A.
B.
C.
D.
monitor and video adapter that support a minimum screen resolution of 1366 x 768
monitor that supports at least three simultaneous touches
monitor that supports at least five simultaneous touches
monitor and video adapter that support a minimum screen resolution of 1024 x 768
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://winsupersite.com/article/windows8/windows-8-feature-focus-snap-142986 Windows 8 Feature Focus: Snap
While Metro-styled apps are advertised as being full-screen experiences only, they can also support a less-well-known snapped mode, in which they can be used
side-by-side onscreen with a second Metro- styled app or the Windows desktop. This Windows 8 feature, not coincidentally, is called Snap, and it's named after a
similar desktop feature that debuted in Windows 7.
http://windowsitpro.com/windows-8/q-what-resolution-do-windows-8-metro-ui-and-snap-feature-require
Q: What resolution do the Windows 8 Metro UI and Snap feature require? ..
To use the Snap application capability, which allows two Metro applications to appear on the screen at the same time with one application using up most of the
screen and the other giving a summary view, you need a resolution of 1366x768.
..
QUESTION 24
You have a computer that runs Windows 8.1. You install a custom application by using an .msi file that is located in your Documents library.
The computer begins to experience performance issues. You decide to reinstall the custom application. When you run the .msi file, you receive an error message
about a corrupted file.
You need to ensure that you can reinstall the application.
What should you do?
A.
B.
C.
D.
Run the replace command, specify the application's .msi file as the source, and then specify the application's original installation directory as the destination.
Use file History to revert the application's .msi file to a previous version.
Run the msiexec /f command and specify the application's .msi file.
Run the reset /f command and specify the application's .msi file.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx What is File History?
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
Further information:
http://technet.microsoft.com/en-us/library/cc759262%28v=ws.10%29.aspx Msiexec (command-line options)
To repair a product
Syntax
msiexec /f [p][o][e][d][c][a][u][m][s][v]{Package | ProductCode}
QUESTION 25
You administer Windows 8.1 computers in you company network. all computers include Windows 8.1 compatible trusted platform modele (TPM).
You configure a computer that will run a credit processing application.
You need to ensure that the computer requires a user to enter a PIN code when starting the computer.
Which policy should you configure? (To answer, select the appropriate policy in the answer area.)
A.
B.
C.
D.
Allow Secure Boot for Integrity validation
Require Additional authentication at startup
Allow enhanced PINs for Startup
Configure minimum PIN length for startup a local
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
How to enable BitLocker to prompt for PIN during startup
You can do this after BitLocker has encrypted the entire drive. First you have to enable the local policy to require a PIN during startup. You could also do that
centrally enterprise wide through Group Policy (GPO). To do this:Click Start > Run.
Type "gpedit.msc"
Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
One the right pane, double-click on Require additional authentication at startup.
Choose Enabled
Uncheck the Allow BitLocker without a compatible TPM
Under Configure TPM startup PIN:, choose Require startup PIN with TPM http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives. With this policy setting, you can configure whether BitLocker
requires additional authentication each time the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy setting is
applied when you turn on BitLocker.
..
On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the
computer starts, it can use:
only the TPM for authentication
insertion of a USB flash drive containing the startup key
the entry of a 4-digit to 20-digit personal identification number (PIN) a combination of the PIN and the USB flash drive
There are four options for TPM-enabled computers or devices:
* Configure TPM startup
Allow TPM
Require TPM
Do not allow TPM
* Configure TPM startup PIN
Allow startup PIN with TPM
Require startup PIN with TPM
Do not allow startup PIN with TPM
* Configure TPM startup key
Allow startup key with TPM
Require startup key with TPM
Do not allow startup key with TPM
* Configure TPM startup key and PIN
Allow TPM startup key with PIN
Require startup key and PIN with TPM
Do not allow TPM startup key with PIN
Further Information:
Allow Secure Boot for integrity validation
This policy controls how BitLocker-enabled system volumes are handled in conjunction with the Secure Boot feature. Enabling this feature forces Secure Boot
validation during the boot process and verifies Boot Configuration Data (BCD) settings according to the Secure Boot policy.
Secure Boot ensures that the computer's preboot environment loads only firmware that is digitally signed by authorized software publishers. Secure Boot also
provides more flexibility for managing preboot configurations than BitLocker integrity checks prior to Windows Server 2012 and Windows 8.
When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the Use enhanced Boot Configuration Data validation profile
Group Policy setting is ignored, and Secure Boot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker.
Allow enhanced PINs for startup
This policy setting permits the use of enhanced PINs when you use an unlock method that includes a PIN.
Enhanced startup PINs permit the use of characters (including uppercase and lowercase letters, symbols, numbers, and spaces). This policy setting is applied
when you turn on BitLocker. Not all computers support enhanced PIN characters in the preboot environment. It is strongly recommended that users perform a
system check during the BitLocker setup to verify that enhanced PIN characters can be used.
Configure minimum PIN length for startup
This policy setting is used to set a minimum PIN length when you use an unlock method that includes a PIN.
This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
http://4sysops.com/archives/bitlocker-group-policy-changes-in-windows-8/ BitLocker Group Policy changes in Windows 8
"Allow Secure Boot for integrity validation" allows you to configure the use of Secure Boot on computers that have UEFI firmware. More specifically, it lets you
disable it since the default is to use Secure Boot when it is available on a computer. In the event you do disable it, you can configure the "use enhanced Boot
Configuration Data validation profile" to choose specific BCD settings to verify.
Allow Secure Boot for integrity validation
QUESTION 26
You administer Windows 8.1 client computers in your company network.
A guest at your company is connected to the Internet as shown in the following exhibit. (Click the Exhibit button.)
You need to ensure that the guest user is able to share network resources over Wi-Fi without lowering the overall security of the computer.
What should you do?
A.
B.
C.
D.
Change the network location type to Work.
Configure File sharing connections settings for All networks.
Change the network location type to Private.
Configure File and printer sharing settings for Public networks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://www.7tutorials.com/network-locations-explained
Simple Questions: What are Network Locations in Windows 7 & Windows 8?
Network Locations in Windows 8: Private vs Public
Windows 8 further simplifies the concept of network locations, reducing them to only two choices:
Private network - This profile should be applied to your home network or to the network from your workplace. When this profile is assigned to a network
connection, network discovery is turned on, file and printer sharing are turned on and homegroup connections are allowed. Public network - This profile is also
named Guest. It is the more secure of the two because network discovery is turned off as well as file and printer sharing. This profile should be used when
connecting to public networks you don't trust, like those found in airports, coffee shops, bars, hotels, etc. There's also a third network location profile named Domain
network. This one cannot be set by a normal user. It is available for enterprise workplaces and it is set by the network administrator. The settings applied to this
profile are those set by your company and you cannot change them.
http://www.tekrevue.com/tip/change-network-location-windows-8/ How to Change a Network Location in Windows 8
Let's get back to the Networks list: right click or press and hold your active network connection. A menu is displayed with several options, depending on the network
type.
Click or tap "Turn sharing on or off" (the only option common to both wired and wireless networks). For wired networks you will see less options being displayed din
the contextual menu. You are asked if you want to turn on sharing between PCs and connect to devices on this network.
Selecting "No, don't turn on sharing or connect to devices" is the equivalent of applying the Public profile. Selecting "Yes, turn on sharing and connect to devices" is
the equivalent of applying the Private profile.
Make your choice and the appropriate settings are applied.
QUESTION 27
A company has client computers that run Windows 8.1.
When a user tries to print from his portable client computer while connected to the corporate network, he discovers that the default printer is set to his home printer
instead of to the office printer.
You need to ensure that the default printer for the computer is the office printer when the computer is connected to the corporate network and the user's home
printer when the computer is connected to his home network.
What should you do on the portable computer?
A. In the printer properties of the corporate printer, configure the active port with the correct TCP/IP settings for the printer.
B. Install the corporate printer and set it as the default printer. Then add the home printer to the homegroup settings.
C. Connect to the home network and choose Connect from the shared printer object context menu. Then connect to the corporate network and choose Connect
from the shared printer object context menu.
D. Set a default printer for each network.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/set-change-your-default-printer Set or change your default printer
To set a different default printer for each network
..
3. Tap or click any printer, and then tap or click Manage default printers.
4. Select Change my default printer when I change networks.
5. Under Select network, choose the first network you want to set a printer for.
6. Under Select printer, choose the printer you want to be the default on that network, and then tap or click Add.
7. When you're finished setting a default printer for each network, tap or click OK.
Further Information:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-3-configure-networkconnectivity-15/
configure location-aware printing
Location-aware printing is not a new feature, it existed already in Windows 7, it works that your default printer follows you, so at work you can have one default
printer and another at home without manually switching.
Just click on an installed printer in control panel and select Manage default printers.
Be sure Change my default printer when I change Networks is selected and then manage per network which printer you want to be default.
Location-Aware Printing is dependent upon the Network List Service and the Network Location Aware- ness service. If either one of these services are stopped or
malfunctioning, then Windows will not be able to detect network changes and may not switch default printers as expected
QUESTION 28
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
You need to configure 20 portable computers so that they sleep after 20 minutes when running on battery power. You must accomplish this goal by using the least
amount of administrative effort.
Which two actions should you perform? (Each correct answer presents part of the complete solution. Choose two.)
A.
B.
C.
D.
E.
Edit the local Group Policy to configure the Shut Down options.
Create a Group Policy object (GPO) that configures the Sleep Management settings.
Create a Group Policy object (GPO) that configures the Power Management settings.
Link the Group Policy object (GPO) to the organizational unit containing the portable computers.
Edit the local Group Policy to configure the Power Management settings.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Put the Laptops into an OU.
Create an appropriate GPO.
Link the GPO to the OU.
Note:
* Networking power management (not sleep management) refers to the set of features that you can configure to allow the computers in your network to save
energy.
Incorrect:
Local Group Policy would have to be edited locally on each laptop.
http://blogs.technet.com/b/askds/archive/2008/03/19/managing-power-with-group-policy-part-2-or-3.aspx Managing Power with Group Policy: Part 2 of 3
Another related policy setting is Specify the System Sleep Timeout, only the value entered (in seconds) indicates how much idle time elapses before Windows
enters sleep mode.
..
Further Information:
Put the Laptops into an OU.
Create an appropriate GPO.
Link the GPO to the OU.
QUESTION 29
You install Windows 8.1 on a client computer.
Several days later, you establish that the computer has been infected by malware. You are unable to establish when the computer was infected.
http://www.gratisexam.com/
You need to restore the client computer to full functionality.
What should you do?
A.
B.
C.
D.
Start the computer using the Last Known Good Configuration option.
Use the Refresh your PC without affecting your files function.
Start the computer in Safe Mode.
Use the Remove everything and install Windows function.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
QUESTION 30
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
You need to ensure that only administrators can access removable storage devices on client computers.
Which two Group Policy settings should you configure? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
Enable the Prevent installation of removable devices policy.
Disable the Allow only USB root hub connected Enhanced Storage Features policy.
Create an AppLocker deny rule with a path condition of %HOT%.
Start the Application Identity service.
E. Enable the Allow administrators to override Device Installation Restriction policies policy.
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Prevent installation of all devices.
In this scenario, the administrator wants to prevent standard users from installing any device but allow administrators to install or update devices. To implement this
scenario, you must configure two computer policies: one that prevents all users from installing devices (A) and a second policy to exempt administrators from the
restrictions (E).
* A growing variety of external storage devices can be connected to personal computers and servers that are running the Windows operating system. Many users
now expect to be able to install and use these devices in the office, at home, and in other locations. For administrators, these devices pose potential security and
manageability challenge.
The Group Policy settings discussed in this section can be used to limit, prevent, or enable these situations. The default value for these policy settings is Not
configured. These policy settings are located in the following locations under Computer Configuration\Administrative Templates\System:
/ (E) Device Installation\Device Installation Restrictions
Device Redirection\Device Redirection Restrictions
Driver Installation
Enhanced Storage Access
Removable Storage Access
Reference: Threats and Countermeasures Guide: External Storage Devices
http://technet.microsoft.com/en-us/library/cc753539%28v=ws.10%29.aspx Prevent Installation of Removable Devices
You can use this procedure to prevent installation of any removable device. A device is considered removable when its device driver, or the device driver for the bus
to which the device is attached, reports that it is a removable device.
If this policy is enabled, in addition to preventing installation of the affected devices, it also prevents users from updating the device drivers for already installed
devices that match the policy.
http://technet.microsoft.com/en-us/library/cc753015%28v=ws.10%29.aspx Allow Administrators to Override Device Installation Restriction Policies
You can use this procedure to ensure that the device installation restriction policies you apply to a computer do not affect members of the Administrators group.
By default, a device installation restriction policy affects all users of the computer, including members of the local Administrators group. By enabling this policy, you
exempt administrators from the effects of the policy, and allow them to do the device installation tasks they need to do.
Further Information:
http://www.group-policy.com/ref/policy/242/Allow_only_USB_root_hub_connected_Enhanced_Storage_devices Allow only USB root hub connected Enhanced
Storage devices
..
If you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.
http://technet.microsoft.com/en-us/library/dd723678%28v=ws.10%29.aspx AppLocker
You can use AppLocker as part of your overall security strategy for the following scenarios:
Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications. Implement application control policy to satisfy security policy or compliance requirements in your
organization.
http://technet.microsoft.com/en-us/library/ee791779%28v=ws.10%29.aspx Configure the Application Identity Service
The Application Identity service determines and verifies the identity of an application. Stopping this service will prevent AppLocker policies from being enforced.
QUESTION 31
A company has client computers that run Windows 8.1. Each employee has one client computer at the office. Some employees also have personal computers at
home.
The company has applications that run only on Windows 8.1.
You need to deploy Windows To Go so that employees can run the applications on their home computers.
Which two command-line tools should you use? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
bcdedit
DISM
bcdboot
ImageX
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
See step 12 and 13 below.
Create Windows To Go on any edition of Windows 8.1:
1. Launch an administrative level command prompt.
2. Make sure that your USB Drive is plugged in and then type in diskpart and hit Enter.
3. List the available disks by running "list disk" and you should see your usb device.
4. Select your USB drive by typing "select disk #" and hit Enter. For example, "select disk 3".
5. Clean the partitions on the disk by typing "clean" and hit Enter.
6. Now create the boot partition by running the following command:
create partition primary size=350
7. Now create the OS partition by running the following command to create a partition taking up all remaining space:
create partition primary
8. The boot partition needs to be formatted, configured and assigned a drive letter, run the following commands:
select partition 1
format fs=fat32 quick
active
assign letter=b
(if the b drive letter is already in use on your PC, substitute a different letter and replace b with your letter throughout the rest of this guide)
9. The same must be done for the OS partition, run the following different commands:
select partition 2
format fs=ntfs quick
assign letter=o
(if the o drive letter is already in use on your PC, substitute a different letter and replace o with your letter throughout the rest of this guide)
10. Exit Diskpart by typing Exit.
11. Extract the install.wim file from the \sources\ directory of the Windows 8.1 install ISO to c:\wim\. On Windows 8.1 you can just double click an ISO to mount and
then browse it.
12. Use DISM to deploy the Windows 8.1 files to the OS partition of the USB device by running:
dism /apply-image /imagefile:c:\wim\install.wim /index:1 /applydir:o:\
13. The boot manager needs to be installed on the boot partition with the help of the bcdboot utility.
Run the following command:
o:\windows\system32\bcdboot o:\windows /f ALL /s b:
14. Reboot your computer and test your new Windows 8.1 To Go device built on Windows 8.1. Make sure the PC is configured to boot to USB before your local
hard drive.
Reference: How to Create a Windows To Go USB Drive
http://technet.microsoft.com/en-us/library/jj721578.aspx
Deploy Windows To Go in Your Organization
http://www.thomasmaurer.ch/2012/03/windows-8-how-to-create-a-windows-to-go-usb-drive/ Windows 8: How to create a Windows To Go USB drive
Microsoft released a new feature called "Windows To Go" with Windows 8. With this feature it is possible to boot your Windows 8 from a USB drive on any PC. In
this post I show you how you can do this.
Run diskpart
1.
With "list disk" you can list all your disk
2.
Now select your usb drive (select disk 1) and clean it. After that you can create a new partition and for- 3.
mat that and close diskpart.
Now in my case the ISO is mounted as drive F:. Now with dism I can apply the Windows Image to my 4.
USB drive (E:)
Now you have to make this drive bootable
5.
now you are done. You can now boot your USB drive. The first boot will take some time to setup.
6.
QUESTION 32
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain. All Sales department
employees are members of the Sales organizational unit (CU). AppLocker rules control the installation of applicatior on client computers.
You create a new Group Policy object (GPO) to configure an AppLocker file hash rule. The file hash rule allows an application to run and links the application to the
Sales OU. Several minutes later, you establish that the AppLocker rule is not present on some computers within SalesOU and the application cannot run.
You need to quickly ensure that the application can run.
What should you do?
A.
B.
C.
D.
Run the Get-AppLockerPolicy Windows PowerShell cmdlet.
Configure the AppLocker properties to enforce rules.
Run the gpupdate /force command.
Create a new AppLocker file hash condition.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/bb490983.aspx
Gpupdate
Refreshes local and Active Directory-based Group Policy settings, including security settings.
/force : Ignores all processing optimizations and reapplies all settings.
http://technet.microsoft.com/en-us/library/cc940895.aspx
Group Policy refresh interval for computers
Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This policy specifies a background update rate only
for Group Policies in the Computer Configu- ration folder.
By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates,
Group Policy for the computer is always updated when the system starts.
Further Information:
http://technet.microsoft.com/en-us/library/ee460964.aspx
Get-AppLockerPolicy
The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy
on the computer. The output is an AppLock- erPolicy object or an XML-formatted string.
QUESTION 33
You administer Windows 8.1 laptops in your company network.
You install several custom desktop applications on the laptops. You need to create a custom recovery image for Windows to use when selecting the Refresh your
PC option. The custom recovery image must include the custom desktop applications.
Which command should you use to create the custom recovery image?
A.
B.
C.
D.
Recdisc.exe
Recover.exe
Recimg.exe
RecoveryDrive.exe
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/matt-harrington/archive/2012/04/01/create-a-windows-8-refresh-image-with- recimg-exe.aspx
Create a Windows 8 image with recimg.exe to preserve your Desktop apps after a refresh
Windows 8 supports two new ways to revert your system to an earlier state. From the Settings charm, access More PC settings and then click General. Towards
the bottom, you'll see these two choices:
Refresh your PC without affecting your files. This choice keeps your personal data, system settings, 1.
and Metro style applications. Desktop applications will be removed, unless you create a custom image as I detail below.
Reset your PC and start over. This choice is like a factory reset. All of your personal files, Metro style 2.
apps, and Desktop apps will be removed. You can optionally write random data to your drive for added security.
Use option 2 if you're going to sell or give away your system. All of your personal files will be erased.
The rest of this post is about option 1.
Option 1, refreshing your PC, keeps your personal data and reinstalls Metro style applications. Desktop apps will be removed, and their names will be placed in a
file on your desktop called Removed Apps.
Reinstalling all of your Desktop apps can be time consuming, so Windows 8 offers a command called recimg.exe to make this easier. recimg creates an image
which is used by the refresh facility when restoring Windows. Not only will your personal data and Metro style apps be saved, but so will Desktop apps you have
installed at the time you create the image. This can save you a lot of time.
http://support.microsoft.com/kb/2748351
How to create a system image to refresh your Windows 8 PC
"Refresh your PC" is a new feature in Windows 8. By default, desktop apps are removed when you refresh a Windows 8-based computer, unless you create a
custom image. After you create a custom system image, the image is used as the refresh image. This means that any existing image or OEM restore image is not
used when you refresh your computer.
To create a custom image, use the Recimg.exe command-line tool that is included in Windows 8. To do this, follow these steps:
1. Create a destination folder for the custom image. For example, create a folder named "Refreshimage" on drive C.
2. Open an elevated command prompt. To do this, follow these steps:
On the Start page, type cmd, press and hold or right-click Command Prompt, and then tap or click Run as administrator.
3. Type the following command, and then press Enter:
recimg -CreateImage drive:\folder
For example, if you create "C:\Refreshimage" in step 1, run the following command:
recimg -CreateImage C:\Refreshimage
QUESTION 34
You administer Windows 8.1 client computers in your company network. A computer that is used by non-administrator users has a directory named C:\Folder1.
A shared collection of Microsoft Excel files is stored in the C:\Folder directory, with non- administrator users being granted modify permissions to the directory.
You discover that some files have been incorrectly modified by a user.
You need to determine which user made changes to the directory's folder's files.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Set local policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access to Failure.
From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to Failure for the Modify permission.
From the Auditing Entry for Folder1, set the Principal to Everyone, and then set the Type to Success for the Modify permission.
Set local policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access to Success.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
We must audit for success, as we want to know which user has modified the file. http://technet.microsoft.com/en-us/library/cc776774%28v=ws.10%29.aspx Audit
object access
This security setting determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its
own system access control list (SACL) specified.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry
when a user successfully accesses an object that has an appropriate SACL specified. Failure audits generate an audit entry when a user unsuccess- fully attempts
to access an object that has a SACL specified.
https://blogs.manageengine.com/product-blog/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find- the-who-what-where-when-of-file-folderaccess.html
Object Access Auditing Simplified Find the `Who, What, Where, When' of File & Folder Access Most administrators face the challenge of knowing what actually
happened to their files and folders who accessed them, deleted them, edited them, moved them, where the files and folders went, etc. Object access auditing can
help administrators to meet this challenge head-on.
If you do not enable the above setting, you will have no record when a file or folder was accessed. Most administrators would like to know only the failure attempts
when someone tries to access the file or folder but failed because of improper permission. But it is highly recommended to enable both failure attempts and
success attempts. The reason for enabling success attempts is that sometimes hackers can use administrator privilege and gain access to confidential files and
folders.
Your enterprise will have crucial data stored in files and folders such as financial data, employee data, pa- tient records, bank account data, etc. The next step is to
go to such files and folders to enable auditing on them. Each file / folder's auditing settings must be modified to include those users you wish to audit.
These are enabled in Properties->Security->Advanced->Auditing. If you want to audit all access events by everyone, add everyone group, and select Success>Full
Control. (See Screen Shot Below)
Note:
Select the attributes based on your requirement. Delete and Modify attributes are most recommended. Enabling all the attributes to users will flood the event viewer
in few seconds, and consume more bandwidth. So judiciously select the attributes required for your auditing needs.
There are no objects configured to be audited by default. Once this auditing setting for an object is configured, log entries on access attempts (Successful and
Failed) start getting recorded and you will be able to view the object access related events in the security log in Event Viewer. (See Screen Shot Below)
The events must be opened up individually to inspect their contents, which is a painful process and is to- tally impossible in an IT enterprise network.
QUESTION 35
A company network contains two workgroups named Workgroup1 and Workgroup2. Workgroup1 contains computers that run Windows 7. Workgroup2 contains
computers that run Windows 8.1.
You run the Enable-PSRemoting Windows PowerShell cmdlet on the Workgroup2 computers.
You need to ensure that administrators can manage the Workgroup1 computers from the Workgroup2 computers by using Windows PowerShell Remoting.1
Which two actions should you perform? (Each correct answer presents part of the complete solution. Choose two.)
A.
B.
C.
D.
E.
Install Windows PowerShell 2.0 on the Workgroup1 computers.
Run the winrmquickconfig command on the Workgroup2 computers.
On the Workgroup1 computers, add the Workgroup2 computers to the trusted hosts in Windows Remote Management (WinRM).
Run the winrrnquickconfig command on the Workgroup1 computers.
On the Workgroup2 computers, add the Workgroup1 computers to the trusted hosts in Windows Remote Management (WinRM).
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/magazine/ff700227.aspx
Enable and Use Remote Commands in Windows PowerShell
The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows Remote Management (WinRM) service that
implements WS-Management in Windows. Comput- ers running Windows 7 and later include WinRM 2.0 or later. On computers running earlier versions of
Windows, you need to install WinRM 2.0 or later as appropriate and if supported. Currently, remoting is supported on Windows Vista with Service Pack 1 or later,
Windows 7, Windows Server 2008, and Windows Server 2008 Release 2.
..
In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer
might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local
computer in WinRM. To do so, type:
winrm s winrm/config/client '@{TrustedHosts="RemoteComputer"}' Here, RemoteComputer should be the name of the remote computer, such as:
winrm s winrm/config/client '@{TrustedHosts="CorpServer56"}'
When you are working with computers in workgroups or homegroups, you must either use HTTPS as the transport or add the remote machine to the TrustedHosts
configuration settings. If you cannot connect to a remote host, verify that the service on the remote host is running and is accepting requests by running the
following command on the remote host:
winrm quickconfig
This command analyzes and configures the WinRM service.
...
http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx Installation and Configuration for Windows Remote Management
The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
Starts the WinRM service, and sets the service startup type to auto-start. Configures a listener for the ports that send and receive WS-Management protocol
messages using either HTTP or HTTPS on any IP address.
Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
Note: The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm
quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.
Further Information:
http://technet.microsoft.com/en-us/library/hh849694.aspx
Enable-PSRemoting
The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management
technology.
You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands.
Because the configuration activates listeners, it is pru- dent to run it only where it is needed.
http://msdn.microsoft.com/en-us/library/ee309369%28v=vs.85%29.aspx What's New in WinRM 2.0
WinRM 2.0 is included in Windows Server 2008 R2 and Windows 7.
http://msdn.microsoft.com/en-us/library/ff637750%28v=azure.10%29.aspx Install Windows PowerShell 2.0
Windows PowerShell 2.0 needs to be installed on Windows Server 2008 and Windows Vista only. It is already installed on Windows Server 2008 R2 and Windows
7.
QUESTION 36
A computer that runs Windows B has two hard disk drives. The user stores data files in specific storage locations outside of the standard libraries on both drives.
File search results are delayed.
You need to return relevant search results more quickly.
What should you do?
A.
B.
C.
D.
Remove all directories from indexed locations.
Add the specific storage locations to indexed locations.
Allow indexing of file contents in non-indexed locations.
Add encrypted files to the index.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 37
You administer Windows 8.1 Enterprise client computers in your company network.
You change settings on a reference computer by using the Windows Firewall with Advanced Security tool. You want to apply the same settings to other computers.
You need to save the Windows Firewall with Advanced Security configuration settings from the reference computer. You also need to be able to import the
configuration settings into a Group Policy object later.
What should you do?
A.
B.
C.
D.
Run the netshadvfirewall export c:\settings.xrnl command.
Run the netshadvfirewall export c:\settings.txt command.
Run the netshadvfirewall export c:\settinqs.wfw command.
Run the netsh firewall export c:\settings.xml command.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
* Netshadvfirewall is a command-line tool for Windows Firewall with Advanced Security that helps with the creation, administration, and monitoring of Windows
Firewall and IPsec settings and provides an alternative to console-based management. T
* Export subcommand
Exports the Windows Firewall with Advanced Security configuration in the current store to a file. This file can be used with the import command to restore the
Windows Firewall with Advanced Security service configuration to a store on the same or to a different computer.
Syntax
export [ Path ] FileName
Parameters
[ Path ] FileName
Required. Specifies, by name, the file where the Windows Firewall with Advanced Security configuration will be written. If the path, file name, or both contain
spaces, quotation marks must be used. If you do not specify Path then the command places the file in your current folder. The recommended file name extension is
.wfw.
Example
In the following example, the command exports the complete Windows Firewall with Advanced Security service configuration to the file C:\temp\wfas.wfw.
export c:\temp\wfas.wfw
Reference: Netsh Commands for Windows Firewall with Advanced Security
QUESTION 38
You administer Windows 8.1 Pro computers in your company network. A server named Server1 runs Windows Server 2012. Server1 allows incoming VPN and
Remote Desktop connections.
A remote user requires access to files on Server1.
You need to prevent the user from downloading any files from Server1 to his local computer. Your solution must ensure that the user can read the files on Server1.
What should you do?
A.
B.
C.
D.
Create a new VPN connection. Disable local drive mappings.
Create a new Remote Desktop connection.
Set the Local Computer policy to Disable drives redirection for Remote Desktop Services.
Create a new Remote Desktop connection. Set the Local Computer policy to Disable clipboard redirection for Remote Desktop Services.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc725887%28v=ws.10%29.aspx Device and Resource Redirection
Policy settings in this node control access to devices and resources on a client computer in Terminal Ser- vices sessions.
Do not allow drive redirection
This policy setting allows you to specify whether to prevent the mapping of client drives in a Terminal Ser- vices session (drive redirection).
By default, Terminal Services maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or My
Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, client drive
redirection is not allowed in Terminal Services sessions. If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy
setting, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Terminal
Services Configu- ration tool.
QUESTION 39
A company has 10 client computers that run Windows 8.1.
An employee updates a device driver on her computer and then restarts the computer. Windows does not start successfully. You start the computer in Safe Mode.
You need to identify the most recently installed driver and gather the maximum amount of information about the driver installation.
What should you do?
A.
B.
C.
D.
In Device Manager, run a scan for hardware changes.
In the Event Viewer console, display the Hardware Events log.
In the Programs and Features Control Panel item, display the installed updates.
Display the contents of the Windows\inf\setupapi.dev.log file.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://support.microsoft.com/kb/927521
Windows 7, Windows Server 2008 R2, and Windows Vista setup log file locations
C:\WINDOWS\INF\setupapi.dev.log
Contains information about Plug and Play devices and driver installation.
QUESTION 40
Employees are permitted to bring personally owned portable computers that run Windows 8.1 to the office. They are permitted to install corporate applications by
using the management infrastructure agent and access corporate email by using Windows Mail.
An employee's personally owned portable computer is stolen.
You need to protect the corporate applications and email messages on the computer.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Prevent the computer from connecting to the corporate wireless network.
Disconnect the computer from the management infrastructure.
Change the user's password.
Initiate a remote wipe.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
http://support.microsoft.com/kb/2847619
Win8: Security: Device wipe and device lock behavior across operating system versions and devices
Device wipe (also known as "remote wipe") is an Exchange ActiveSync (EAS) directive in which a user or administrator triggers a wipe of a device. Specifically, a
user goes to Outlook Web App and then triggers the device wipe behavior, or a Microsoft Exchange administrator invokes device wipe.
Remote device wipe may be triggered when a standard user account uses OWA or when an administrator uses the Exchange administrator tools. The following
screen shot shows the device wipe UI in Outlook Web App for a Windows Mobile phone. The UI is triggered by clicking the "device wipe" button (high- lighted in
red).
The following table shows the behavior of a mail app when the app receives a device wipe directive from a server.
...
http://windowsitpro.com/windows-8/doing-activesync-remote-wipe-windows-8-or-windows-rt-device Doing an ActiveSync Remote Wipe of a Windows 8 or Windows
RT Device
Q: If an ActiveSync Remote Wipe is initiated against a Windows 8 or Windows RT device via the built-in Mail application, what's deleted?
A: A Remote Wipe is the process where a device is selected from a central Microsoft Exchange or management console and chosen to be wiped, for example if
the device has been lost by the owner. The Re- mote Wipe command is then sent to the device via ActiveSync.
For a device such as a Windows Phone, all data is deleted, including email, contacts, calendar for all accounts and other data on the device such as documents
and picture.
However, when ActiveSync Remote Wipe is performed against a Windows 8 or Windows RT device, the scope of the wipe is more limited. Only the email, contacts,
and calendar for information stored in the built-in Mail applicationare deleted. Other data on the system is not deleted, including information from the Microsoft
Office Outlook client.
QUESTION 41
A company is setting up a new branch office. You deploy 10 new Windows 8.1 64-bit client computers in the branch office.
The computers cannot connect to the Internet. You run the ipconfig command on one computer.
The following output depicts a portion of the results.
You need to ensure that the computers can connect to the Internet.
What should you do?
A.
B.
C.
D.
Deploy a Dynamic Host Configuration Protocol (DHCP) server. Configure all computers to use DHCP.
Deploy an Internet Information Services (IIS) server. Configure all computers to use IIS.
Deploy a Domain Name System (DNS) server. Configure all computers to use DNS.
Deploy a Windows Internet Name Service (WINS) server. Configure all computers to use WINS.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://packetlife.net/blog/2008/sep/24/169-254-0-0-addresses-explained/ 169.254.0.0/16 addresses explained
Occasionally you may encounter a host which has somehow assigned itself an IP address in the 169.254.0.0/16 range. This is a particularly common symptom of
Windows machines which have been configured for DHCP but for whatever reason are unable to contact a DHCP server. When a host fails to dynamically acquire
an address, it can optionally assign itself a link-local IPv4 address in accordance with RFC 3927. Microsoft's term for this is Automatic Private Internet Protocol
Addressing (APIPA).
QUESTION 42
A company has an Active Directory Domain Services (AD DS) domain. All client computers are joined to the domain and run Window 8.1. You set up a
management computer named COMPUTER1.
You plan to administer COMPUTER1 by using Windows Remote Shell (WinRS) from your client computer.
You are unable to connect to COMPUTER1 by running the winrs command.
You need to ensure that you can manage only COMPUTER1 by using WinRS.
What should you do?
A.
B.
C.
D.
E.
Run the winrsnetdom join command on all client computers.
Run the winrsnetdom join command only on COMPUTER1.
Run the winrmquickconfig command on all client computers.
Run the winrmquickconfig command only on COMPUTER1.
Run the winrs /ad /u:administrator command on COMPUTER1.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://clintboessen.blogspot.com/2010/01/what-is-winrm.html What is WinRM?
...
The easiest way to start the WinRM server unless you want to do custom configuration is by using the "winrm quickconfig" command.
Hit "Y" to make the change. Next it asks you if you want to allow it to make a HTTP listener and create a windows firewall exception.
Hit "Y" to make the change. WinRM is now running and can be remotely managed by WinRS (the WinRM client).
Now re-run the "winrm enumerate winrm/config/listener" command to see if WinRM is working:
We see it listening on port 5985, this is because I'm running Windows 7 on this PC so its using WinRM 2.0.
Now from another PC I can use the WinRS client to remotely execute commands against that workstation/server by using "winrs -r:https://myserver.com"
command. Please note that you need to run the command as a user in the remote computers "Administrators" group. By default WinRS will use your active
windows credentials. However I do not run my computer as administrator for security purposes so I will need to specify a user account with Domain Admins rights to
ensure I have correct access by using the
-u: switch.
http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx Installation and Configuration for Windows Remote Management
The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
Starts the WinRM service, and sets the service startup type to auto-start. Configures a listener for the ports that send and receive WS-Management protocol
messages using either HTTP or HTTPS on any IP address.
Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
Note: The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm
quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.
QUESTION 43
You administer Windows 8.1 client computers in your company network.
A user reports that her Internet connection is slower than usual.
You need to identify the Process Identifiers (PIDs) of applications that are making connections to the Internet.
Which command should you run?
A.
B.
C.
D.
E.
netstat -an
jpconfig /showclassid
netstat -o
netsh set audit-logging
netsh show netdlls
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/bb490947.aspx
Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP
protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP
connections.
Syntax
netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Parameters
-a : Displays all active TCP connections and the TCP and UDP ports on which the computer is listening. -n : Displays active TCP connections, however, addresses
and port numbers are expressed numerically and no attempt is made to determine names.
-o : Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in
Windows Task Manager. This parameter can be combined with -a, -n, and -p.
...
Further Information:
netstat -an - there is no "an" parameter
http://technet.microsoft.com/en-us/library/cc940124.aspx
Ipconfig
/showclassid < adapter >
Displays all the DHCP class IDs allowed for the adapter specified.
http://technet.microsoft.com/sv-se/library/cc785383%28v=ws.10%29.aspx The Netsh Command-Line Utility
set audit-logging
Turns on or off the logging facility.
show netdlls
Displays the current version of installed Netsh helper DLLs.
QUESTION 44
You administer Windows 8.1 computers in your company network.
You need to configure remote computers to receive Windows Remote Shell commands.
Which cmdlet should you run on the remote computers?
A.
B.
C.
D.
Enable-PSRemoting
Set-PSSessionConfiguration
New-PSSession
Set-NetConnectionProfile
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The Enable-PSRemotingcmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management
technology.
http://technet.microsoft.com/en-us/library/hh849694.aspx
Enable-PSRemoting
The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management
technology.
On Windows Server® 2012, Windows PowerShell remoting is enabled by default. You can use En- able-PSRemoting to enable Windows PowerShell remoting on
other supported versions of Windows and to re-enable remoting on Windows Server 2012 if it becomes disabled.
You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands.
Because the configuration activates listeners, it is pru- dent to run it only where it is needed.
Further Information:
http://technet.microsoft.com/en-us/library/hh849726.aspx
Set-PSSessionConfiguration
The Set-PSSessionConfiguration cmdlet changes the properties of the session configurations on the local computer.
http://technet.microsoft.com/en-us/library/hh849717.aspx
New-PSSession
The New-PSSession cmdlet creates a Windows PowerShell session (PSSession) on a local or remote computer. When you create a PSSession, Windows
PowerShell establishes a persistent connection to the remote computer.
http://technet.microsoft.com/en-us/library/jj899565.aspx
Set-NetConnectionProfile
The Set-NetConnectionProfile cmdlet changes the network category setting of a connection profile. A connection profile represents a network connection.
QUESTION 45
You administer Windows 8.1 Pro computers in your company network.
A user reports that her computer experiences frequent STOP errors.
You need to repair the Windows 8.1 installation. Your solution must ensure that the user retains her current documents and settings.
What should you do?
A.
B.
C.
D.
Create a recovery drive.
Reinstall Windows 8.1. Restore the user's personal files from a backup.
Run Reset your PC.
Run Refresh your PC.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
QUESTION 46
You administer a Windows 8.1 Pro client computer. You disable system protection, install custom drivers, and create a system image.
You test a new application and discover that the computer becomes unresponsive. You need to return your computer to the state that existed prior to the installation
of the application.
What should you do?
A.
B.
C.
D.
Start the computer from a system recovery drive, and then perform System Restore.
Start the computer from a system repair disk, and then perform System Image Recovery.
Start the computer from the system repair disk, and then from the command prompt, run the BCDEdit /copy command.
Run Reset your PC.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
If you can't access Control Panel and you don't have a Windows installation disc or a system repair disc, use this method to restore your computer:
1. Restart your computer using the computer's power button.
2. Do one of the following:
If your computer has only one operating system installed,
hold down the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows
logo appears, try again.
If your computer has more than one operating system
installed, use the arrow keys to highlight the operating
system that you want to start, and then press F8.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter.
4. Select a keyboard layout, and then click Next.
5. Select a user name, type the password, and then click OK.
6. On the System Recovery Options menu, click System Image Recovery, and then follow the instructions.
QUESTION 47
A company has Windows 8.1 client computers. Users store data files in their user profile libraries.
You need to ensure that you can restore data files to any date while minimizing system overhead.
Which two actions should you perform? (Each answer presents part of the solution. Choose two.)
A.
B.
C.
D.
Enable Storage Spaces.
Configure settings to save copies of files daily.
Turn on File History.
Configure Windows 7 File Recovery.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
It's a feature introduced in Windows 8 that offers a new way to protect files for consumers. It supersedes the existing Windows Backup and Restore features of
Windows 7.
Before you start using File History to back up your files, you'll need to set up a drive to save files to. We recommend that you use an external drive or network
location to help protect your files against a crash or other PC problem.
File History only saves copies of files that are in your libraries, contacts, favorites, and on your desktop. If you have folders elsewhere that you want backed up, you
can add them to one of your existing libraries or create a new library.
..
No schedule
File History wakes up once an hour and looks for personal files that have changed. Versions of all files that have changed are replicated to a dedicated storage
device. This approach eliminates the need to set up a schedule and leave a computer idle for an extended period of time. One hour frequency offers a good
balance between the level of protection and amount of storage space consumed by file versions. Enthusiasts can change the frequency from 10 min to 1 day in
order to increase the level of protection or reduce storage consumption.
QUESTION 48
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1. A client computer named COMPUTER1 has a shared
printer named PRINTER1 installed and Remote Desktop enabled.
A user named Intern is a member of a security group named Sales. The Sales group is a member of the Remote Desktop Users group on COMPUTER1. Only the
Sales group has access to PRINTER1.
You need to configure COMPUTER1 to meet the following requirements:
Allow all members of the Sales group other than Intern to establish Remote Desktop connections to COMPUTER1.
Allow Intern to print to PRINTER1.
What should you do?
A.
B.
C.
D.
Assign Intern the Deny access to this computer from the network user right. Assign the Sales group the Allow log on locally user right.
Assign Intern the Deny log on through Remote Desktop Services user right.
Remove the Sales group from the Remote Desktop Users group.
Remove Intern from the Sales group.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The Deny log on through Remote Desktop Services user right on COMPUTER1 will prevent In- tern from establishing a Remote Desktop connection to
COMPUTER1. This will override the user rights assigned to Intern through his or her membership of the Sales group.
QUESTION 49
A company has an Active Directory Domain Services (AD DS) domain. The corporate environment includes a Windows Software Update Services (WSUS) server.
All client computers run Windows 8.1 and a custom web application. The company has a Microsoft Software Assurance for Volume Licensing agreement.
After deploying Windows Updates to the computers, the web application stops responding. You establish that a specific optional update installed by Windows
Update is causing the problem. In the Windows Update Control Panel item, the option to remove the update is unavailable.
You need to remove only the optional update from one client computer.
What should you do?
A.
B.
C.
D.
E.
Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Hotfix Uninstaller tool.
From the c:\Windows folder, open the $NTUninstallKBxxxx folder for the update and run the uninstall command.
Start the computer by using the Last Known Good Configuration option.
use System Restore to restore the computer to a point before the update was installed.
Run the Update-Sources Windows PowerShell cmdlet.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj713340.aspx
Getting Started with DaRT 8.0
How to Get DaRT 8.0
DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Soft- ware Assurance.
http://technet.microsoft.com/en-us/library/jj713326.aspx
Overview of the Tools in DaRT 8.0
From the Diagnostics and Recovery Toolset window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you
include when you create the DaRT 8.0 recovery image.
Exploring the DaRT tools
...
Hotfix Uninstall
The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool
when a hotfix or service pack is suspected in preventing the operating system from starting.
QUESTION 50
You add two hard drives to a Windows 8.1 computer. The computer does not have a RAID controller.
You plan to store data only on the two new hard drives.
You need to ensure that data loss will not occur if only one hard drive fails.
What should you do?
A.
B.
C.
D.
Create a spanned volume.
Create a storage pool that contains both drives and set the resiliency type to Two-way mirror.
Create a storage pool that contains both drives and set the resiliency type to Parity.
Create a storage pool that contains one drive, and then add the second drive to the pool.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/storage-spaces-pools Storage Spaces: FAQ
What is Storage Spaces?
Storage Spaces lets you group drives together in a storage pool. Then you can use pool capacity to create storage spaces.
Storage spaces are virtual drives that appear in File Explorer. You can use them like any other drive, so it's easy to work with files on them.
You can create large storage spaces and add more drives to them when you run low on pool capacity. If you have two or more drives in the storage pool, you can
create storage spaces that won't be affected by a drive failure--or even the failure of two drives, if you create a three-way mirror storage space.
http://blogs.msdn.com/b/olivnie/archive/2013/02/05/windows-8-storage.aspx Windows 8: Storage
Storage Spaces
Storage Spaces is a new feature for Windows® 8 that allows a user to combine several disks into a single pool of storage that provides for easier management of
multiple disks and resiliency against hardware failure on any of those disks. The disks that you use for Storage Spaces can be a mix of different-sized disks, and
these can be connected to Microsoft® Windows using both internal and external connections, making it easy to turn the collection of drives you already have into a
safe and easy-to-manage place to store things like your home videos or photos.
...
The table below describes the different options for resiliency:
QUESTION 51
A company plans to deploy Windows 8.1 to 100 client computers. Each client computer has 8 GB of memory.
You have the following requirements:
Ensure that the operating system fully utilizes the available memory.
Ensure that the operating system can be activated by using a Key Management Service (KMS) client setup key.
Minimize the operating system space requirements.
You need to identify the appropriate edition of Windows 8.1 to install on the client computers.
Which edition should you install?
A.
B.
C.
D.
E.
F.
Windows 8.1 Enterprise 32-bit
Windows 8.1 64-bit
Windows 8.1 Pro 32-bit
Windows 8.1 Enterprise 64-bit
Windows 8.1 Pro 64-bit
Windows 8.1 32-bit
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://msdn.microsoft.com/enus/library/windows/desktop/aa366778%28v=vs.85%29.aspx#physical_memory_limits_windows_8 Memory Limits for Windows and Windows Server Releases
Physical Memory Limits: Windows 8
The following table specifies the limits on physical memory for Windows 8.
http://windows.microsoft.com/en-us/windows-8/system-requirements System requirements
If you want to run Windows 8.1 on your PC, here's what it takes:
Processor: 1 gigahertz (GHz) or faster with support for PAE, NX, and SSE2 (more info) RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
Hard disk space: 16 GB (32-bit) or 20 GB (64-bit)
Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8-1/compare/default.aspx Compare Windows 8.1 Editions
For enterprise features like Domain Join and Group Policy you will need the Enterprise version of Windows 8.1.
Further Information:
http://technet.microsoft.com/en-us/library/ff793434.aspx
Understanding KMS
KMS activates computers on a local network, eliminating the need for individual computers to connect to Microsoft. To do this, KMS uses a clientserver topology.
KMS client computers can locate KMS host computers by using Domain Name System (DNS) or a static configuration. KMS clients contact the KMS host by using
remote procedure call (RPC).
QUESTION 52
A company has 100 client computers that run various editions of Windows 7. The company plans to upgrade or replace computers so that all client computers run
an edition of Windows 8.1.
The company plans to use the following programs and features on the Windows 8.1 computers:
32-bit and 64-bit software
Desktop apps
Windows Media Player
Storage Spaces
You need to identify the installation or upgrade paths that support the programs and features.
Which three paths meet the requirements? (Each correct answer presents a complete solution.
Choose three.)
A.
B.
C.
D.
E.
F.
Attach the VHD file by using Disk Management.
Import the contents of the system store from a file.
Export the contents of the system store into a file.
Make the VHD disk bootable.
Create a new empty boot configuration data store.
Create a new entry in the boot configuration data store.
Correct Answer: ABC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
You administer desktop computers in your company network.
You are developing User State Migration Tool (USMT) procedures.
You need to ensure that the files located in C:\projects are included in the migration package.
What should you do?
A.
B.
C.
D.
Option A
Option B
Option C
Option D
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc766056%28v=ws.10%29.aspx How To Include Files and Settings
To migrate a specific folder
The following examples show how to migrate a folder from a specific drive, and from any location on the computer.
..
Including subfolders. The following .xml file migrates all files and subfolders from C:\EngineeringDrafts to the destination computer.
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test"> <component type="Documents" context="System">
<displayName>Component to migrate all Engineering Drafts Documents including subfolders</display- Name>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
</objectSet>
</include>
</rules>
</role>
</component>
QUESTION 54
A company has a Windows 8.1 client computer with secure boot enabled. You install a third- party adapter with an Option ROM in the computer.
When you start the computer, it starts in the Windows Recovery Environment (Windows RE).
You need to ensure that the computer starts normally.
What should you do?
A.
B.
C.
D.
E.
Configure a system boot password from the system BIOS.
Disable C-State configuration from the system BIOS.
Replace the third-party adapter with an adapter that is signed by a trusted Certificate Authority (CA).
Enable hardware virtualization from the system BIOS.
Activate the Trusted Platform Module (TPM).
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh824987.aspx
Secure Boot Overview
Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC
manufacturer.
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the
signatures are good, the PC boots, and the firmware gives control to the operating system.
Frequently asked questions:
Q: What happens if my new hardware isn't trusted?
A:
Your PC may not be able to boot. There are two kinds of problems that can occur:
The firmware may not trust the operating system, option ROM, driver, or app because it is not trusted by the Secure Boot database.
Some hardware requires kernel-mode drivers that must be signed. Note: many older 32-bit (x86) drivers are not signed, because kernel-mode driver signing is a
recent requirement for Secure Boot.
Q: How can I add hardware or run software or operating systems that haven't been trusted by my manufacturer?
A:
You can check for software updates from Microsoft and/or the PC manufacturer. You can contact your manufacturer to request new hardware or software to be
added to the Secure Boot database.
For most PCs, you can disable Secure Boot through the PC's BIOS.
Q: How do I edit my PC's Secure Boot database?
A: This can only be done by the PC manufacturer.
QUESTION 55
A company has a Microsoft Software Assurance with Volume Licensing agreement. All client computers run Windows 8.1.
An employee updates a device driver on his computer and then restarts the computer. Windows does not start successfully. You establish that the updated driver is
the cause of the problem. You need to prevent the updated driver from running on startup, without impacting other drivers or personal data.
http://www.gratisexam.com/
What should you do?
A.
B.
C.
D.
Use the Windows 8.1 PC Reset feature.
Reset the computer to the manufacturer's system image.
Start the computer with the Diagnostic and Recovery Toolset and configure the driver options.
Use the File History feature.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj713340.aspx
Getting Started with DaRT 8.0
How to Get DaRT 8.0
DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Soft- ware Assurance.
http://technet.microsoft.com/en-us/library/jj713326.aspx
Overview of the Tools in DaRT 8.0
From the Diagnostics and Recovery Toolset window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you
include when you create the DaRT 8.0 recovery image.
Exploring the DaRT tools
...
Hotfix Uninstall
The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool
when a hotfix or service pack is suspected in preventing the operating system from starting.
QUESTION 56
You administer an installation of Windows 8.1 that runs as a virtual machine. The virtual machine has one 60-GB fixed size virtual hard disk with a single partition
assigned as Volume C.
The virtual machine runs out of disk space. You increase the size of the virtual hard disk file to 200 GB to support an application demand for increased storage on
Volume C.
You discover that Volume C is still 60 GB in File Explorer of the virtual machine.
You need to ensure that Volume C is configured to use 200 GB.
What should you do?
A.
B.
C.
D.
Configure the Virtual Disk type from fixed size to dynamic disk.
From Disk Management of the virtual hard disk, run the Extend the volume action task.
From Disk Management of the host computer, extend the Volume C.
Create a new storage space of Simple (no resiliency) type.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/dn282286.aspx
Online Virtual Hard Disk Resizing Overview
Expanding a virtual hard disk
Expanding a virtual hard disk increases the disk capacity of the virtual hard disk. However, to make the additional disk space available to the virtual machine
requires some extra configuration. From the per- spective of the virtual machine, the virtual hard disk expansion is reflected under Disk Manager as an unallocated
disk volume. The size of this unallocated volume is the difference between the original virtual hard disk and the nominated size of the expanded virtual hard disk.
To make the full virtual hard disk capacity available to the virtual machine, you need to use Disk Manager to expand the volume within the virtual machine. You can
do this by using the Extend Volume Wizard within Disk Manager. After this is complete, you will be able to view the expanded disk capacity in the operating system
of the virtual machine.
QUESTION 57
You administer client computers in your company network. The network includes an Active Directory Domain Services (AD DS) domain.
Employees in the human resources (HR) department are getting new Windows 8.1 Enterprise computers. The HR department uses a line of business (LOB)
Windows Store app named Timesheet that is not available in Windows Store.
You need to ensure that all employees in the HR department can use Timesheet on their new computers.
What should you do?
A.
B.
C.
D.
Set the Allow all trusted applications to install group policy to Enabled.
Set the Turn off the Store application group policy to Enabled.
Install and run the Microsoft Deployment Toolkit.
Install and run the Windows App Certification Kit.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Currently, the Consumer Preview and Windows Server 8 Beta are classified as "enterprise sideloading enabled." This means that when a PC is domain joined, it
can be configured to accept non-Windows Store apps from their IT admin. Moving forward, this functionality to install non-Windows Store Metro style apps will be
available for Windows 8.1 Enterprise Edition and Windows 8.1 Server editions.
On an enterprise sideloading enabled edition, the IT admins needs to verify:
The PC is domain joined.
The group policy is set to "Allow all trusted apps to install".
The app is signed by a CA that is trusted on the target PCs
Note: While the Windows Store will be a great way to deploy apps to business customers, there are apps that IT admins will want to distribute directly to the endusers. This option makes sense for custom and proprietary line-of-business (LOB) apps, or enterprise software purchased directly from an ISV.
QUESTION 58
You are troubleshooting a Windows 8.1 computer. The computer is not joined to a domain.
You are unable to change any of the advanced Internet options, which are shown in the Advanced Internet Options exhibit. (Click the Exhibit button.)
You need to ensure that you can change the advanced Internet options.
What should you do?
A.
B.
C.
D.
Use the Group Policy Object Editor.
Use the Internet Explorer Administration Kit (IEAK).
Run Internet Explorer and use the Settings charm to change options.
Run the iexplore -k command.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc731745.aspx
Open the Local Group Policy Editor
To open the Local Group Policy Editor from the command line Click Start , type gpedit.msc in the Start Search box, and then press ENTER .
http://technet.microsoft.com/en-us/library/gg699401.aspx
Group Policies in Internet Explorer 9
Group Policy provides a secure way to control Microsoft® Windows® Internet Explorer® 9 configurations.
Further Information:
http://msdn.microsoft.com/en-us/library/ie/hh826025%28v=vs.85%29.aspx IE Command-Line Options
-k Starts Internet Explorer in kiosk mode. The browser opens in a maximized window that does not display the address bar, the navigation buttons, or the status
bar.
http://technet.microsoft.com/en-us/ie/bb219517.aspx
Internet Explorer Administration Kit (IEAK) Information and Downloads
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment and management of customized Internet Explorer packages.
QUESTION 59
You administer Windows 8.1 Enterprise client computers in your company network.
You need to prevent users from installing applications published by a specific publisher in Windows Store.
Which type of AppLocker rule should you create?
A.
B.
C.
D.
Packaged app
Windows Installer
Executable
Script
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh831350.aspx
Packaged Apps and Packaged App Installer Rules in AppLocker
Commonly known as Windows apps, packaged apps can be installed through the Microsoft AppStore or can be side loaded using the Windows PowerShell cmdlets
if you have an Enterprise license. Packaged apps can be installed by a standard user unlike some desktop applications that sometimes require administrative
privileges for installation. In this topic, desktop applications refer to Win32 apps that run on the classic user desktop.
In Windows Server 2012 and Windows 8, AppLocker enforces rules for packaged apps separately from desktop applications. A single AppLocker rule for a
packaged app can control both the installation and the running of an app. Because all packaged apps are signed, AppLocker supports only publisher rules for
packaged apps. A publisher rule for a packaged app is based on the following attributes of the app:
Publisher name
Package name
Package version
http://www.grouppolicy.biz/2012/08/how-manage-published-a-k-a-metro-apps-in-windows-8-using-group-policy/ How manage Published (a.k.a Metro) Apps in
Windows 8 using Group Policy
Windows 8 is coming REALLY SOON and of course one of the big new things to computer with that is the new (Metro) Packaged Apps that run in the start screen.
However these apps are very different and do not install like traditional apps to a path or have a true "executable" file to launch the program. Of course enterprises
need a way to control these packaged apps and therefore Microsoft has added a new feature Packaged Apps option to the AppLocker feature.
An administrator can use this feature to only allow certain apps to download from the Windows App Store and/or use it to control what inbuilt Packaged Apps are
allowed to run.
QUESTION 60
A company has an Active Directory Domain Services (AD DS) domain. All company employees work on their personally owned computers, which are not members
of the domain. The computers are running Windows XP Home, Windows Vista Business, Windows 7 Home Premium, or Windows 8.1. The company is a volume
license subscriber.
The company plans to deploy Group Policies to all computers.
You need to ensure that every employee's computer is subject to the Group Policies.
What should you do first?
A.
B.
C.
D.
Join all the computers to the same homegroup.
Start each computer from a USB flash drive on which you have installed Windows To Go.
Start each computer from a USB flash drive on which you have installed BitLocker To Go.
Join all the computers to the domain.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj592685.aspx#BKMK_wtggp Deployment Considerations for Windows To Go
From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB
drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already
have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs.
Management of Windows To Go using Group Policy
In general, management of Windows To Go workspaces is same as that for desktop and laptop computers. There are Windows To Go specific Group Policy
settings that should be considered as part of Windows To Go deployment. Windows To Go Group Policy settings are located at \\Computer Configura- tion
\Administrative Templates\Windows Components\Portable Operating System\ in the Local Group Pol- icy Editor.
The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at \
\Computer Configuration\Administrative Templates\Windows Components\Store\ in the Local Group Policy Editor.
QUESTION 61
A company has Windows 8.1 client computers. The company uses Windows BitLocker Drive Encryption and BitLocker Network Unlock on all client computers.
Your need to collect information about BitLocker Network Unlock status.
Which command should you run?
A.
B.
C.
D.
Run the BitLockerWizard command.
Run the bitsadmin command.
Run the manage-bde command.
Run the BdeHdCfg command.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj574173.aspx
BitLocker: How to enable Network Unlock
Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables
easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system
reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from
hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely adminis- tered
servers.
Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention.
Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for
Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure
session.
....
Files to gather when troubleshooting BitLocker Network Unlock include:
1. The Windows event logs. Specifically the BitLocker event logs and the Microsoft-Windows-Deploy- ment-Services-Diagnostics-Debug log
..
2. The DHCP subnet configuration file (if one exists).
3. The output of the BitLocker status on the volume, this can be gathered into a text file using manage-bde -status or Get-BitLockerVolume in Windows
PowerShell
4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address
Further Information:
There's no such thing as a BitLockerWizard command.
http://technet.microsoft.com/en-us/library/ff829850.aspx
Bdehdcfg
Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption.
http://msdn.microsoft.com/en-us/library/aa362813%28v=vs.85%29.aspx BITSAdmin Tool
BITSAdmin is a command-line tool that you can use to create download or upload jobs and monitor their progress.
QUESTION 62
You connect a portable Windows 8.1 computer to a corporate network by using a VPN connection.
You are unable to access websites on the Internet only when you are using the VPN connection.
You need to ensure that you can access websites when connected to the corporate network.
What should you do?
A.
B.
C.
D.
E.
Configure the VPN connection to use only L2TP/IPSec.
In the TCP/IPv4 properties of the VPN connection, disable the Use default gateway on remote network setting.
Configure the VPN connection to use only PPTP.
In the TCP/IPv4 properties of the VPN connection, enable the Use default gateway on remote network setting.
In the TCP/IPv4 properties of the local area connection, disable the Automatic metric setting.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://support.microsoft.com/kb/317025
You Cannot Connect to the Internet After You Connect to a VPN Server
After you use a Virtual Private Network (VPN) connection to log on to a server that is running Routing and Remote Access, you may be unable to connect to the
Internet.
This issue may occur if you configure the VPN connection to use the default gateway on the remote network. This setting overrides the default gateway settings
that you specify in your Transmission Control Protocol/Internet Protocol (TCP/IP) settings.
To resolve this issue, configure the client computers to use the default gateway setting on the local network for Internet traffic and a static route on the remote
network for VPN-based traffic.
..
To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
Double-click My Computer, and then click the Network and Dial-up Connections link.
1.
Right-click the VPN connection that you want to change, and then click Properties.
2.
Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this 3.
connection list, and then click Properties.
Click Advanced, and then click to clear the Use default gateway on remote network check box.
4.
Click OK, click OK, and then click OK.
5.
...
Further information:
http://www.mydigitallife.info/disable-windows-tcpip-routing-automatic-metric-calculation-feature/ Disable Windows TCP/IP Routing Automatic Metric Calculation
Feature
TCP/IP, which Internet depending on, is a packet switching network that relies on routing to get data packets forward and transmit to the destination address.
Routing, or routeing, is a process of selecting paths in the network along intermediate nodes such as routers, bridges, gateways, firewalls, switches, or hubs, which
to send network traffic.
During routing, the selection of path is based on a routing metric, if there are more that one routes to the destination, such as in computers with multiple network
cards. Path selection selects or predicts the best and optimized route metric wihch is computed by a routing algorithm which takes into account information such as
bandwidth, network delay, hop count, path cost, load, MTU, reliability, and communication cost.
In Windows, metric calculation is automatically been done for each network interface or connection available. In the automatic metric calculation does not result in
best network performance and routing cost, user can disable the automatic metric calculation feature and manually set a metric value.
QUESTION 63
You administer Windows 8.1 Pro computers in your company network. A server named Server1 runs Windows Server 2012. Server1 allows incoming VPN and
Remote Desktop connections.
A remote user requires access to files on Server1.
You need to prevent the user from downloading any files from Server1 to his local computer.
Your solution must ensure that the user can read the files on Server1.
What should you do?
A.
B.
C.
D.
Create a new VPN connection. Disable local drive mappings.
Create a new VPN connection. Disable offline files.
Create a new Remote Desktop connection. Set the Local Computer policy to Disable drives redirection for Remote Desktop Services.
Create a new Remote Desktop connection. Set the Local Computer policy to Disable clipboard redirection for Remote Desktop Services.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc725887%28v=ws.10%29.aspx Device and Resource Redirection
Policy settings in this node control access to devices and resources on a client computer in Terminal Ser- vices sessions.
Do not allow drive redirection
This policy setting allows you to specify whether to prevent the mapping of client drives in a Terminal Ser- vices session (drive redirection).
By default, Terminal Services maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or My
Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, client drive
redirection is not allowed in Terminal Services sessions. If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy
setting, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Terminal
Services Configu- ration tool.
QUESTION 64
A company has an Active Directory Domain Services (AD DS) domain. The company has 20 Windows 8.1 tablet PCs that are connected to the domain.
You need to configure an authentication method that simplifies the process of logging on to the tablet PCs and maximizes the security.
Which authentication method should you configure?
A.
B.
C.
D.
Active Directory user account
PIN
Picture password
Microsoft account
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/connect-microsoft-domain-account Connect your Microsoft account to your domain account
You can connect your Microsoft account to your domain account and sync your settings and preferences between them. For example, if you use a domain account
in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other
Microsoft account settings that you see on your home PC. You'll also be able to use Microsoft account services from your domain PC without signing in to them
individually.
Further Information:
http://windows.microsoft.com/en-gb/windows-8/join-or-create-a-workgroup Joining a domain, workgroup or homegroup
Applies to Windows 8.1, Windows RT 8.1
QUESTION 65
You install a new hard drive as drive D on a Windows 8.1 computer. The computer is shared by two users.
You need to prevent either user from using more than half the available space on drive D of the computer.
What should you do?
A.
B.
C.
D.
Reconfigure drive D and create two volumes of equal size.
Create a share for each user on drive D.
Configure quota management on drive D.
Configure Storage Spaces on drive D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access- to-resources-14/
configure disk quotas
Disk quotas are set at disk level (not folder/files level) and take properties and go to the Quota tab.
By default it is disabled, you enable it by checking Enable quota management and then specify options such if it should only be warning/logging or an actual
consequence when you reach the quota such as checking Deny disk space to users exceeding quota limit.
Disk Quota is limited to only one per disk and one level for all users, running Windows Server 2012 you can set different limit per users.
QUESTION 66
A company has 10 Windows 8.1 (64-bit) client computers.
You plan to create backup resources to allow the recovery of Windows 8.1 on any of the client computers.
You need to ensure that you can recover the computers from bootable media.
What should you do?
A.
B.
C.
D.
E.
Turn on File History.
Create a new pool and storage space.
Run the Remove everything and install Windows feature.
Run the bcdboot command.
Run the recdisc command.
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
QUESTION 67
A company has Windows 8.1 client computers. Employees use multiple Windows Store apps on the computers.
An employee installs a legacy app on his portable computer and then experiences problems with the computer. He installs two additional legacy apps and the
problems increase. You need to return the computer to its default state and retain all user data and Windows Store apps.
What should you do?
A.
B.
C.
D.
Run the Remove everything and install Windows feature.
Perform a system restore to the most recent restore point.
Use Windows 7 File Recovery to restore all Windows system files.
Run the Refresh your PC without affecting your files feature.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you think an app or driver that you recently installed caused problems with your PC, you can restore Windows back to an earlier point in time, called a restore
point. System Restore doesn't change your personal files, but it might remove recently installed apps and drivers.
QUESTION 68
A company has Windows 8.1 client computers.
A user stores files in multiple locations.
You need to determine which of the locations will be included in File History.
Which three of the following file locations are included in File History? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
F.
Public Documents and Public Pictures
Contacts, Desktop, and Favorites
All system files
C:\Users and C:\ProgramData
My Documents and My Pictures
Desktop and Recycle Bin
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
* File History has a predefined set of items that it backs up automatically: all your libraries (both default libraries and custom libraries you created), the Desktop, your
Contacts, Internet Explorer favorites and the SkyDrive.
* Library example:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
It's a feature introduced in Windows 8 that offers a new way to protect files for consumers. It supersedes the existing Windows Backup and Restore features of
Windows 7.
File History only saves copies of files that are in your libraries, contacts, favorites, and on your desktop. If you have folders elsewhere that you want backed up, you
can add them to one of your existing libraries or create a new library.
http://www.dummies.com/how-to/content/back-up-your-computer-with-windows-8-file-history.html Back Up Your Computer with Windows 8 File History
..
File History backs up everything in your libraries: Documents, Music, Pictures, and Videos, as well as the Public folders. That's natural because that's where you
store your files.
...
Further Information:
Default settings:
QUESTION 69
You administer Windows 8.1 client computers in your company network. The company has an Active Directory Domain Services (AD DS) domain. The network
uses a DHCP server.
You want to assign a static dynamic host configuration protocol (DHCP) reservation for a client computer.
You need to identify the media access control (MAC) address of the client computer.
Which command should you use?
A.
B.
C.
D.
ipconfig /allcompartments /all
ipconfig /renew
ipconfig /all
ipconfig /flushdns
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Further Information:
http://technet.microsoft.com/en-us/library/dd197434.aspx
Ipconfig
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Pro- tocol (DHCP) and Domain Name System (DNS) settings.
Used without parameters, ipconfig displays In- ternet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.
Syntax
ipconfig [/allcompartments] [/all] [/renew [<Adapter>]] [/release [<Adapter>]] [/renew6[<Adapter>]] [/re- lease6 [<Adapter>]] [/flushdns] [/displaydns] [/registerdns] [/
showclassid <Adapter>] [/setclassid <Adapter> [<ClassID>]]
Parameters
/all
Displays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as
dial-up connections.
/allcompartments
Displays the full TCP/IP configuration for all compartments.
/flushdns
Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from
the cache, as well as any other entries that have been added dynamically.
/renew [<Adapter>]
Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available
only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when
you use ipconfig without parameters.
QUESTION 70
You administer Windows 8.1 laptops. The laptops are configured to connect to an unsecured wireless access point.
You plan to configure the wireless access point to encrypt wireless traffic and turn off SSID broadcast.
You need to ensure the laptops will join the secured wireless network automatically after the configuration changes.
What should you do?
A.
B.
C.
D.
Set Network Discovery to Enabled for the Public profile.
Create an ad hoc network.
Set the Unidentified Networks Properties User permissions to User can change location.
Create a network profile.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://www.eightforums.com/tutorials/37737-wireless-network-connect-disconnect-windows-8-a.html How to Connect To or Disconnect from a Wireless Network in
Windows 8 and 8.1
Connect To a Hidden Wireless Network in Networks (Connect To) ..
4. Click/tap on Hidden network at the bottom. (see screenshot below)
..
Further Information:
http://www.7tutorials.com/how-connect-hidden-wireless-networks-windows-8 How to Connect to Hidden Wireless Networks in Windows 8
http://blogs.technet.com/b/canitpro/archive/2014/03/05/windows-8-1-tips-manage-wireless-network-profiles.aspx Windows 8.1 tips: Managing Wireless Network
Profiles
QUESTION 71
You are working with a virtual machine (VM) named NYC-DC1 on a Windows 8.1 computer.
The status of NYC-DC1 in Hyper-V Manager is shown in the following graphic.
You plan to create a snapshot of NYC-DC1. You select the VM in Hyper-V Manager. The Snapshot option is not available in the Actions pane or in the context
menu.
You need to ensure that the Snapshot option is available.
What should you do?
A.
B.
C.
D.
E.
Resume the VM.
Specify a location in which Hyper-V Manager should save snapshot files.
Save the VM.
Connect to the VM.
Increase the Assigned Memory to at least 2048 MB.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.virtuatopia.com/index.php/Creating_and_Managing_Hyper-V_Snapshots Creating and Managing Hyper-V Snapshots
What is a Hyper-V Virtual Machine Snapshot?
yper-V virtual machine snapshots allow the status of a virtual machine (and the corresponding guest operating system) at a particular time to be saved such that it
can be reverted to that state at any point in the future. Hyper-V snapshots contain both the configuration settings of the virtual machine, and the state of the guest
operating system at the point the snapshot is taken. Snapshots may be taken of virtual machines when they are running, stopped or saved. It is not possible,
however, to take a snapshot of a paused Hyper-V virtual machine.
When a snapshot is taken of a saved or running virtual machine, the snapshot contains the status of both the file system and the memory used by the guest
operating system. As such, when the virtual machine is reverted to the snapshot everything, including applications running at the time the snapshot was taken, will
be restored to the snapshot status.
Virtual machines are reverted to a snapshot status by applying the desired snapshot to the virtual machine.
QUESTION 72
You administer client computers in your company network. The network includes an Active Directory Domain Services (AD DS) domain.
Employees in the human resources (HR) department are getting new Windows 8.1 Enterprise computers. The HR department uses a line of business (LOB)
Windows Store app named Timesheet that is not available in Windows Store.
You need to ensure that all employees in the HR department can use Timesheet on their new computers.
What should you do?
A.
B.
C.
D.
Use a local account to log on to each computer.
Set the Turn off the Store application group policy to Enabled.
Activate the sideloading product key on each computer.
Set the Allow Store to install apps on Windows To Go workspaces group policy setting to Enabled.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://msdn.microsoft.com/en-us/library/windows/apps/jj657971.aspx Deploying enterprise apps
Preparing your PCs
Windows Server 2012 and Windows 8 Enterprise editions are classified as "enterprise sideloading enabled." This means that the PCs are ready to receive the
apps that you deploy outside of the Windows Store. To make sure a PC is ready, verify that:
The PC is domain joined.
The group policy is set to Allow trusted apps to install.
If you are deploying apps to Windows 8 Pro, Windows RT, or Windows 8 Enterprise, you can configure them for sideloading apps by:
Activating the product key for enterprise sideloading on each PC.
Setting the group policy to Allow trusted apps to install.
Further Information:
http://technet.microsoft.com/en-US/windows/jj874388.aspx
Try It Out: Sideload Windows Store Apps
By now, you are familiar with Windows Store apps. There are some pretty cool ones available in the store, and publishers are adding more every week. A great
thing about Windows Store apps is they are super simple to install (and uninstall). But what about line of business (LOB) apps? You probably do not want to publish
them through the Windows Store since that would make them publically available. Instead, you can sideload LOB apps. Sideloading simply means installing a
Windows Store app without publishing it in and downloading it from the store. You install it directly.
...
Verify the Requirements
There are a small number of requirements computers must meet to sideload Windows Store apps on them. We will start with computers running Windows 8
Enterprise:
The computer running Windows 8 Enterprise must be joined to the domain. You must enable the "Allow all trusted apps to install" Group Policy setting. The app
must be signed by a \ certificate that is chained to a trusted root certificate. In many cases, the only thing you will have to do is enable the policy setting. Your
computers running Windows 8 Enterprise are already joined to the domain, and your developers will sign the app.
...
Sideload the App for a User
As promised when we started this article, sideloading the sample app is no more difficult than running a few commands in Windows PowerShell. In fact, the first
command should not really count, as it just im- ports the AppX module into Windows PowerShell.
...
Sideload the App for All Users
DISM is a command-line tool that you can use to service a Windows image -- online or offline. You can use DISM to provision a Windows Store app in an online
Windows image for all users who share the computer. To do that, you use the Add-ProvisionedAppxPackage option.
...
Use a Sideloading Product Key
Earlier in this article, we listed the requirements for sideloading Windows Store apps. The computer must be running Windows 8 Enterprise. It must be joined to the
domain, and you must enable the policy setting "Allow all trusted apps to install." This is great if in a typical enterprise scenario where you use the Enter- prise
editions and join computers to the domain. What about increasingly common Bring Your Own De- vice (BYOD) scenarios, where Windows RT devices and
computers running Windows 8 Pro are more common; and devices are not always joined to the domain?
Easy.
You can enable sideloading for these additional scenarios by installing a sideloading product key on the computers.
...
Conclusion
We hope that experiencing how to sideload Windows Store apps firsthand showed you how simple the process really is. You enable sideloading on computers
running Windows 8 Enterprise by simply joining them to the domain and enabling the "Allow all trusted apps to install" policy setting. You can enable app
sideloading in the scenarios that Table 1 describes by using a sideloading product key. To sideload an app for an individual user, you use the add-appxpackage
cmdlet in Windows PowerShell, and to provision an app for all users, you use the Add-ProvisionedAppxPackage DISM option.
Figure 3. Sideloading Requirements
http://blogs.msdn.com/b/hyperyash/archive/2012/08/15/enabling-windows-store-on-windows-to-go-machines.aspx Enabling Windows Store on Windows To Go
machines
Windows To Go is a new feature that is introduced in Windows 8 Enterprise version. It enables users to boot directly into an enterprise level Operating System from
their external hard-drives. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient
use of resources for alternative workplace scenarios. One of the restrictions that is applied to Windows To Go machines is that the Windows Store is disabled by
default. .. But, it is not that you cannot enable it at all. It is possible, and you do it via the group policies. This can be through the Active Directory Group Policy (true
for enterprise environments); or through local group policies (true for small environments).
http://newsignature.com/blog/2013/01/17/disabling-the-windows-8-app-store/ Disabling the Windows 8 App store
Once the Group Policy is applied to a workstation, then a user will see the following message if they try to access the App store:
QUESTION 73
A company has 10 client computers that run Windows 7. All client computers have the same hardware configuration. The hardware configuration includes custom
hardware components manufactured by the company.
The computer hard drives are configured as shown in the Disk Management window exhibit.
(Click the Exhibit button.)
The company plans to upgrade the client computers to Windows 8.1.
You need to test hardware compatibility with Windows 8.1 on one client computer and leave the existing Windows 7 installation intact.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Insert the Windows 8.1 installation media into the computer, and then run the Setup program.
Shrink the current hard drive partition, and then create a new partition for the Windows 8.1 installation.
Change the hard drive to a dynamic disk and create a new dynamic volume.
Start the computer from the Windows 8.1 installation media and then select the Custom installation option.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows/install-multiple-operating-system-multiboot#1TC=windows-7 Install more than one operating system (multiboot)
If your computer's hard disk has adequate free disk space, you can install a newer version of Windows on a separate partition and keep the earlier version of
Windows on your computer. This is called a multiboot or dual-boot configuration. Whenever you start your computer, you can then choose which version of
Windows to run.
Multibooting requires separate partitions on your computer's hard disk for each operating system.
Example of a multiboot disk configuration
Further Information:
http://www.pcmag.com/article2/0,2817,2425418,00.asp
How to Dual Boot Windows 8.1 and Windows 7
..
Step 2: Partition
You'll have to create a partition of at least 16GB (20GB for 64-bit Windows 8.1) for your side-by-side Windows 8.1 and 7 installation. To do this, type "disk
management" in the Start button's text box, which will display a "Create and format hard disk partitions" choice at the top of the Start panel. Click on that to open the
Disk Management utility. You'll probably have two partitions. Right-click on the largest one, and choose Shrink Volume from the context menu.
A "Querying Shrink Space" dialog will appear for a while, and then another message will tell you how much free space can be squeezed out of the drive in MB.
Enter a size above 16GB for the 32-bit version of Windows 8.1 and over 20GB for the 64-bit flavor, and then hit the Shrink button. This will create an Un- allocated
section equal to the size you chose in the chart at the bottom of the window. Leave it be for now, we'll let the Windows 8.1 installer take over from here.
...
Step 4: Run the Windows 8.1 Installer
Pop in the installer DVD you burned or the USB stick you prepared, and restart your PC. Choose your language, then "Install Now." You'll need a product key that
matches your installer ISO. For the Windows 8.1 Preview installer, for example, the key is NTTX3-RV7VB-T7X7F-WQYYY-9Y92F. Accept the software license, and
after this, choose Custom, not Upgrade. Now is when you're presented with the choice of partitions, click "Drive options (advanced)" and then select the Unallocated
space we created in step 2. Next, click New from the drive options icons below. Accept the full size displayed, and hit Apply.
Now we've got a freshly formatted partition to install Windows 8 on.
QUESTION 74
You administer Windows 8.1 Pro computers in your company network.
A user named User1 encrypts a sensitive file named file.txt by using Encrypting File System (EFS).
A user named User2 must be able to read file.txt.
You need to configure unencrypted read access to file.txt for User2.
What should you do?
A. Configure Advanced Security Settings.
B. Share the folder that contains file.txt.
C. Configure Advanced Attributes.
D. Configure Effective Access.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Further Information:
http://www.howtogeek.com/178912/how-to-encrypt-files-and-folders-in-windows-8.1-using-efs/ How to Encrypt Files and Folders in Windows 8.1 Pro Using EFS
If you are concerned about other users of your system having access to your files, there has been a simple way to encrypt files and folders in every version of
Windows since XP called Encrypted File Service (EFS). We will show you how to apply EFS to your files and folders.
NOTE: Files and folders you encrypt using EFS can only be decrypted using the Windows login that encrypted the file. Other users on the system will be able to
see the files but will not be able to open them, even if they are running as administrator. That means that you also need to be careful you do not forget your login, or
you will be locked out of your own files.
http://technet.microsoft.com/en-us/library/bb457007.aspx
How to Share Files Using Encrypting File System
This article describes how to share files using EFS, and is intended to assist system architects and administrators in developing best practices for creating data
recovery and data protection strategies using Windows XP.
..
In Windows XP, EFS supports file sharing between multiple users on a single file. This provides an opportunity for data recovery by adding additional users to an
encrypted file. Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of
encrypted files by multiple users without actually using groups, and without sharing private keys between users.
Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before
additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Indi- vidual users
may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS.
..
To add users
1. Click the Add button as shown in Figure 2 below.
Figure 2. Adding users
A new dialog box will be presented showing the existing users and certificates that are cached in the "Other People" certificate store of the local machine. It will also
allow new users to be added from the Active Directory by clicking the Find User button.
Note A user must have a valid EFS certificate in the Active Directory to be added.
2. Click the Find User button to find new users as shown in Figure 3 below.
Figure 3. Finding new users from Active Directory
The standard object picker dialog box will be displayed and a search will be conducted.
QUESTION 75
You use a Windows 8.1 laptop.
You want to back up the Pictures library.
You need to configure a backup strategy that backs up the Pictures library to a network drive every day. Additionally, you need to be able to recover a copy of any
files from the library that have been changed within the last month.
What should you do?
A.
B.
C.
D.
Create a system image.
Configure File History.
Create a Storage Pool.
Configure computer restore points.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
...
As described above, to start protecting your libraries, you need to attach an external drive or select a network location. File History will store versions of your files
on this device.
...
Further Information:
QUESTION 76
A company has client Windows Vista and Windows 8.1.
You need to ensure that the client computers can share local resources.
Which two actions should you perform on the client computers? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
E.
Disable IPv6.
Enable network discovery.
Configure IPSec.
Enable IPv6.
Configure the Windows Firewall.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
By changing your network location to Home or Work, network discovery is automatically turned on . You can also turn on these sharing options individually:
Network discovery
File sharing (in Windows 7, this is automatically turned on when you share a file or folder)
Public folder sharing
When you turn on these options, your computer can:
Find other computers and devices on your home network and have other computers find your computer
Share its files and folders
Share its Public folders
http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-vista What is network discovery?
Network discovery is a network setting that affects whether your computer can see (find) other computers and devices on the network and whether other computers
on the network can see your computer.
There are three network discovery states:
On - This state allows your computer to see other network computers and devices and allows people on other network computers to see your computer. This
makes it easier to share files and printers. Off - This state prevents your computer from seeing other network computers and devices and prevents people on other
network computers from seeing your computer. Custom - This is a mixed state in which some settings related to network discovery are enabled, but not all of them.
For example, network discovery could be turned on, but you or your system administrator might have disabled a firewall exception that affects network discovery.
Network discovery requires that the dnscache, fdrespub, ssdpsrv, and upnphost services are started, that the Windows Firewall exception for network discovery is
enabled, and that other firewalls are not interfer- ing with network discovery.
Further Information:
http://www.dummies.com/how-to/content/how-to-browse-for-a-network-in-windows-81.html How to Browse for a Network in Windows 8.1
..
3. If you see the message Network discovery and file sharing are turned off. Network computers and devices are not visible. Click to change... just below the
ribbon, select that message. Then select Turn On Network Discovery and File Sharing on the pop-up menu. This option enables your computer to find other
computers and to be found by others.
...
http://windowsitpro.com/windows-81/turning-device-discovery-windows-81 Turning on Device Discovery for Windows 8.1
Some of you may be used to being able to locate other PCs and devices connected to the network through Windows. By default, this function is turned off in
Windows 8.1 to ensure security and privacy.
However, it can be a pain to locate.
...
5. Turn on the Find devices and content selection.
QUESTION 77
You administer Windows 8.1 client computers in your company network. The company has an Active Directory Domain Services (AD DS) domain named
contoso.com. The domain contains a domain controller configured to lease DHCP and DHCPv6 addresses.
A client computer named Computer1 is configured to obtain IPv4 and IPv6 addresses automatically.
A user reports that an IPv6-enabled application named App1 is not working on Computer1.
You discover that Computer1 has an IPv6 address prefix of FE80::. You are able to ping Computer1 successfully by using IPv4, but when you use IPv6, your ping
requests time out.
You need to ensure that Computer1 will support Appl.
Which command should you use?
A.
B.
C.
D.
jpconfig /allcompartments /all
jpconfig /renew
jpconfig /renew6
jpconfig /release6
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://en.wikipedia.org/wiki/Link-local_address
Link-local address
In a computer network, a link-local address is a network address that is valid only for communications within the network segment (link) or the broadcast domain
that the host is connected to. Link-local addresses are usually not guaranteed to be unique beyond a single network segment. Routers therefore do not forward
packets with link-local addresses.
Link-local addresses for IPv4 are defined in the address block 169.254.0.0/16, in CIDR notation. In IPv6, they are assigned with the FE80::/10 prefix.
http://technet.microsoft.com/en-us/library/dd197434.aspx
Ipconfig
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Pro- tocol (DHCP) and Domain Name System (DNS) settings.
Used without parameters, ipconfig displays In- ternet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.
Syntax
ipconfig [/allcompartments] [/all] [/renew [<Adapter>]] [/release [<Adapter>]] [/renew6[<Adapter>]] [/re- lease6 [<Adapter>]] [/flushdns] [/displaydns] [/registerdns] [/
showclassid <Adapter>] [/setclassid <Adapter> [<ClassID>]]
Parameters
/allcompartments
Displays the full TCP/IP configuration for all compartments.
/renew [<Adapter>]
Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available
only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when
you use ipconfig without parameters.
/renew6 [<Adapter>]
Renews DHCPv6 configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is
available only on computers with adapters that are configured to obtain an IPv6 address automatically. To specify an adapter name, type the adapter name that
appears when you use ipconfig without parameters.
/release6[<Adapter>]
Sends a DHCPRELEASE message to the DHCPv6 server to release the current DHCP configuration and discard the IPv6 address configuration for either all
adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to
obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
QUESTION 78
You administer Windows 8.1 Enterprise client computers in your company network.
You change settings on a reference computer by using the Windows Firewall with Advanced Security tool. You want to apply the same settings to other computers.
You need to save the Windows Firewall with Advanced Security configuration settings from the reference computer. You also need to be able to import the
configuration settings into a Group Policy object later.
What should you do?
A.
B.
C.
D.
Run the netshadvfirewall export c:\settings.xml command.
Open Local Group Policy Editor, select the Windows Firewall with Advanced Security node, and then select the Export Policy action.
Open Local Group Policy Editor, select the Security Settings node, and then select the Export List action.
From Control Panel, open Windows Firewall, click Advanced Settings, and then select the Export Policy action.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
The export netsh file format is wfw, not .xml .
Also, the export works just fine from the "Advanced Settings", which actually launches the full fledged Windows Firewall with Advanced Security:
Explanation:
http://www.howtogeek.com/100409/group-policy-geek-how-to-control-the-windows-firewall-with-a-gpo/ Group Policy Geek: How to Control the Windows Firewall
With a GPO
...
Exporting the Policy
To export the policy, in the left hand pane click on the root of the tree which says Windows Firewall with Advanced Security. Then click on Action and select Export
Policy from the Menu
You should save this to either a network share, or even a USB if you have physical access to your server.
We will go with a network share.
Importing the Policy Into Group Policy
....
To import the firewall policy you need to open an existing GPO or create a new GPO and link it to an OU that contains computer accounts
..
Now navigate to:
Open Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Ad- vanced Security
Click on Windows Firewall with Advanced Security and then click on Action and Import Policy
You will be told that if you import the policy it will overwrite all existing settings, click yes to continue and then browse for the policy that you exported in the previous
section of this article. Once the policy has finished being Imported you will be notified.
...
Further Information:
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx Netsh Commands for Windows Firewall with Advanced Security
Netsh advfirewall is a command-line tool for Windows Firewall with Advanced Security that helps with the creation, administration, and monitoring of Windows
Firewall and IPsec settings and provides an alternative to console-based management.
..
To start the advfirewall context at an elevated command prompt, type netsh, press ENTER, then type advfirewall and press ENTER.
..
export
Exports the Windows Firewall with Advanced Security configuration in the current store to a file. This file can be used with the import command to restore the
Windows Firewall with Advanced Security service configuration to a store on the same or to a different computer. The Windows Firewall with Advanced Se- curity
configuration on which the export command works is determined by the set store command. This command is the equivalent to the Export Policy command in the
Windows Firewall with Advanced Secu- rity MMC snap-in.
Syntax
export [ Path ] FileName
Parameters
[ Path ] FileName
Required. Specifies, by name, the file where the Windows Firewall with Advanced Security configuration will be written. If the path, file name, or both contain
spaces, quotation marks must be used. If you do not specify Path then the command places the file in your current folder. The recommended file name extension
is .wfw.
QUESTION 79
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain.
An employee is unable to connect his portable client computer to his home office homegroup.
You need to ensure that the network adapter settings of the client computer support joining a homegroup.
What should you do?
A.
B.
C.
D.
Disable IPv6.
Enable IPv4.
Enable IPv6.
Disable IPv4.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://social.technet.microsoft.com/wiki/contents/articles/4515.homegroup-and-ipv6-troubleshooting-guide.aspx HomeGroup and IPv6 Troubleshooting Guide
..
Your router and all computers must be IPv6 capable (hardware, firmware, and drivers) to use Home- Group.
...
Further Information:
http://blogs.technet.com/b/askpfeplat/archive/2013/06/17/ipv6-for-the-windows-administrator-why-you-need-to- care-about-ipv6.aspx
IPv6 for the Windows Administrator: Why you need to care about IPv6 ...
Moreover, applications that you might not think are using IPv6--such as Remote Assistance, Home- Group, DirectAccess, and Windows Mail--could be.
...
QUESTION 80
You administer a Windows 8.1 Pro computer. The computer has File History turned on, and system protection turned on for drive C.
You accidentally delete a folder named Libraries\Customers by using the Shift+Delete keyboard shortcut.
You need to restore the most recent version of the folder to its original location.
Which approach should you use to restore the folder?
A.
B.
C.
D.
Recycle Bin
The latest restore point
File History
A manually selected restore point
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
It's a feature introduced in Windows 8 that offers a new way to protect files for consumers. It supersedes the existing Windows Backup and Restore features of
Windows 7.
Before you start using File History to back up your files, you'll need to set up a drive to save files to. We recommend that you use an external drive or network
location to help protect your files against a crash or other PC problem.
File History only saves copies of files that are in your libraries, contacts, favorites, and on your desktop. If you have folders elsewhere that you want backed up, you
can add them to one of your existing libraries or create a new library.
Advanced settings can be accessed from the File History control panel applet.
File History also supports new storage features introduced in Windows 8. Users who have lots of data to back up can use Storage Spaces to create a resilient
storage pool using off-the-shelf USB drives. When the pool fills up, they can easily add more drives and extra storage capacity to the pool.
QUESTION 81
You use a computer that has Windows 7 Professional (32-bit) installed.
You need to migrate the computer to Windows 8.1 Pro (64-bit).
Which installation method should you use?
A.
B.
C.
D.
Download and run Windows 7 Upgrade Advisor.
Download and run Windows 8.1 Upgrade Assistant.
Start Windows 8.1 custom installation from a DVD.
Open Windows Anytime Upgrade.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/upgrade-to-windows-8 Update to Windows 8.1: FAQ
Can I update from a 32-bit version of Windows to a 64-bit version of Windows 8.1? If your PC has a 64-bit capable processor (CPU) but is currently running a 32-bit
version of Windows, you can install a 64-bit version of Windows 8.1, but you'll need to buy it as a DVD and perform a clean installation. You won't be able to keep
any files, settings, or apps when you update from a 32-bit to a 64-bit version.
QUESTION 82
A company has Windows 8.1 client computers. All user data is stored locally. Each data file has a system access control list (SACL).
You need to ensure that an event is generated when a user modifies a local file.
http://www.gratisexam.com/
Which audit policy setting should you configure?
A.
B.
C.
D.
Audit process tracking
Audit policy change
Audit object access
Audit privilege use
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc776774%28v=ws.10%29.aspx Audit object access
This security setting determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its
own system access control list (SACL) specified.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry
when a user successfully accesses an object that has an appropriate SACL specified. Failure audits generate an audit entry when a user unsuccess- fully attempts
to access an object that has a SACL specified.
Further Information:
https://blogs.manageengine.com/product-blog/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find- the-who-what-where-when-of-file-folderaccess.html
Object Access Auditing Simplified Find the `Who, What, Where, When' of File & Folder Access
QUESTION 83
You add three hard drives to a Windows 8.1 computer. The computer has a RAID controller.
You plan to store data only on the three new hard drives.
You need to ensure that data loss will not occur if only one hard drive fails.
What should you do?
A.
B.
C.
D.
Create a storage pool that contains all drives and set the resiliency type to Parity.
Create a storage pool that contains one drive, and then add the other two drives drive to the pool.
Create a spanned volume.
Create a storage pool that contains all drives and set the resiliency type to Two-way mirror.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/storage-spaces-pools Storage Spaces: FAQ
What is Storage Spaces?
Storage Spaces lets you group drives together in a storage pool. Then you can use pool capacity to create storage spaces.
Storage spaces are virtual drives that appear in File Explorer. You can use them like any other drive, so it's easy to work with files on them.
You can create large storage spaces and add more drives to them when you run low on pool capacity. If you have two or more drives in the storage pool, you can
create storage spaces that won't be affected by a drive failure--or even the failure of two drives, if you create a three-way mirror storage space.
http://blogs.msdn.com/b/olivnie/archive/2013/02/05/windows-8-storage.aspx Windows 8: Storage
Storage Spaces
Storage Spaces is a new feature for Windows® 8 that allows a user to combine several disks into a single pool of storage that provides for easier management of
multiple disks and resiliency against hardware failure on any of those disks. The disks that you use for Storage Spaces can be a mix of different-sized disks, and
these can be connected to Microsoft® Windows using both internal and external connections, making it easy to turn the collection of drives you already have into a
safe and easy-to-manage place to store things like your home videos or photos.
...
The table below describes the different options for resiliency:
QUESTION 84
You administer a Windows 8.1 computer that runs Hyper-V. The computer hosts a virtual machine with multiple snapshots. The virtual machine uses one virtual
CPU and 512 MB of RAM.
You discover that the virtual machine pauses automatically and displays the state as paused- critical
You need to identify the component that is causing the error.
Which component should you identify?
A.
B.
C.
D.
Insufficient hard disk space
Insufficient number of virtual processors
No virtual switch defined
Insufficient memory
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/04/22/why-is-my-virtual-machine-paused-critical-hyper- v.aspx
Why is my virtual machine "Paused-Critical"? [Hyper-V]
Virtual machines will go into the "Paused-Critical" state under Hyper-V if we detect that we are going to run out of space for the virtual hard disks. If we were to run
out of space for expanding a dynamic or differencing virtual hard disk we would start failing disk write operations inside the virtual machine. The result would
most likely be that the guest operating system would crash. To avoid this problem we periodically poll the storage that is being used for the virtual hard disks. If the
free space falls under 2 gigabyte we will start to log warning messages in the event log. If the free space falls under 200 megabyte we will pause the virtual machine
and mark it as "Paused-Critical".
Further Information:
http://www.neilbryan.ca/hyper-v-paused-critical-and-saved-critical/ Hyper-V Paused-Critical and Saved-Critical
QUESTION 85
A company has Windows 8.1 client computers.
Users frequently run a custom web application that modifies the system registry. Each time the application starts, the user is prompted for administrative approval.
You need to ensure that users can run the custom application and not be prompted for administrator approval.
What should you do?
A.
B.
C.
D.
Turn off Windows SmartScreen.
Set the Internet zone privacy level to Low.
Set the User Account Control (UAC) settings to Never notify.
Set the Internet zone security level to Medium.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.eightforums.com/tutorials/5509-user-account-control-uac-change-settings-windows-8-a.html How to Change User Account Control (UAC) Settings in
Windows 8 and 8.1
Never notify me
You won't be notified before any changes are made to your PC. If you're signed in as an administrator, apps can make changes to your PC without your knowledge.
If you're signed in as a standard user, any changes that require administrator permissions will automatically be denied.
QUESTION 86
You are troubleshooting a computer that runs Windows 8.1.
A third-party application no longer functions correctly.
You need to repair the application. What should you do?
A.
B.
C.
D.
Run the reset /f command and specify the application's .msi file.
Run the msiexec /f command and specify the application's .msi file.
Use File History to revert the application's .msifile to a previous version.
Run the replace command, specify the application's .msi file as the source, and then specify the application's original installation directory as the destination.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference:http://technet.microsoft.com/en-us/library/cc759262(v=ws.10).aspx (search for `/f') Explanation:
http://technet.microsoft.com/en-us/library/cc759262%28v=ws.10%29.aspx Msiexec (command-line options)
To repair a product
Syntax
msiexec /f [p][o][e][d][c][a][u][m][s][v]{Package | ProductCode}
QUESTION 87
You are a desktop administrator for your organization.
Your organization has Windows 7 computers and wants to move to a Windows 8.1 solution. The organization purchases the licenses.
You need to migrate from Windows 7 to Windows 8.1 while ensuring that programs, settings, and files migrate as well.
What should you do?
A.
B.
C.
D.
Choose the Change the product key.
Choose a clean install and use Windows Easy Transfer.
Choose an upgrade after running setup.exe from the Windows 8.1 disk.
Choose a clean install from the Media boot without formatting.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/upgrade-to-windows-8 Update to Windows 8.1: FAQ
How do I update to Windows 8.1?
Here's how to update to Windows 8.1 depending on the version of Windows you're currently running:
..
If you're running Windows 7, you can buy and download Windows 8.1 using Windows 8.1 Upgrade Assis- tant. In Upgrade Assistant, you'll have the option to install
Windows 8.1 now, later, or using media with an ISO file or a USB flash drive.
..
Will I be able to keep my files, settings, and apps?
If you start (boot) your PC from installation media that you created when you downloaded the ISO, such as a DVD or USB flash drive, you won't be able to keep
your apps, Windows settings, or personal files when you install Windows 8.1.
..
If you're running --> Windows 7
You can keep --> Personal files
..
If you're running Windows 7, Windows Vista, or Windows XP, all of your apps will need to be reinstalled using the original installation discs, or purchase
confirmation emails if you bought the apps online.
http://windows.microsoft.com/en-us/windows-8/upgrade-assistant-download-online-faq Upgrade Assistant: FAQ
Upgrade Assistant is a free download that scans your PC, desktop apps, and connected devices to see if they'll work with a later version of Windows, and then
provides a free compatibility report.
...
It provides a compatibility report. The compatibility report lists your apps and devices that will work in Windows 8 or Windows 8.1, those that might not work or won't
be available, and what you can do to get them working again. You can save or print the compatibility report to use later. If some of your apps and devices aren't
listed, it might be because we don't have compatibility info from the developer or manufacturer for that product yet.
...
Note that after you upgrade, all of your compatible desktop apps will need to be reinstalled using the original installation discs, or purchase confirmation emails if
you bought the apps online.
QUESTION 88
You are a desktop administrator for your organization.
You have a small group of Windows 8.1 computers you want to upgrade to Windows 8.1 Pro.
You need to ensure that these computers have Windows 8.1 Pro installed on them.
You receive product keys from your contracting team. What should you do next?
A.
B.
C.
D.
Put in a Windows 8.1 DVD. Your current product key will be recognized, and then you can install Windows Pro.
Select Run >Regedit> HKLM > License. Then overwrite the dword license file.
Under Control Panel, select "Add features to Windows 8.1", and choose "Add product key".
Under settings, add roles > Windows 8.1 Pro. Then input the license file.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://www.petri.co.il/change-windows-8-1-edition-without-reinstalling.htm Easily Change Windows 8.1 Edition Without Reinstalling
..
Solution
To switch between the editions of Windows you need to use a tool called Windows Anytime Upgrade, which is installed on your computer. You will also need the
right product key.
..
..
In the Add features to Windows 8.1 window click I already have a product key (assuming, of course, you have one; if not, purchase one).
Enter your product key and wait for a second. If it's correct, you will see a message saying "Your key works. Continue when you're ready". If it's not correct, you'll
see a message saying "This key won't work.
Check it and try again, or try a different key".
..
Accept the license terms and click Add features. The progress bar should move around for a few mo- ments.
..
Check to see that you have the right edition by looking at the computer properties.
Done.
Further Information:
http://windows.microsoft.com/en-us/windows-8/feature-packs
Get more from Windows 8.1
If your PC is running Windows 8.1, you can get Windows 8.1 Pro Pack and enjoy all the features of Windows 8.1 Pro as well as Windows Media Center.
...
3. Tap or click Add features to Windows 8.1 and then do one of the following:
If you need to purchase a product key, tap or click I want to buy a product key online.
Follow the steps to purchase and enter a product key.
If you already have a product key, tap or click I already have a product key.
4. Enter your product key and click Next.
5. Read the license terms, select the check box to accept the license terms, and then click Add features.
QUESTION 89
You are a system administrator for your company.
The company has satellite offices located within different regions around the world and does not want employees to rely on carrying computers around when they
visit the satellite offices. The company is deploying Windows To Go as a solution.
You need to ensure that the company has the proper configuration for Windows To Go before deploying the solution.
Which configuration should you use?
A. a Windows To Go server that provides the use of a network boot and can provide files to run the operating system
B. at least one USB 2.0 port on the host PC
C. a second partition to run Windows To Go with a minimum of a DVD-RW to write Windows To Go data
D. a 20GB or greater SSD used as a secondary drive
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: http://technet.microsoft.com/en-us/windows/jj874386.aspx
Explanation:
http://technet.microsoft.com/en-us/windows/jj874386.aspx
Using Windows To Go
Windows To Go is not a late-night drive-through offering at the local Microsoft Store. Rather, it's a feature in the Windows 8 Enterprise operating system that allows
you to start a Windows 8 image (a Windows To Go workspace) from an external USB drive. You can start a Windows To Go workspace on most computers that
meet the Windows 7 or Windows 8 certification requirements, regardless of the operating system currently running on them.
QUESTION 90
You are a domain administrator for your company.
Since the company's Windows 8.1 desktop computers are not backed up regularly, the company wants to enable folder redirection in order to move data from local
desktops to network storage.
You need to configure folder redirection on the domain so all existing desktops and any new desktops automatically apply the folder redirection settings.
What should you do?
A.
B.
C.
D.
Create a new Group Policy Object (GPO) and configure the folder redirection options to meet your company's requirements.
In computer management, create a task that is labeled Folder Redirection. Allow Folder Redirection to the specified path at named intervals.
Map a network drive from each local desktop, right-click Properties, and choose Folder Redirection with proper settings.
Sync your offline folder to the network location to ensure that backups are completed on the network.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference:http://msdn.microsoft.com/en-us/library/cc786749(v=ws.10).aspx User settings and user files are typically stored in the local user profile, under the Users
folder. The files in local user profiles can be accessed only from the current computer, which makes it difficult for users who use more than one computer to work
with their data and synchronize settings between multiple computers. Two technologies exist to address this problem: Roaming Profiles and Folder Redirection.
Both technologies have their advantages, and they can be used separately or together to create a seamless user experience from one computer to another. They
also provide additional options for administrators managing user data.
Folder Redirection lets administrators redirect the path of a folder to a new location. The location can be a folder on the local computer or a directory on a network
file share. Users can work with documents on a server as if the documents were based on a local drive. The documents in the folder are available to the user from
any computer on the network. Folder Redirection is located under Windows Settings in the console tree when you edit domain-based Group Policy by using the
Group Policy Management Console (GPMC). The path is [Group Policy Object Name]\User Configuration\Policies\Windows Settings\Folder Redirection
QUESTION 91
A company has Windows 8.1 client computers.
One computer named Computer1 will be used to centralize event logs from other client computers.
You need to configure Computer1 to collect events from other client computers,
What should you do?
A.
B.
C.
D.
Run the New-EventLogcmdlet.
Create a source-computer-initiated subscription.
Run the Get-EventLogcmdlet.
Create a collector-initiated subscription.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb513652%28v=vs.85%29.aspx Creating a Collector Initiated Subscription
You can subscribe to receive events on a local computer (the event collector) that are forwarded from remote computers (the event sources) by using a collectorinitiated subscription. In a collector-initiated subscription, the subscription must contain a list of all the event sources. Before a collector computer can subscribe to
events and a remote event source can forward events, both computers must be configured for event collecting and forwarding.
Further Information:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973%28v=vs.85%29.aspx Setting up a Source Initiated Subscription
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple
remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated
subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
http://technet.microsoft.com/en-us/library/hh849768.aspx
New-EventLog
This cmdlet creates a new classic event log on a local or remote computer. It can also register an event source that writes to the new log or to an existing log.
The cmdlets that contain the EventLog noun (the Event log cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log
technology in Windows Vista and later versions of Windows, use Get-WinEvent.
http://technet.microsoft.com/en-us/library/hh849834.aspx
Get-EventLog
The Get-EventLog cmdlet gets events and event logs on the local and remote computers. Use the parameters of Get-EventLog to search for events by using their
property values. Get-EventLog gets only the events that match all of the specified property values. The cmdlets that contain the EventLog noun (the EventLog
cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use
Get-WinEvent.
QUESTION 92
A company has Windows 8.1 client computers.
One computer named Computer1 will be used to centralize event logs from other client computers. You configure a Group Policy Object (GPO) that pushes event
logs to Computer1.
You need to configure Computer1 to receive the event logs.
What should you do?
A.
B.
C.
D.
Create a collector-initiated subscription.
Run the New-EventLogcmdlet.
Run the Get-EventLogcmdlet.
Create a source-computer-initiated subscription.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973%28v=vs.85%29.aspx Setting up a Source Initiated Subscription
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple
remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated
subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
Further Information:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb513652%28v=vs.85%29.aspx Creating a Collector Initiated Subscription
You can subscribe to receive events on a local computer (the event collector) that are forwarded from remote computers (the event sources) by using a collectorinitiated subscription. In a collector-initiated subscription, the subscription must contain a list of all the event sources. Before a collector computer can subscribe to
events and a remote event source can forward events, both computers must be configured for event collecting and forwarding.
http://technet.microsoft.com/en-us/library/hh849768.aspx
New-EventLog
This cmdlet creates a new classic event log on a local or remote computer. It can also register an event source that writes to the new log or to an existing log.
The cmdlets that contain the EventLog noun (the Event log cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log
technology in Windows Vista and later versions of Windows, use Get-WinEvent.
http://technet.microsoft.com/en-us/library/hh849834.aspx
Get-EventLog
The Get-EventLog cmdlet gets events and event logs on the local and remote computers. Use the parameters of Get-EventLog to search for events by using their
property values. Get-EventLog gets only the events that match all of the specified property values. The cmdlets that contain the EventLog noun (the EventLog
cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use
Get-WinEvent.
QUESTION 93
You manage Windows 7 and Windows 8.1 client computers that run.
You are configuring Windows updates for all client computers.
You have the following requirements:
Ensure that all client computers check for updates twice a day, Install all critical and available updates, including updates that require a restart, each day.
If critical updates are installed, restart client computers at 11:00 P.M. You need to configure local Group Policy settings to meet the requirements.
Which three actions should you perform? (Each answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
Enable the Reschedule Automatic Updates scheduled installations policy setting.
Configure the Automatic Maintenance Activation Boundary policy setting.
Enable the Specify intranet Microsoft update service location policy setting.
Configure the Automatic Updates detection frequency policy setting.
Enable the Configure Automatic Updates policy setting for automatic download and scheduled installation.
Correct Answer: ABD
Section: (none)
Explanation
Explanation/Reference:
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours
specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20 hour detection frequency, all clients to which
this policy is applied will check for updates anywhere between 16 and 20 hours
Reference: Configure Group Policy Settings for Automatic Updates
QUESTION 94
You are the desktop administrator for a medium-sized company.
You are rolling out new Windows 8.1 computers to your employees. You configure one of the computers so that it has the devices and settings the employees need
for testing purposes.
You need to ensure that the hardware devices are operating properly.
Which tool should you use?
A.
B.
C.
D.
eventvwr.exe
Mmcdevmgmt.msc
sigverif.exe
Driverquery /si
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc754081.aspx
Open Device Manager
..
mmc devmgmt.msc
http://windows.microsoft.com/en-us/windows-vista/get-help-with-device-manager-errors Get help with Device Manager errors
Device Manager helps you determine which hardware devices are installed on your computer, and whether or not they are working properly. If one of your devices
is not working properly, an error icon will appear next to the name of the device. If Device Manager cannot identify the device, it will label it an unknown device.
An error icon appears next to any device that is not working properly. In this example, a biometric co- processor (fingerprint reader) is not functioning.
When a device is not working properly, Device Manager will also usually display an error message with an accompanying error code. There are many different
Device Manager error codes.
Further Information:
http://technet.microsoft.com/en-us/library/cc785425%28v=ws.10%29.aspx Event Viewer
With Event Viewer, you can monitor events recorded in event logs. Typically a computer stores the Appli- cation, Security, and System logs. It could also contain
other logs, depending on the computer's role and the applications installed.
http://support.microsoft.com/kb/308514
How To Verify Unsigned Device Drivers in Windows XP
This step-by-step article describes how you can use the Windows XP Signature Verification tool (Sigverif.exe) to find unsigned drivers and verify device drivers in
Windows XP. This information can be helpful for troubleshooting system instability, error messages, boot problems, and so on.
http://technet.microsoft.com/en-us/library/bb490896.aspx
Driverquery
Displays a list of all installed device drivers and their properties.
QUESTION 95
You administer Windows 8.1 computers in your company network, including a computer named Client.
You need to prevent users of Client1 from running applications that are stored on removable storage devices.
What should you do?
A.
B.
C.
D.
Set Local Computer Policy: Removable Disks to Deny write access to Enabled.
Set Local User Policy: Removable Storage Access to Removable Disks: Deny read access to Enabled.
Set Local User Policy: Removable Storage Access to Removable Disks: Deny write access to Enabled.
Set Local Computer Policy: Removable Storage Access to Removable Disks: Deny execute access to Enabled.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Further Information:
http://www.grouppolicy.biz/2012/01/how-to-use-group-policy-to-deny-executing-writing-andor-reading-on- removable-disks/
How to use Group Policy to deny executing, writing and/or reading on removable disks
QUESTION 96
A company has Windows 8.1 client computers. The company develops a Windows Store app but does not publish it to the Windows Store.
You need to side load the Windows Store app on all client computers.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Run the get-appxpackage Windows PowerShell cmdlet.
Run the add-appxpackage Windows PowerShell cmdlet.
Enable the Allow all trusted applications to install Group Policy setting.
Enable the Allow installation of desktop items Group Policy setting.
Run the msiexec command.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh856048.aspx
Add-AppxPackage
The Add-AppxPackage cmdlet adds a signed app package (.appx) to a user account. Use the Dependen- cyPath parameter to add all other packages that are
required for the installation of the app package. You can use the Register parameter to install from a folder of unpackaged files during development of Windows®
Store apps.
To update an already installed package, the new package must have the same package family name.
http://technet.microsoft.com/en-US/windows/jj874388.aspx
Try It Out: Sideload Windows Store Apps
By now, you are familiar with Windows Store apps. There are some pretty cool ones available in the store, and publishers are adding more every week. A great
thing about Windows Store apps is they are super simple to install (and uninstall). But what about line of business (LOB) apps? You probably do not want to publish
them through the Windows Store since that would make them publically available. Instead, you can sideload LOB apps. Sideloading simply means installing a
Windows Store app without publishing it in and downloading it from the store. You install it directly.
..
Verify the Requirements
There are a small number of requirements computers must meet to sideload Windows Store apps on them. We will start with computers running Windows 8
Enterprise:
The computer running Windows 8 Enterprise must be joined to the domain. You must enable the "Allow all trusted apps to install" Group Policy setting. The app
must be signed by a \ certificate that is chained to a trusted root certificate.
...
Further Information:
http://technet.microsoft.com/en-us/library/hh856044.aspx
Get-AppxPackage
The Get-AppxPackage cmdlet gets a list of the app packages (.appx) that are installed in a user profile. To get the list of packages for a user profile other than the
profile for the current user, you must run this command by using administrator permissions.
http://www.advancedinstaller.com/user-guide/msiexec.html
Msiexec.exe Command Line
The Windows Installer technology uses Msiexec.exe for installing MSI and MSP packages.
QUESTION 97
You are a system administrator for a local accounting firm. Your company uses Windows 8.1 Pro desktop computers. All computers have a secondary D: drive.
You want to enable File History for all your users. You create the folder structure
D:\Backup\File History on all user computers. You launch the File History application and verify that it is turned on, Next, you click Select drive in Configure File
History Settings. However, under Copy Files to: you get the message, "No usable drives were found."
You need to successfully configure file history.
What should you do?
A.
B.
C.
D.
Verify that your local drive has enough free space.
Share the File History folder.
Grant NTFS rights to the File History folder.
Use a network drive for file history.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/set-drive-file-history Set up a drive for File History
Before you start using File History to back up your files, you need to first select where your backups are saved. You can select an externally connected drive, such
as a USB drive, or you can save to a drive on a network. There are other choices, but these two provide the best options to help protect your files against a crash or
other PC problems.
QUESTION 98
You use a Windows 8.1 Pro computer. You turn on File History and install several applications.
The computer becomes slow and unresponsive.
You need to restore the computer to its default settings, You also need to keep your personal files stored on the computer.
What should you do?
A.
B.
C.
D.
Run Refresh your PC.
Run the Clear-Content PowerShell crndlet.
Restore files from File History.
Run Reset your PC.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Refreshing your PC reinstalls Windows and keeps your personal files and settings. It also keeps the apps that came with your PC and the apps you installed from
the Windows Store. Resetting your PC reinstalls Windows but deletes your files, settings, and apps--except for the apps that came with your PC. Restor- ing your
PC is a way to undo recent system changes you've made.
QUESTION 99
A company has an Active Directory Domain Services domain named contoso.com. The domain contains two sites that are named SiteA and SiteB. The company
uses Windows 8.1 Pro laptop computers. The computer account objects are located in an Organizational Unit (OU) named Laptops.
The company plans to deploy a wireless network infrastructure. You need to preconfigure all laptop computers with the wireless network access information by
using a Group Policy Object (GPO).
What should you do?
A.
B.
C.
D.
Create and link a GPO to a group containing all laptop computers. Edit the GPO and configure a Wireless Network Policy.
Create and link a GPO to the Laptops OU. Edit the GPO and configure a Wireless Network Policy.
Create and link a GPO to a SiteA. Edit the GPO and configure a Wireless Network Policy.
Create and link a GPO to a SiteB. Edit the GPO and configure a Wireless Network Policy,
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/magazine/gg266419.aspx
Using Group Policy to Configure Wireless Network Settings
In an Active Directory Domain Services (AD DS) environment, you can use Group Policy settings to configure wireless network policies. (Note that you should
have Windows Server 2003 SP1 or later installed on your domain controllers.)
http://technet.microsoft.com/en-us/library/cc738954%28v=ws.10%29.aspx Link a Group Policy object to a site, domain, or organizational unit
Do one of the following:
1.
* To link to a domain or an organizational unit, open Active Directory Users and Computers.
* To link to a site, open Active Directory Sites and Services. In the console tree, right-click the site, domain, or organizational unit to which you want the Group Pol2.
icy object to be linked.
Click Properties, and then click the Group Policy tab.
3.
To add the Group Policy object to the Group Policy Object Links list, click Add. This opens the Add a 4.
Group Policy Object Link dialog box.
Click the All tab, click the Group Policy object that you want, and then click OK.
5.
In the properties dialog box for the site, domain, or organizational unit, click OK.
6.
QUESTION 100
You are the network administrator for Contoso, Ltd. Many users have Windows 8.1 laptops, and your IT department configures all of them to use BitLocker on all
fixed drives.
Many users carry sensitive corporate data on their USB drives.
You need to enable BitLocker for these USB drives.
Which key protector option should you use?
A. A password
B. A startup key
C. A.tpm file
D. TPM
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/magazine/ff404223.aspx
Enable BitLocker on USB Flash Drives to Protect Data
Encrypting USB flash drives protects the data stored on the volume. Any USB flash drive formatted with FAT, FAT32, or NTFS can be encrypted with BitLocker.
..
To enable BitLocker encryption on a USB flash drive, do the following:
..
3. On the Choose How You Want To Unlock This Drive page, choose one or more for the following options, and then click Next:
Use A Password To Unlock This Drive Select this option if you want the user to be prompted for a password to unlock the drive. Passwords allow a drive to be
unlocked in any location and to be shared with other people.
Use My Smart Card To Unlock The Drive Select this option if you want the user to use a smart card and enter the smart card PIN to unlock the drive. Because this
feature requires a smart card reader, it is normally used to unlock a drive in the workplace and not for drives that might be used outside the workplace.
4. On the How Do You Want To Store Your Recovery Key page, click Save The Recovery Key To A File.
...
QUESTION 101
You are the desktop administrator for your company, which uses Windows 8.1 computers.
The company decides to use virtual disks at your location so the programmers can build and test applications in a closed network.
You need to use the file given as a virtual hard disk and be able to boot to the vhd.
What should you do?
A.
B.
C.
D.
Copy the vhd file to the root of C;\ run bcdedit and add an entry to the boot options that includes the path to the vhd.
Attach the vhd in computer management and add it to the Boot Menu.
Copy the vhdfile to the root of C:\, open msconfig, and choose Safe Boot and Alternate Shell.
Move the vhd file to a network share, map the network share, and allow a network boot.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/hh825709.aspx http://technet.microsoft.com/en-us/library/hh825709.aspx
QUESTION 102
A company has an Active Directory Domain Services (AD DS) domain with Windows 8.1 client computers.
Internet Explorer does not display warning messages to some users when public websites install software or run other installed applications on the client computers.
You need to configure Internet Explorer to always display warning messages about websites that attempt to install software or run applications.
What should you do?
A.
B.
C.
D.
Enable the Turn on Protected Mode Group Policy setting.
Enable the Automatic prompting for file downloads Group Policy setting.
Disable the Allow software to run or install even if the signature is invalid Group Policy setting.
Disable the Launching applications and files in an IFRAME Group Policy setting,
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-vista/what-does-internet-explorer-protected-mode-do What does Internet Explorer protected mode do?
Internet Explorer's protected mode is a feature that makes it more difficult for malicious software to be installed on your computer.
In addition to helping protect your computer from malicious software, protected mode allows you to install wanted ActiveX controls or add-ons when you are logged
in as an administrator.
..
In addition to warning you when webpages try to install software, Internet Explorer will warn you when webpages try to run certain software programs. You are
warned when a software program would run outside of Internet Explorer and outside of protected mode, because that program might have more access to your
computer than you prefer. This usually happens when a website is using an add-on to run a software program on your computer.
http://technet.microsoft.com/en-us/library/cc985351.aspx
Group Policy and Internet Explorer 8
Policy name:
Turn on Protected Mode
Policy path
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Further Information:
http://www.sevenforums.com/tutorials/63141-internet-explorer-protected-mode-turn-off.html Internet Explorer Protected Mode - Turn On or Off
Protected mode in IE7, IE8, IE9, IE10, and IE11 is a feature that makes it more difficult for malicious software to be installed on your computer.
In addition to helping protect your computer from malicious software, protected mode allows you to install wanted ActiveX controls or add-ons when you are logged
in as an administrator.
QUESTION 103
You are the network administrator for Contoso.com and are creating an image for a Windows 8.1 implementation for all of your users.
You find out that an application your company has used for many years is not compatible with Windows 8.1. It has always worked on your Vista computers with
SP2. The application requires administrator privileges.
You need to configure the correct settings so that the application can run on Windows 8.1.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Using the Application Compatibility toolkit run the Windows Vista Compatibility Evaluator for Windows 8.1, and select the Service Pack 2 option.
Modify the User Account Control Settings by adjusting the slider to Never Notify.
Assign the application to Run as administrator on the Security tab of the application executable file properties.
Using the Compatibility Troubleshooter, check Run this application in compatibility mode for and select Vista (Service Pack 2).
Select Run this program as an administrator in the Compatibility Troubleshooter.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/older-programs-compatible-version-windows Make older programs compatible with this version of Windows
Most programs created for earlier versions of Windows will work in this version of Windows, but some older programs might run poorly or not at all. You can run the
Program Compatibility Troubleshooter on most programs to detect and fix common compatibility problems.
..
Change compatibility settings manually
..
Compatibility mode
Runs the program using settings from a previous version of Windows. Try this setting if you know the program is designed for (or worked in) a specific version of
Windows.
..
Run this program as an administrator.
Some programs require administrator privileges to run properly. If you aren't signed in to your PC as an administrator, this option is unavailable.
...
Further Information:
http://technet.microsoft.com/en-us/library/hh825181.aspx
Application Compatibility Toolkit (ACT) Technical Reference
The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible
with versions of the Windows® operating system. By using ACT, you can obtain compatibility information from Microsoft and software vendors, identify
compatibility issues within your own organization, and share compatibility ratings with other ACT users. The tools in ACT help you analyze and mitigate compatibility
issues before you deploy a version of Windows to your organization.
QUESTION 104
You provide IT support for a small business.
A member of the team needs the ability to use Remote Desktop and VPN to access a desktop computer from a laptop when traveling. This desktop computer is
running Windows 8.1 Pro, while the laptop is running Windows 7 Professional.
You need to set up a secure Remote Desktop connection on the desktop computer.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Require Network Level Authentication.
Allow remote connections.
Disable Remote Assistance connections.
Make the user account a standard user.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows/remote-desktop-connection-faq#1TC=windows-8 Remote Desktop Connection: frequently asked questions
...
There are two remote settings options:
Don't allow remote connections to this computer. This will prevent anyone from connecting to your PC remotely.
Allow remote connections to this computer. This will allow remote connections on your PC.
If you know that the people who will connect to your PC are running Windows 7, Windows 8, or Windows 8.1 on their PCs, check the Allow connections only from
computers running Remote Desk- top with Network Level Authentication (recommended) box. These versions of Windows use Network Level Authentication, which
is an authentication method that completes before you establish a full connection and the sign-in screen appears. This can help protect the remote PC from hackers
and malware.
http://technet.microsoft.com/en-us/library/cc732713.aspx
Configure Network Level Authentication for Remote Desktop Services Connections
Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated
to the RD Session Host server before a session is created.
Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more
secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:
It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting
a full remote desktop connection as in previous versions.
It can help provide better security by reducing the risk of denial-of-service attacks.
To use Network Level Authentication, you must meet the following requirements:
The client computer must be using at least Remote Desktop Connection 6.0. The client computer must be using an operating system, such as Windows 7,
Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol. The RD Session Host server must
be running Windows Server 2008 R2 or Windows Server 2008.
QUESTION 105
You provide tech support for a small home business. One of its Windows 8.1 computers is having occasional problems opening and saving files. You suspect that
there is a problem with the hard drive but need to verify that it is not just a problem with one of the three volumes on the disk.
You start diskpart and set the focus to disk 0,
You need to obtain the properties of the hard disk as well as the health status of the volumes that reside on it.
Which command should you run next?
A. List partition
B. Detail volume
C. Detail disk
D. Attributes volume
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference:http://msdn.microsoft.com/en-us/library/ff794606(v=winembedded.60).aspx
Explanation:
http://technet.microsoft.com/en-us/library/bb490893.aspx
DiskPart
DiskPart.exe is a text-mode command interpreter that enables you to manage objects (disks, partitions, or volumes) by using scripts or direct input from a
command prompt. Before you can use DiskPart.exe commands on a disk, partition, or volume, you must first list and then select the object to give it focus. When
an object has focus, any DiskPart.exe commands that you type act on that object.
You can list the available objects and determine an object's number or drive letter by using the list disk, list volume, and list partition commands. The list disk and
list volume commands display all disks and volumes on the computer. However, the list partition command only displays partitions on the disk that has focus.
When you use the list commands, an asterisk (*) appears next to the object with focus. You select an object by its number or drive letter, such as disk 0, partition 1,
volume 3, or volume C.
When you select an object, the focus remains on that object until you select a different object. For example, if the focus is set on disk 0, and you select volume 8
on disk 2, the focus shifts from disk 0 to disk 2, volume 8. Some commands automatically change the focus. For example, when you create a new partition, the
focus automatically switches to the new partition.
You can only give focus to a partition on the selected disk. When a partition has focus, the related volume (if any) also has focus. When a volume has focus, the
related disk and partition also have focus if the volume maps to a single specific partition. If this is not the case, then focus on the disk and partition is lost.
DiskPart commands
...
list partition
Displays the partitions listed in the partition table of the current disk. On dynamic disks, these partitions may not correspond to the dynamic volumes on the disk.
This discrepancy occurs because dynamic disks contain entries in the partition table for the system volume or boot volume (if present on the disk) and a partition
that occupies the remainder of the disk in order to reserve the space for use by dynamic volumes.
..
detail volume
Displays the disks on which the current volume resides.
..
detail disk
Displays the properties of the selected disk and the volumes on that disk.
..
QUESTION 106
You are the system administrator for Contoso, Ltd.
The human resource director's Windows 8.1 computer crashes at login this morning. After powering off and restarting the computer, you successfully boot it, and
the human resource director is able to log in. Later in the day, the director reports that the computer is still not functioning properly. Apps are opening extremely
slowly, and the computer locks up for minutes at a time. You have not taken any disaster recovery steps prior to this problem. You decide to recover the computer's
operating system.
You need to ensure that the recovery does not affect the human resource director's current data, personalization settings, and windows store apps.
Which utility should you use?
A.
B.
C.
D.
Refresh PC
Folder Recovery
File Recovery
Recovery Drive
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
QUESTION 107
You are a desktop administrator for your company and are assigned to work with the engineering team.
The hard drive on your top engineer's laptop has failed. You replace it and install Windows 8.1 Enterprise. You learn that the laptop was upgraded from Windows 7
Professional to Windows 8.1 Enterprise a month ago. When the computer was using Windows 7, it had scheduled backups running several times a week using
Backup and Restore, These backups were set to be stored on a network drive, Additionally, two weeks ago, this engineer made a full backup of the data files and
manually copied them to an external hard drive. No defaults in Windows 8.1 were changed.
You need to restore the most recent data.
What should you do?
A. Use Windows 8.1 File History to restore the latest copy of the data.
B. Use Windows File Recovery from the data stored on the network.
C. Restore Windows 7 and reinstall Windows 8.1.
D. Restore the data files form the external hard drive to the hard drive.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
You need the latest backup data files. The data stored on the network location might appear as the most recent but the scheduled backup is not continued when n
upgrading to Windows 8.1. After you upgrade Windows, you will need to set up Windows Backup, even if you had a scheduled backup in the previous version of
Windows. This is because there are several changes to the backup program.
Therefore the most recent files is from the full backup copied to an external hard drive two weeks ago.
Ref: http://windows.microsoft.com/en-ca/windows/back-up-files#1TC=windows-7
QUESTION 108
You administer Windows 8.1 Enterprise computers in your company network. You provide remote employees with a Windows to go workspace.
A remote employee informs you that his workspace requires activation.
http://www.gratisexam.com/
You need to activate the workspace.
What should you do?
A.
B.
C.
D.
Instruct the employee to run the slmgr /upk command from the workspace.
Instruct the employee to connect to the company network from the workspace by using VPN.
Give the employee a Multiple Activation Key (MAK).
Instruct the employee to run Windows Update from the workspace.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj592680.aspx#wtg_faq_roamact Windows To Go: Frequently Asked Questions
..
Do I need to activate Windows To Go every time I roam?
No, Windows To Go requires volume activation; either using the Key Management Service (KMS) server in your organization or using Active Directory based
volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating
the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on
periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote
connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity
interval has passed. In a KMS configuration the activation validity interval is 180 days.
Further Information:
http://technet.microsoft.com/en-us/library/dn502540.aspx
Slmgr.vbs Options for Volume Activation
..
Table 2. Slmgr.vbs command-line options
..
/upk [ActivationID]
This option uninstalls the product key of the current Windows edition. After a restart, the system will be in an Unlicensed state unless a new product key is installed.
Optionally, you can use the [Activation ID] parameter to specify a different installed product. This operation must be run from an elevated command prompt.
QUESTION 109
You are a desktop administrator responsible for migrating Windows Vista computers to Windows 8.164-bit.
Each computer has a 20GB hard drive, 800MHz (x54) processor, and 512 MB of system memory.
You need to upgrade the computers so they can run Windows 8.1, 64-bit,
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Upgrade system memory to 2 GB.
Upgrade system memory to 1 GB.
Add a processor that is 1 Ghz or faster.
Increase the hard drive size to 50 GB.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/system-requirements System requirements
Windows 8.1
If you want to run Windows 8.1 on your PC, here's what it takes:
Processor: 1 gigahertz (GHz) or faster with support for PAE, NX, and SSE2 (more info) RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
Hard disk space: 16 GB (32-bit) or 20 GB (64-bit)
Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
Personal comment:
At first I thought this question was wrong, because I had no knowledge of any x64 bit processor at 800MHz. But here it is:
http://en.wikipedia.org/wiki/List_of_Intel_microprocessors#64-bit_processors:_IA-64 Itanium
Code name Mercer
Family 7
Released May 29, 2001
733 MHz and 800 MHz
2MB cache
All recalled and replaced by Itanium 2
QUESTION 110
A company has Windows 8.1 client computers.
The performance of a client computer decreases. You establish that the computer has been infected by malware.
You need to restore the client computer to full functionality without losing the user's data,
What should you do?
A.
B.
C.
D.
Use the Refresh your PC without affecting your files function.
Start the computer in Safe Mode.
Install the corporate printer and set it as the default printer. Then add the home printer to the homegroup settings.
Use the Remove everything and install Windows function.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
QUESTION 111
You are the PC Support Specialist for Contoso, Ltd. You are configuring Windows 8.1 so that you can create an image. An additional web browser is installed on the
image.
You need to ensure that Internet Explorer 10 for the Desktop is the default web browser.
Which two actions should you perform? (Each correct answer presents a complete solution.
Choose two.)
A.
B.
C.
D.
E.
Tap the tile of another web browser on the Start Menu and tap the Unpin from start option.
On the Security tab of Internet options, click Reset all zones to default level.
Under Set program access and computer defaults, select Default Programs, then choose Microsoft Windows.
In Default Programs, associate the .htm and .html files with Internet Explorer.
Go to Programs and Features in Control Panel and set Internet Explorer as the default application.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 112
You are a desktop administrator for a small company.
You are building a Windows 8.1 image to rollout to all new computers. Your company plans to administer all client computers from a single location.
You need to ensure that you can manage all client computers remotely once they are deployed.
Which action should you perform from the computer you are building the image from?
A.
B.
C.
D.
Run the winrmenumerate command.
Run the Enable-PSRemotingcmdlet.
Run the Set-PSStrictModecmdlet.
Run the New-PSSessionConfigurationFilecmdlet.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh849694.aspx
Enable-PSRemoting
Configures the computer to receive remote commands.
..
You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands.
Because the configuration activates listeners, it is pru- dent to run it only where it is needed.
...
The Enable-PSRemoting cmdlet performs the following operations:
-- Runs the Set-WSManQuickConfig cmdlet, which performs the following tasks:
----- Starts the WinRM service.
----- Sets the startup type on the WinRM service to Automatic. ----- Creates a listener to accept requests on any IP address. ----- Enables a firewall exception for
WS-Management communications. ----- Registers the Microsoft.PowerShell and Microsoft.PowerShell.Workflow session configurations, if it they are not already
registered.
----- Registers the Microsoft.PowerShell32 session configuration on 64-bit computers, if it is not already registered.
----- Enables all session configurations.
----- Changes the security descriptor of all session configurations to allow remote access. ----- Restarts the WinRM service to make the preceding changes
effective.
...
Further Information:
http://technet.microsoft.com/en-us/library/cc781778%28v=ws.10%29.aspx Windows Remote Management Command-Line Tool (Winrm.cmd)
Windows Remote Management (WinRM) uses a new command-line tool, Winrm.cmd, to perform its operations. These operations include Get, Put, Invoke, and
Enumerate.
..
Performing an Enumerate Operation
The WS-Management Enumerate operation returns a collection of objects.
..
http://technet.microsoft.com/en-us/library/hh849712.aspx
New-PSSessionConfigurationFile
Creates a file that defines a session configuration.
QUESTION 113
You are a PC Support Specialist for Fabrikam, Inc.
A user has a Windows 8.1 computer that is reporting corruption errors on the C: drive.
You need to resolve this issue in the least amount of time,
What should you do?
A.
B.
C.
D.
At an elevated command prompt, run fsutil.exe repair enumerate C: Sverify.
At an elevated command prompt, run CHKDSK/SPOTFIX.
At an elevated command prompt, run CHKDSK/I.
At an elevated PowerShell prompt, run Repair-Volume -scan.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference:http://www.tekrevue.com/tip/how-to-scan-fix-hard-drives-with-chkdsk-in-windows-8/ Explanation:
http://blogs.msdn.com/b/b8/archive/2012/05/09/redesigning-chkdsk-and-the-new-ntfs-health-model.aspx Redesigning chkdsk and the new NTFS health model
Key design changes to help improve availability:
..
d. Precise and rapid correction At the user or administrator's convenience, the volume can be taken offline, and the corruptions logged in the previous step can be
fixed. The downtime from this operation, called "Spotfix," takes only seconds, and on Windows Server 8 systems with cluster shared volumes, we've eliminated this
downtime completely.
...
Q) Is a reboot absolutely required to fix non-system volumes? No, but the Action Center generally provides the simplest experience. If you're an advanced user, you
can fix non-system volumes by opening the properties of the drive, or by running chkdsk \scan <volume>: and chkdsk \spotfix <volume>: from the command line.
..
Further Information:
http://technet.microsoft.com/en-us/library/hh848662.aspx
Repair-Volume
Performs repairs on a volume.
Parameters
..
-Scan
Scans the volume.
QUESTION 114
A company has 100 client computers that run various editions of Windows 7. The company plans to upgrade or replace computers so that all client computers run
an edition of Windows 8.1.
The company plans to use the following programs and features on the Windows 8.1 computers:
32-bit and 64-bit software
Desktop apps
Windows Media Player
Storage Spaces
You need to identify the installation or upgrade paths that support the programs and features.
Which three paths meet the requirements? (Each correct answer presents a complete solution.
Choose three.)
A. Purchase hardware with Windows RT pre-installed.
B. Perform a clean installation of Windows RT.
C. Perform a clean installation of Windows 8.1 Pro.
D. Perform a clean installation of Windows 8.1.
E. Upgrade from Windows 7 Enterprise to Windows 8.1 Enterprise.
Correct Answer: CDE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8-1/compare/default.aspx Compare Windows 8.1 Editions
QUESTION 115
You are a desktop engineer for a small company. Your sales associates currently use Windows 7 computers that run Windows XP Mode for a legacy business
application. You are deploying new computers for your sales associates due to life cycle management.
You have the following requirements:
The new computers must run Windows 8.1 and have Hyper-V installed.
The Windows XP Virtual Machines (VM) should be isolated from the host machine on your network and from other VMs.
You need to create a virtual switch to meet these requirements. Which type of switch should you use?
A.
B.
C.
D.
Private switch
External switch
Distributed switch
Internal switch
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows7/install-and-use-windows-xp-mode-in-windows-7 Install and use Windows XP Mode in Windows 7
Using Windows XP Mode, you can run programs that were designed for Windows XP on computers running Windows 7 Professional, Enterprise, or Ultimate
editions. Windows XP Mode isn't supported on Windows 8.
..
How does Windows XP Mode work?
Windows XP Mode works in two ways -- both as a virtual operating system and as a way to open programs within Windows 7. It runs in a separate window on the
Windows 7 desktop, much like a program, except it's a fully-functional, fully-licensed version of Windows XP. In Windows XP Mode, you can access your physical
computer's CD/DVD drive, install programs, save files, and perform other tasks as if you were using a computer running Windows XP.
When you install a program in Windows XP Mode, the program appears in both the Windows XP Mode list of programs and in the Windows 7 list of programs, so
you can open the program directly from Windows 7.
Programs installed in Windows XP Mode in the Windows 7 Start menu
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-2-configure-hardware-and- applications-16/
Virtual switches/ Hyper-V VLAN you can create 3 different types of virtual switches depending the needs of your virtual machines and one single machine can use
multiple virtual NICs that is member of different Virtual Switches.
External This virtual switch binds to the physical network adapter and create a new adapter you can 1.
see in Control Panel\Network and Internet\Network Connections so if a virtual machine needs contact outside the host machine this one is a must.
Internal This virtual switch can be used to connect all virtual machines and the host machine but can- 2.
not go outside that.
Private This virtual switch can only be used by the virtual host 3.
http://technet.microsoft.com/en-us/library/cc816585%28v=ws.10%29.aspx
QUESTION 116
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1. Two computers named COMPUTER1 and
COMPUTER2 are connected to one network switch and joined to the domain. Windows Firewall is turned off on both computers.
You are planning a remote management solution.
You have the following requirements:
Ensure that COMPUTER2 can run remote commands on COMPUTER1.
Test the solution by successfully running a command from COMPUTER2 that executes on COMPUTER1.
You need to select the commands to run on COMPUTER1 and COMPUTER2 to meet the remote management requirements.
Which commands should you run? (To answer, drag the appropriate command or commands to the correct location or locations in the answer area. Commands
may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx
Installation and Configuration for Windows Remote Management
The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
Starts the WinRM service, and sets the service startup type to auto-start.
Configures a listener for the ports that send and receive WS-Management protocol messages using either
HTTP or HTTPS on any IP address.
Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
http://technet.microsoft.com/en-us/library/hh875630.aspx
Winrs
Windows Remote Management allows you to manage and execute programs remotely.
Syntax
winrs [/<parameter>[:<value>]] <command>
Parameters
/r[emote]:<endpoint>
Specifies the target endpoint using a NetBIOS name or the standard connection:
<url>: [<transport>://]<target>[:<port>]
If not specified, /r:localhost is used.
QUESTION 117
A company has a branch office with client computers that run Windows 8.1. Files are saved locally on the client computers and are not backed up regularly.
You need to ensure that you can retrieve previous versions of locally saved files from each client computer.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx
Explanation:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx
What is File History?
File History is a backup application that continuously protects your personal files stored in Libraries, Desktop,
Favorites, and Contacts folders. It periodically (by default every hour) scans the file system for
changes and copies changed files to another location. Every time any of your personal files has changed,
its copy will be stored on a dedicated, external storage device selected by you. Over time, File History
builds a complete history of changes made to any personal file.
...
Requirements
File History requires:
Windows 8 Client operating system
An external storage device with enough storage capacity to store a copy of all user libraries, such as a
USB drive, Network Attached Storage device, or share on another PC in the home network.
QUESTION 118
A computer currently runs a 32-bit version of Windows 7 Ultimate.
You need to deploy a 64-bit version of Windows 8.1 to the computer. The new deployment must
be the only version of Windows on the computer.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://pcsupport.about.com/od/windows-8/ss/windows-8-clean-install-part-1_9.htm
How To Clean Install Windows 8 or 8.1 (Part 1 of 2)
QUESTION 119
Ten client computers run Windows Vista and a custom application. The custom application is
compatible with Windows 8.1.
You purchase 10 new computers that have Windows 8.1 pre-installed. You plan to migrate user
settings and data from the Windows Vista computers to the Windows 8.1 computers. You install
the User State Migration Toolkit (USMT) on a USB flash drive.
You need to ensure that the custom application settings are applied to the Windows 8.1
computers after the migration is complete.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc721992%28v=ws.10%29.aspx
USMT Components
You use ScanState to collect the files and settings from the source computer. You use LoadState to restore
the user state onto the destination computer.
.. USMT Components
ScanState.exe
ScanState scans the source computer, collects the files and settings and creates a store. ScanState
does not modify the source computer. By default, ScanState compresses the files and stores them as
an image file (USMT3.MIG).
LoadState.exe
LoadState migrates the files and settings from the store to the destination computer. LoadState migrates
each file (one by one) from the store to a temporary location on the destination computer — the
files are decompressed (and decrypted if necessary) during this process. Next, LoadState transfers the
file to the correct location, deletes the temporary copy, and begins migrating the next file.
Compression improves performance by reducing network bandwidth usage as well as the required
space in the store. However, for testing purposes, you can choose to turn off compression with /nocompress.
QUESTION 120
You have a computer that runs Windows 8.1, and three unused external disk drives.
You are creating a volume to store picture files.
You have the following requirements:
Use all three external disk drives.
Ensure that the volume is accessible from a single drive
letter.
Ensure data redundancy between the disk drives in the
event of a hardware failure.
You need to create the volume.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://www.eightforums.com/tutorials/4203-storage-spaces-create-new-pool-storage-spacewindows8-a.html
Explanation:
http://www.eightforums.com/tutorials/4203-storage-spaces-create-new-pool-storage-spacewindows-8-a.html
How Create a New Pool and Storage Space in Windows 8
..To Create a New Pool and Storage Space
http://blogs.msdn.com/b/olivnie/archive/2013/02/05/windows-8-storage.aspx
Windows 8: Storage
Storage Spaces
Storage Spaces is a new feature for WindowsR 8 that allows a user to combine several disks into a single
pool of storage that provides for easier management of multiple disks and resiliency against hardware failure
on any of those disks. The disks that you use for Storage Spaces can be a mix of different-sized
disks, and these can be connected to MicrosoftR Windows using both internal and external connections,
making it easy to turn the collection of drives you already have into a safe and easy-to-manage place to
store things like your home videos or photos.
...
The table below describes the different options for resiliency:
QUESTION 121
A local printer named PRINTER1 is shared from a client computer named COMPUTER1 that
run a 32-bit version of Windows 8.1. A workgroup contains client computers that run a 64-bit
version of Windows 8.1.
Computers in the workgroup can't currently print to PRINTER1.
You need to ensure that the workgroup computers can print to PRINTER1.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/library/cc732946.aspx
Update and Manage Printer Drivers
Add drivers for client computers running 32-bit or 64-bit versions of Windows
To support client computers that use different processor architectures than the print server, you must install
additional drivers. For example, if your print server is running a 64-bit version of Windows and you
want to support client computers running 32-bit versions of Windows, you must add x86-based drivers for
each printer.
Further information:
http://www.printmanager.com/cms.php?aid=54&fullpage=1&support=8
Mixing 32 bit and 64 bit Print Server Architectures
..32 bit Print Server with 64 bit Clients:
In the following scenario, we will be covering how to easily allow 64 bit Windows Client to print through
shared print queues on a 32 bit Server.
..1. Download 64 bit Driver:
..2. Open Sharing Properties:
..3. Specify Additional Drivers:
4. Select your 64 Bit Driver:
..5. Test and Print:
...
Personal comment:
Sometimes you may encounter problems when adding 64-bit drivers to 32-bit operating systems. In these
cases, you will need to do this workaround:
1. Obtain the 64-bit driver for PRINTER1.
2. Install the driver on one computer in the workgroup.
3. Add the driver on COMPUTER1.
http://www.pcounter-europe.com/support/kb/844512/
Windows printer configuration in mixed x86 and x64 environments
Problem:
You have an x86 or x64 server and clients of both types who need to print to queues on the server. However,
the server OS will not allow you to install a driver using a different architecture than the server OS
uses - ie. x64 print drivers on an x86 server.
Solution:
You must install the driver, that is using the differing architecture from the server, from a workstation to
the server.
To do this, login to a workstation that uses the differing architecture, download the printer driver you wish
to use on the server. Browse to the printers area on the server from a run dialog box - ie. Start -> Run
-> \\servername\printers.
Once the window is showing the printers on the server, go to File ->Server Properties -> Drivers -> Add.
A window should open up with check boxes for each architecture type supported by the server. Simply
check the appropriate architecture type and click next.
Now you will be looking at the standard driver selection window. Browse to the driver you downloaded
and select the appropriate .INF file.
Notes:
Please note that both x86 and x64 drivers must have the exact same name. "HP LaserJet 2200 PCL 6"
and "HP LaserJet 2200 PCL6" would be regarded as separate printers and the driver would not be correctly
distributed. If they have the same name, they will appear automatically in additional drivers for both
architectures in your printer's sharing properties, and will be distributed accordingly.
QUESTION 122
A desktop computer runs Windows 8.1. The computer is joined to an Active Directory Domain
Services (AD DS) domain named contoso.com.
You have two domain user accounts:
A primary account named User1 that does not have domain administrative
privileges.
An account named Admin1 that has administrative privileges in the
domain.
You are currently logged in as User1. You need to run an application named appl.exe.
You have the following requirements:
Start the application by using your administrative credentials.
Minimize the application load time.
You need to complete the command to meet the requirements.
Which command segments should you use to complete the command? (To answer, drag the
appropriate command segments to the correct locations in the answer area. Command segments
may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc771525.aspx
Runas
Allows a user to run specific tools and programs with different permissions than the user's current logon
provides.
Syntax
runas [{/profile | /noprofile}] [/env] [{/netonly | /savecred}] [/smartcard] [/showtrustlevels] [/trustlevel]
/user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
Parameters
/profile
Loads the user's profile. This is the default. This parameter cannot be used with the /netonly parameter.
/no profile
Specifies that the user's profile is not to be loaded. This allows the application to load more quickly, but
it can also cause a malfunction in some applications.
..
/user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
Specifies the name of the user account under which to run the program, the program name, and the
path to the program file. The user account name format should be <User>@<Domain> or
<Domain>\<UserAccountName>.
QUESTION 123
A company has 50 client computers that run Windows 8.1. Forty client computers are connected
to a secure internal network, and 10 client computers are located in public kiosks.
A new company security policy includes the following requirements:
Visitors can access only kiosk computers.
Employees can access and shut down only internal
computers.
Only administrators can access all computers
remotely.
Only administrators can shut down kiosk
computers.
You need to assign security groups to local security policies to meet the requirements.
What should you do? (To answer, drag the appropriate security group or groups to the correct
location or locations in the answer area. Security groups may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.softheap.com/internet/the-guest-account-and-everyone-group.html
The Guest Account and Everyone Group
Evaluate the need for the Guest account. Most administrators agree that it should be disabled, although
removing it remove the ability of anonymous users to access a system. In some organizations, the Guest
account is very useful. For example, people who don't normally work with computers might need to occasionally
access a system to obtain some information. Factory floor workers might want to look up pension
plan information on a kiosk system in the break room. This is a good use for the Guest account. However,
consider creating a separate domain for these public services where the Guest account is enabled. Alternatively,
use a Web server for this type of system. Note the following: Users who log on as guests can access
any shared folder that the Everyone group has access to (i.e., if the Everyone group has Read permissions
to the Private folder, guests can access it with Read permissions). You don't know who Guest
users are and there is no accountability because all guests log in to the same account. Always disable the
Guest account on networks that are connected to untrusted networks such as the Internet. It provides too
many opportunities for break-ins.
QUESTION 124
A computer currently runs a 64-bit version of Windows 7 Enterprise.
You need to deploy a 64-bit version of Windows 8.1 Pro to the computer. The new deployment
must not affect the Windows 7 installation on the computer.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://lifehacker.com/5840387/how-to-dual+boot-windows-7-and-windows-8-side-by-side
Explanation:
http://winsupersite.com/article/windows8/windows-8-tip-dualboot-windows-7-144111
Windows 8 Tip: Dual-Boot with Windows 7
When it comes to dual-booting between Windows 8 and Windows 7, the advice is the same as always: Install
the older OS first, make room for the second OS, and then install the newer OS.
..Once Windows 7 is installed on the PC, there are two steps to follow to install Windows 8 in a dual-boot
configuration:
1. Partition the disk.
..2. Install Windows 8 using the Custom install type. Now, you can run Windows 8 Setup. You can use optical
disc- or USB-based Setup media, but you must do so by booting the PC from the media. (That is, do
not run Setup from within Windows 7.)
Step through the Windows 8 Setup wizard normally. When you reach the screen that asks, “Which type of
installation do you want?”, Choose “Custom: Install Windows only (advanced).”
QUESTION 125
A client laptop runs Windows 7 Professional and a custom application. The custom application is
compatible with Windows 8.1.
You plan to migrate user settings and data from the client laptop to a new tablet PC that runs
Windows 8.1 Pro. You install the User State Migration Toolkit (USMT) on a USB flash drive.
You need to ensure that the custom application settings are applied to the tablet PC after the
migration is complete.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://www.utilizewindows.com/7/basics/170-migrate-to-windows-7-using-usmt
Explanation:
http://technet.microsoft.com/en-us/library/cc721992%28v=ws.10%29.aspx
USMT Components
You use ScanState to collect the files and settings from the source computer. You use LoadState to restore
the user state onto the destination computer.
..
USMT Components
ScanState.exe
ScanState scans the source computer, collects the files and settings and creates a store. ScanState
does not modify the source computer. By default, ScanState compresses the files and stores them as
an image file (USMT3.MIG).
LoadState.exe
LoadState migrates the files and settings from the store to the destination computer. LoadState migrates
each file (one by one) from the store to a temporary location on the destination computer — the
files are decompressed (and decrypted if necessary) during this process. Next, LoadState transfers the
file to the correct location, deletes the temporary copy, and begins migrating the next file.
Compression improves performance by reducing network bandwidth usage as well as the required
space in the store. However, for testing purposes, you can choose to turn off compression with /nocompress.
QUESTION 126
A desktop computer runs Windows 8.1. The computer is joined to an Active Directory Domain
Services (AD DS) domain named contoso.com.
You have two domain user accounts:
A primary account named User1 that does not have
domain administrative privileges.
An account named Admin1 that has administrative
privileges in the domain.
You are currently logged in as User1. You need to run an application named appl.exe.
You have the following requirements:
Start the application by using your administrative
credentials.
Ensure that the user environment is fully available
to the application.
You need to complete the command to meet the requirements.
Which command segments should you use to complete the command? (To answer, drag the
appropriate command segments to the correct locations in the answer area. Command segments
may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc771525.aspx
Runas
Allows a user to run specific tools and programs with different permissions than the user's current logon
provides.
Syntax
runas [{/profile | /noprofile}] [/env] [{/netonly | /savecred}] [/smartcard] [/showtrustlevels] [/trustlevel]
/user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
Parameters
/profile
Loads the user's profile. This is the default. This parameter cannot be used with the /netonly parameter.
/no profile
Specifies that the user's profile is not to be loaded. This allows the application to load more quickly, but
it can also cause a malfunction in some applications.
..
/user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
Specifies the name of the user account under which to run the program, the program name, and the
path to the program file. The user account name format should be <User>@<Domain> or
<Domain>\<UserAccountName>.
QUESTION 127
You have a computer that runs Windows 8.1, and three unused external disk drives.
You are creating a volume to store picture files. You have the following requirements:
Use all three external disk drives.
Ensure that the volume is accessible from a single
drive letter.
Maximize the available space.
You need to create the volume.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Disk Management tool does not have a setting for disk resiliency.
In Storage Pool select "Simple" (no resiliency): A simple storage space writes one copy of your
data, and doesn’t protect you from drive failures. A simple storage space requires at least one
drive.
Explanation:
http://www.eightforums.com/tutorials/4203-storage-spaces-create-new-pool-storage-spacewindows-8-a.html
How Create a New Pool and Storage Space in Windows 8
..To Create a New Pool and Storage Space
..
http://blogs.msdn.com/b/olivnie/archive/2013/02/05/windows-8-storage.aspx
Windows 8: Storage
Storage Spaces
Storage Spaces is a new feature for WindowsR 8 that allows a user to combine several disks into a single
pool of storage that provides for easier management of multiple disks and resiliency against hardware failure
on any of those disks. The disks that you use for Storage Spaces can be a mix of different-sized
disks, and these can be connected to MicrosoftR Windows using both internal and external connections,
making it easy to turn the collection of drives you already have into a safe and easy-to-manage place to
store things like your home videos or photos.
...
The table below describes the different options for resiliency:
QUESTION 128
A local printer named PRINTER1 is shared from a client computer named COMPUTER1 that
run a 64-bit version of Windows 8.1.
The workgroup contains client computers that run a 32-bit version of Windows 8.1. Computers
in the workgroup can't currently print to PRINTER1.
You need to ensure that the workgroup computers can print to PRINTER1.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
to the answer area and arrange the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/library/cc732946.aspx
Explanation:
http://technet.microsoft.com/library/cc732946.aspx
Update and Manage Printer Drivers
Add drivers for client computers running 32-bit or 64-bit versions of Windows
To support client computers that use different processor architectures than the print server, you must install
additional drivers. For example, if your print server is running a 64-bit version of Windows and you
want to support client computers running 32-bit versions of Windows, you must add x86-based drivers for
each printer.
Further information:
http://www.printmanager.com/cms.php?aid=54&fullpage=1&support=8
Mixing 32 bit and 64 bit Print Server Architectures
..64 bit Print Server with 32 bit Clients:
In the following scenario, we will be covering how to easily allow 32 bit Windows Clients to print through
shared print queues on a 64 Bit Server.
..1. Download 32 bit Driver:
..2. Open Sharing Properties:
..3. Specify Additional Drivers:
..
4. Select your 32 Bit Driver:
..5. Test and Print:
QUESTION 129
A company has an Active Directory Domain Services (AD DS) domain. All client computers run
Windows 8.1. Two computers named COMPUTER1 and COMPUTER2 are connected to one
network switch and joined to the domain. Windows Firewall is turned off on both computers.
You are planning a remote management solution. You have the following requirements:
Ensure that COMPUTER1 can run remote commands on
COMPUTER2.
Test the solution by successfully running a command from
COMPUTER1 that executes on COMPUTER2.
You need to select the commands to run on COMPUTER1 and COMPUTER2 to meet the
remote management requirements.
Which commands should you run? (To answer, drag the appropriate command or commands to
the correct location or locations in the answer area. Commands may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/dd163506.aspx
Explanation:
http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx
Installation and Configuration for Windows Remote Management
The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:
Starts the WinRM service, and sets the service startup type to auto-start.
Configures a listener for the ports that send and receive WS-Management protocol messages using either
HTTP or HTTPS on any IP address.
Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.
http://technet.microsoft.com/en-us/library/hh875630.aspx
Winrs
Windows Remote Management allows you to manage and execute programs remotely.
Syntax
winrs [/<parameter>[:<value>]] <command>
Parameters
/r[emote]:<endpoint>
Specifies the target endpoint using a NetBIOS name or the standard connection:
<url>: [<transport>://]<target>[:<port>]
If not specified, /r:localhost is used.
QUESTION 130
A company has an Active Directory Domain Services (AD DS) domain. All client computers run
Windows 8.1. Some computers have a Trusted Platform Module (TPM) chip. Members of the
ITStaff security group are part of the local Power Users group on each client computer.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker
Drive Encryption on all client computers by using the least amount of privilege necessary.
Which commands should you run? (To answer, drag the appropriate command or commands to
the correct location or locations in the answer area. Commands may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://technet.microsoft.com/en-us/library/ee706521(v=ws.10).aspx
Explanation:
http://technet.microsoft.com/en-US/library/cc754948.aspx
Group Policy Planning and Deployment Guide
..Administrative requirements for Group Policy
To use Group Policy, your organization must be using Active Directory, and the destination desktop and
server computers must be running Windows Server 2008, Windows Vista, Windows Server 2003, or
Windows XP.
By default, only members of the Domain Admins or the Enterprise Admins groups can create and link
GPOs, but you can delegate this task to other users.
..
http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
.. Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives.
..With this policy setting, you can configure whether BitLocker requires additional authentication each time
the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy
setting is applied when you turn on BitLocker.
.. Reference
If you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible
TPM check box. In this mode, a USB drive is required for startup. Key information that is used to encrypt
the drive is stored on the USB drive, which creates a USB key. When the USB key is inserted, access
to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable, you
need to use one of the BitLocker recovery options to access the drive.
...
Further information:
..Enforce drive encryption type on fixed data drives
This policy controls whether fixed data drives utilize Used Space Only encryption or Full encryption. Setting
this policy also causes the BitLocker Setup Wizard to skip the encryption options page so no encryption
selection displays to the user.
QUESTION 131
A company has client computers that run Windows 8.1. All client computers allow incoming
Remote Desktop connections.
You attempt to connect from COMPUTER1 to COMPUTER2 by using Remote Desktop.
Remote Desktop cannot connect to the remote computer. You establish that the firewall settings
on COMPUTER2 have not been set to allow incoming connections.
From COMPUTER1, you need to enable Remote Desktop traffic through Windows Firewall on
COMPUTER2.
Which commands should you run? (To answer, drag the appropriate command or commands to
the correct location or locations in the answer area. Commands may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Ref: http://docs.oseems.com/operatingsystem/windows/firewall-command
Explanation:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
PsExec
PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete
with full interactivity for console applications, without having to manually install client software. PsExec's
most powerful uses include launching interactive command-prompts on remote systems and remote-enabling
tools like IpConfig that otherwise do not have the ability to show information about remote systems.
http://ss64.com/nt/psexec.html
PsExec
Syntax
psexec \\computer[,computer[,..] [options] command [arguments]
http://technet.microsoft.com/en-us/library/cc771046%28v=ws.10%29.aspx
Netsh Commands for Windows Firewall
The Netsh commands for Windows Firewall provide a command-line alternative to the capabilities of the
Windows Firewall Control Panel utility. By using the Netsh firewall commands, you can configure and
view Windows Firewall exceptions and configuration settings.
.. Netsh firewall
The following sections describe each command and its syntax.
..
set service
Enables or disables the pre-defined file and printer sharing, remote administration, remote desktop,
and UPnP exceptions.
Syntax
set service [ type = ] { fileandprint | remoteadmin | remotedesktop | upnp | all } [ [ mode = ] { enable |
disable } ] [ [ scope = ] { all | subnet | custom } ] [ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet
}[,…] ] [ [ profile = ] { current | domain | standard | all } ]
Parameters
[ type = ] { fileandprint | remoteadmin | remotedesktop | upnp | all }
Required. Specifies the service whose pre-defined rules are enabled or disabled. The value must be one
of the following:
fileandprint. The file and printer sharing service.
remoteadmin. The ability to remotely administer a computer running Windows.
remotedesktop. The ability to use a Terminal Services client such as Remote Desktop.
upnp. Universal Plug-and-Play protocol for networked devices.
all. All of the above services.
[ [ mode = ] { enable | disable } ]
Specifies whether this exception is currently applied and active on the local computer. The default
value is enable.
[ [ scope = ] { all | subnet | custom } ]
..
[ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…] ]
..
[ [ profile = ] { current | domain | standard | all } ]
QUESTION 132
You administer Windows 8.1 Pro computers in your company network.
A user informs you that he wants to use a picture password on his computer.
You need to configure a picture password with a custom picture for the user.
Which prerequisites should you comply with for each element in order to configure the required
picture password? (To answer, drag the appropriate prerequisite or prerequisites to the correct
element or elements in the answer area. Each prerequisite may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 133
You administer Windows 8.1 Enterprise (64-bit) computers in your company network. For some
applications, some computers run a 32-bit version of the application, and other computers run a
64-bit version of the application.
You want to distribute a package that contains updates for the 32-bit applications only.
You need to determine if a particular computer is running 32-bit or 64-bit versions of the
applications.
From the Select columns window, which column should you add to Task Manager? (To answer,
select the appropriate column name in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 134
You install Windows 8.1 Enterprise on new laptops that will be shipped to remote users in the
sales department of your company. You create new VPN connections on the laptops.
Your company security policy requires that the maximum allowed network outage time for the
VPN connection should be less than 10 minutes.
You need to configure the required timeout.
Which protocol should you use? (To answer, configure the appropriate option or options in the
answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/dd469724%28v=ws.10%29.aspx
RRAS Server Properties Page - IKEv2 Tab
.. Network outage time (minutes)
Specifies the maximum amount of time, in minutes, that IKEv2 packets are retransmitted without a response
before the connection is considered lost. Higher values support connection persistence through
network outages. The default value is 30 minutes.
..
http://blogs.technet.com/b/sbs/archive/2014/05/19/configuring-vpn-on-windows-server-2012-r2-essentials.aspx
Understanding VPN configuration in Windows Server 2012 R2 Essentials
.. Default Settings of VPN on Windows Server 2012 R2 Essentials
To check the default settings for the VPN, open Routing and Remote Access Manager. Right click server
name, and select Properties.
..The IKEv2 tab consists of the default options to control the IKEv2 client connections and Security Association
expiration.
QUESTION 135
A company has a main office located in Miami, and branch offices in Boston, Los Angeles, and
Portland. The office networks are configured as described in the following table.
A management computer in the main office, named COMPUTER1, runs Windows 8.1 and
several third-party management applications.
You are configuring access to COMPUTER1. You have the following requirements:
Ensure that only users in the Boston office can connect to COMPUTER1
by using HTTP.
Ensure that only users in the Los Angeles office can connect to
COMPUTER1 by using HTTPS.
Ensure that only users in the Portland office can connect to COMPUTER1
by using FTP.
You need to configure access to COMPUTER1.
How should you configure Windows Firewall? (To answer, drag the appropriate elements to the
correct location or locations in the answer area. Elements may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation/Reference:
Seems to be TCP on every answer
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Explanation:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
List of TCP and UDP port numbers
20 TCP UDP FTP data transfer
21 TCP FTP control (command)
80 TCP Hypertext Transfer Protocol (HTTP)
443 TCP Hypertext Transfer Protocol over TLS/SSL (HTTPS)
443 UDP QUIC (from Chromium) for HTTPS
Further Information:
22 TCP UDP Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding
QUESTION 136
A company plans to upgrade its client computer operating systems from Windows 7 to Windows
8.1.
http://www.gratisexam.com/
You need to use the User State Migration Tool (USMT) to configure the migration profile to
exclude all files in the users' Documents folders.
Which command should you run on the client computers before the upgrade? (To answer, drag
the appropriate command elements to the correct location or locations in the answer area. Each
command may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 137
You administer Windows 8.1 computers in your company network. All computers include
Windows 8.1 compatible Trusted Platform Module (TPM).
You configure a computer that will run a credit card processing application.
You need to ensure that the computer requires a user to enter a PIN code when starting the
computer.
Which policy should you configure? (To answer, select the appropriate policy in the answer
area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives.
With this policy setting, you can configure whether BitLocker requires additional authentication each time
the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy
setting is applied when you turn on BitLocker.
..On a computer with a compatible TPM, four types of authentication methods can be used at startup to
provide added protection for encrypted data. When the computer starts, it can use:
only the TPM for authentication
insertion of a USB flash drive containing the startup key
the entry of a 4-digit to 20-digit personal identification number (PIN)
a combination of the PIN and the USB flash drive
There are four options for TPM-enabled computers or devices:
* Configure TPM startup
Allow TPM
Require TPM
Do not allow TPM
* Configure TPM startup PIN
Allow startup PIN with TPM
Require startup PIN with TPM
Do not allow startup PIN with TPM
* Configure TPM startup key
Allow startup key with TPM
Require startup key with TPM
Do not allow startup key with TPM
* Configure TPM startup key and PIN
Allow TPM startup key with PIN
Require startup key and PIN with TPM
Do not allow TPM startup key with PIN
Further information:
http://4sysops.com/archives/active-directory-and-bitlocker-part-3-group-policy-settings/
Active Directory and BitLocker – Part 3: Group Policy settings
...
There are a few things you’ll need to note when configuring these settings in Group Policy for your Active
Directory.
..Second, make sure you get the “Require additional authentication at startup” setting correct under “Operating
system drives.” Make sure that “Allow BitLocker without a compatible TPM” is unchecked and that
you’re not requiring more than one startup option. This is how it should look:
http://4sysops.com/archives/bitlocker-group-policy-changes-in-windows-8/
BitLocker Group Policy changes in Windows 8
“Allow Secure Boot for integrity validation” allows you to configure the use of Secure Boot on computers
that have UEFI firmware. More specifically, it lets you disable it since the default is to use Secure Boot
when it is available on a computer. In the event you do disable it, you can configure the “use enhanced
Boot Configuration Data validation profile” to choose specific BCD settings to verify.
Allow Secure Boot for integrity validation
QUESTION 138
A Company has 10 computers that run windows vista. The computers are members of a
workgroup.
The company plans to upgrade the computers to Windows 8.1. You are planning a deployment
strategy.
You need to ensure that users can log on to their existing accounts and access their existing data
after the upgrade.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://winsupersite.com/article/windows8/windows-8-tip-upgrade-windows-vista-144320
Windows 8 Tip: Upgrade from Windows Vista
Continuing a series of tips that examines upgrading from previous versions of Windows to Windows 8, I
take a look at Windows Vista: Which upgrade types are supported, and what can you bring forward from
this version of Windows to Windows 8?
You may recall from previous articles, or from Windows 8 Secrets, that Microsoft has changed the way
they describe the processes by which we move from the one version of Windows to the next. In the past,
we used the following terms to describe the different ways in which you could install Windows:
Clean install, where you install—or reinstall—Windows from scratch.
In-place upgrade, where you upgrade to a newer version of Windows from within the older version, retaining
most of your settings and applications, and all of your documents and other data files.
Migration, by which Setup backs up your settings and/or data first, then clean installs Windows, and then
reapplies your settings and/or data to the new OS.
QUESTION 139
A company has client computers that run Windows XP or Windows Vista.
The company plans to upgrade all client computers to Windows 8.1. You are planning a
deployment strategy.
You need to identify the elements that will be retained after the upgrades.
Which elements will be retained? (To answer, drag the appropriate element or elements to the
correct location or locations in the answer area. Elements may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj203353.aspx
Windows 8 and Windows 8.1 Upgrade Paths
QUESTION 140
A company has an Active Directory Domain Services (AD DS) domain. All client computers run
Windows 8.1. The company has three departments named Accounting, Human Resources (HR),
and Marketing. User account objects are stored in their respective departmental AD security
groups and have full access to shared folders for each department.
A new company policy requires that the following access rules are in place:
Users must have complete access only to their department’s shared
folder.
Accounting department users must be able to change files in the
HR folder.
HR department users must be able to change files in the Marketing
folder.
Marketing department users must be able to change files in the
Accounting folder.
You need to comply with the company policy.
Which permissions should you assign? (To answer, drag the appropriate security group or groups
to the correct location or locations in the answer area. Security groups may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view
content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/bb727008.aspx
File and Folder Permissions
On NTFS volumes, you can set security permissions on files and folders. These permissions grant or
deny access to the files and folders.
..
File and Folder Permissions:
QUESTION 141
You are troubleshooting communication issues on a computer that has Windows 8.1 Enterprise
installed.
The relevant portion of the computer configuration is displayed in the exhibit. (Click the Exhibit
button.)
You need to find the Windows Firewall service startup and shutdown events.
In the Event Viewer, which event log should you select? (To answer, select the appropriate log in
the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Further Information:
QUESTION 142
You are preparing to deploy a new computer that runs Windows 8.1. You plan to copy the user's
data from his current computer to the new computer.
You need to generate a list of data that will be copied from his existing computer to the new
computer.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Note:
To use the Windows Easy Transfer feature, you must be an Administrator on both Windows 8.1-based
computers.
(box 1)
To transfer files and settings from your local computer to the domain-joined computer, follow these
steps:
1. Save files and settings on the local computer. To do this, follow these steps:
1. On the Start screen, type Windows Easy Transfer, and then click Windows Easy Transfer from the
results.
2. On the Welcome to Windows Easy Transfer page, click Next.
3. Select An external hard disk or USB flash Drive, and then plug in the external storage drive.
4. Select This is my old PC. Windows Easy Transfer will scan all user profiles and data on the computer.
5. To select what to transfer, click Customize, and then click Advanced to change your selections. After
you make your selections, click Save.
6. Click Next.
7. Enter the password, and then click Save to save the Easy Transfer file to the external storage drive.
8. Click Next two times, and then click Close to close the Windows Easy Transfer wizard.
(box 2, Box 3)
2. Import files and settings on the domain-joined computer. To do this, follow these steps:
1. On the Start screen, type Windows Easy Transfer, and then click Windows Easy Transfer from the
results.
2. On the Welcome to Windows Easy Transfer page, click Next.
3. Select An external hard disk or USB flash Drive.
4. Select This is my new PC.
5. Plug in the external storage drive, and then select Yes.
6. Locate where you saved the Easy Transfer file, and then click Open.
7. Enter the password that you specified in Step 1G, and then click Next.
8. To select what to transfer, click Customize, and then click Advanced to change your selections. After
you make selections, click Save.
Note To map user accounts or to map drives, click Advanced Options.
9. Click Transfer.
10. (box 3) After the transfer finishes, click See what was transferred to view the Windows Easy Transfer
reports. Click See a list of apps you might want to install on your new PC to see the programs that are
installed on your old computer.
11. Click Close to close the Windows Easy Transfer wizard.
12. Restart the computer.
To install Windows 8.1 apps on the domain-joined computer, follow these steps:
1. On the Start screen, click Store.
2. Click the apps that you want to install, and then click Install.
Reference: How to use Windows Easy Transfer to transfer files and settings in Windows 8.1
QUESTION 143
A company has Windows 8.1 client computers. All computers have the same hardware and
software installed.
The Development and Sales departments have different backup requirements. The requirements
are described in the following table.
You need to select a backup location for each department.
What should you do? (To answer, drag the appropriate resource to the correct location or
locations in the answer area. Resources may be used once, more than once, or not at all. You
may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://winsupersite.com/windows-8/windows-81-tip-use-system-image-backup
Windows 8.1 Tip: Use System Image Backup
..
In the File History control panel that appears, look in the lower left corner. The option you're looking for is
System Image Backup. Click that, and the familiar Create a System Image wizard appears and you're
good to go.
http://windows.microsoft.com/en-us/windows-8/set-drive-file-history
Set up a drive for File History
Before you start using File History to back up your files, you need to first select where your backups are
saved. You can select an externally connected drive, such as a USB drive, or you can save to a drive on
a network.
QUESTION 144
You administer Windows 8.1 Enterprise computers in your company network.
One of the computers indicates high memory utilization. You open Task Manager on the
computer and discover that a process named Antimalware Service Executable consumes 30% of
available memory.
You need to identify the account that is used to run the process.
In Task Manager, which tab should you select to identify the account? (To answer, select the
appropriate tab in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 145
You administer Windows XP and Windows 7 client computers in your company network. You
add 100 new client computers that have Windows 8.1 Enterprise installed.
You need to migrate user profiles, local groups membership, and network mapped drives to the
new client computers. You download and copy User State Migration Tool (USMT) files to a
network share.
Which three actions should you perform next, in sequence? (To answer, move the appropriate
three actions from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Note:
* / Step One: Plan Your Migration
Modify copies of the Migration.xml and MigDocs.xml files and create custom .xml files, if it is required.
/ Step Two: Collect Files and Settings from the Source Computer
Run scanstate on source computers
/ Step Three: Prepare the Destination Computer and Restore Files and Settings
Run loadstate on the destination computers.
* USMT 5.0 includes three command-line tools:
ScanState.exe version 6.2
LoadState.exe version 6.2
UsmtUtils.exe version 6.2* USMT 5.0 also includes a set of three modifiable .xml files:
MigApp.xml
MigDocs.xml
MigUser.xml
http://technet.microsoft.com/en-us/library/cc766203%28v=ws.10%29.aspx
USMT .xml Files
.. Config.xml
This is an optional file that you can create using the /genconfig option on the ScanState command line.
You should create and modify this file if you want to exclude certain components from the migration. In
addition, you must create and modify this file if you want to exclude any of the operating system settings
that are migrated to computers running Windows Vista (because MigSys.xml is not applicable in that scenario).
This file has a different format than the migration .xml files because it does not contain any migration
rules — it only contains a list of the operating system components, applications, and the user documents
that can be migrated. For an example, see the Sample Config.xml file. For this reason, excluding
components using this file is easier than modifying the migration .xml files because you do not need to be
familiar with the migration rules and syntax. You cannot use wildcard characters in this file.
http://technet.microsoft.com/en-us/library/cc721992%28v=ws.10%29.aspx
USMT Components
You use ScanState to collect the files and settings from the source computer. You use LoadState to restore
the user state onto the destination computer.
.. USMT Components
ScanState.exe
ScanState scans the source computer, collects the files and settings and creates a store. ScanState
does not modify the source computer. By default, ScanState compresses the files and stores them as
an image file (USMT3.MIG).
LoadState.exe
LoadState migrates the files and settings from the store to the destination computer. LoadState migrates
each file (one by one) from the store to a temporary location on the destination computer — the
files are decompressed (and decrypted if necessary) during this process. Next, LoadState transfers the
file to the correct location, deletes the temporary copy, and begins migrating the next file.
Compression improves performance by reducing network bandwidth usage as well as the required
space in the store. However, for testing purposes, you can choose to turn off compression with /nocompress.
QUESTION 146
A company has client computers that run Windows 7. Each employee has two client computers:
one at work and one at home.
The company plans to deploy Windows 8.1 to all client computers. You are planning a
deployment strategy.
You have the following requirements:
Minimize deployment time.
Ensure that the PC Reset and PC Refresh features can be utilized on all
work computers.
You need to plan a deployment strategy that meets the requirements.
What should you do? (To answer, drag the appropriate installation method or methods to the
correct location or locations in the answer area. Methods may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc
How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls
Windows and keeps your personal files and settings. It also keeps the apps that came with your
PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes
your files, settings, and apps — except for the apps that came with your PC. Restoring your PC is a way
to undo recent system changes you've made.
http://technet.microsoft.com/en-us/windows/jj874386.aspx
Using Windows To Go
Windows To Go is not a late-night drive-through offering at the local Microsoft Store. Rather, it’s a feature
in the Windows 8 Enterprise operating system that allows you to start a Windows 8 image (a Windows To
Go workspace) from an external USB drive. You can start a Windows To Go workspace on most computers
that meet the Windows 7 or Windows 8 certification requirements, regardless of the operating system
currently running on them.
Further Information:
http://technet.microsoft.com/en-us/library/jj592685.aspx
Deployment Considerations for Windows To Go
QUESTION 147
You administer Windows 8.1 computers in your company network. The security policies of the
company require that USB storage devices are allowed only if they are protected with
BitlockerTo Go.
You need to prevent users from removing Bitlocker encryption from the USB storage devices.
Which configuration setting should you modify? (To answer, select the appropriate setting in the
answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
.. Control use of BitLocker on removable drives
This policy setting is used to prevent users from turning BitLocker on or off on removable data drives.
.. Configure use of smart cards on fixed data drives
This policy setting is used to require, allow, or deny the use of smart cards with fixed data drives.
.. Deny write access to removable drives not protected by BitLocker
This policy setting is used to require that removable drives are encrypted prior to granting Write access,
and to control whether BitLocker-protected removable drives that were configured in another organization
can be opened with Write access.
.. Configure use of hardware-based encryption for removable data drives
This policy controls how BitLocker reacts to encrypted drives when they are used as removable data
drives. Using hardware-based encryption can improve the performance of drive operations that involve
frequent reading or writing of data to the drive.
..Enforce drive encryption type on removable data drives
This policy controls whether fixed data drives utilize Full encryption or Used Space Only encryption. Setting
this policy also causes the BitLocker Setup Wizard to skip the encryption options page, so no encryption
selection displays to the user.
..Allow access to BitLocker-protected removable data drives from earlier versions of Windows
This policy setting controls access to removable data drives that are using the BitLocker To Go Reader
and whether the BitLocker To Go Reader can be installed on the drive.
.. Configure use of passwords on removable data drives
This policy setting is used to require, allow, or deny the use of passwords with removable data drives.
.. Choose how BitLocker-protected removable drives can be recovered
This policy setting is used to configure recovery methods for removable data drives.
..
Further Information:
QUESTION 148
You administer 100 Windows 8.1 Pro laptops in your company network.
You have a wireless access point that requires 802.1x authentication. Authentication requests are
forwarded to a RADIUS server.
You need to configure the laptops to connect to the wireless access point. Your solution must
ensure that laptops authenticate to the RADIUS server by using stored credentials.
Which three actions should you perform in sequence? (To answer, move the appropriate three
actions from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 149
You are a system administrator for a local construction company. The company uses Windows
8.1 Pro desktop and laptop computers. All desktop computers have a 160 GB disk drive.
You receive a call from a user who needs to a recover an .avi file from file history but discovers
that the file no longer exists. The user reports recently deleting a large PowerPoint presentation
from the hard drive.
The user's File History configuration is displayed in the graphic below:
Use the drop-down menus to select the answer choice that completes each statement Each correct
selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/what-something-goes-wrong-file-history
What if something goes wrong in File History?
.. Note
File History doesn't automatically delete versions of files older than the time interval you choose unless
your drive is getting full and space is needed to back up more recent versions.
..
http://windowssecrets.com/top-story/understanding-windows-8s-file-history/
Understanding Windows 8′s File History
..As noted, File History typically requires a second drive or networked drive to store backup files. If that
drive isn’t available — say, you’re on the go and you’ve disconnected your USB drive — File History will
use a temporary offline cache located on your C: drive.
The Size of offline cache setting controls how much of your C: drive will be used to store temporary backups
if the normal backup drive isn’t available. The cache is normally set to 5 percent of the C: drive’s
space. But you can increase the cache size to as much as 20 percent (see Figure 6).
Figure 6. File History's offline cache size can be set as low as 2 percent and as high as 20 percent of
the C: drive's space.
With the Keep saved versions setting (see Figure 7), you can control how long Windows retains your
backups — from one month to an optimistic “Forever.”
Figure 7. File History's Keep saved versions setting
...
QUESTION 150
You are a system administrator for Contoso, Ltd. You manage a remote site that consists of 50
users. Each user has a Windows 8.1 desktop computer. You grant local admin rights to a small
group of power users that have proven a level of proficiency with Windows 8.1. This group helps
with minor problems as needed.
One of the power users makes configuration changes on a desktop computer. Now the computer
freezes for two minutes during the boot process.
You need to use msconfig to change the boot options to meet the following requirements:
Boot in safe mode
Boot the computer with a minimal set of drivers
Networking enabled
See the splash startup screen
Read drivers as they are loaded
Which three options should you select? (To answer, select the appropriate three options from the
System Configuration Boot tab in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows/using-system-configuration#1TC=windows-8
Using System Configuration (msconfig)
System Configuration (msconfig) is a tool that can help identify problems that might prevent Windows
from starting correctly. Using System Configuration, you can start Windows with common services and
startup apps turned off and then turn them back on, one at a time. If a problem doesn't occur when an
app or service is turned off, but does occur when the service is turned on, then that service could be the
cause of the problem.
..Boot
Shows configuration options for the operating system and advanced debugging settings, including:
Safe boot: Minimal. On startup, opens the Windows graphical user interface (File Explorer) in safe mode
running only critical system services. Networking is disabled.
Safe boot: Alternate shell. On startup, opens the Windows command prompt in safe mode running only
critical system services. Networking and File Explorer are disabled.
Safe boot: Active Directory repair. On startup, opens File Explorer in safe mode running critical system
services and Active Directory.
Safe boot: Network. On startup, opens File Explorer in safe mode running only critical system services.
Networking is enabled.
No GUI boot. Doesn't display the Windows Welcome screen when starting.
Boot log. Stores all information from the startup process in the file %SystemRoot%Ntbtlog.txt.
Base video. On startup, opens File Explorer in minimal VGA mode. This loads standard VGA drivers instead
of video drivers specific to the video hardware on the PC.
OS boot information. Shows driver names as drivers are being loaded during the startup process.
.
QUESTION 151
You are the PC support specialist for Contoso, Ltd.
Your department upgrades your company's laptops to Windows 8.1.
You need to use BitLocker to encrypt the system drives on these laptops. You attempt to encrypt
several laptops but receive an error message shown in the following image:
Use the drop-down menus to select the answer choice that completes each statement. Each
correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
How To Use BitLocker on Drives without TPM
BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista,
but requires a Trusted Platform Module (TPM) on the system. Not all systems include TPM and today we
take a look at how to bypass it so you can use BitLocker.
..What happens if you get this goofy error…and what is a TPM anyway? TPM stands for Trusted Platform
Module which is a microchip in a computer that supports advanced security features. It’s where BitLocker
stores the encryption key. If you have a drive that doesn’t have a compatible TMP then you’ll need to use
the following steps and have a flash drive.
..After the restart you’re prompted to use the startup key on the flash drive every time you start the computer.
Further information:
http://technet.microsoft.com/en-us/library/jj679890.aspx
BitLocker Group Policy Settings
.. Require additional authentication at startup
This policy setting is used to control which unlock options are available for operating system drives.
..With this policy setting, you can configure whether BitLocker requires additional authentication each time
the computer starts and whether you are using BitLocker with a Trusted Platform Module (TPM). This policy
setting is applied when you turn on BitLocker.
QUESTION 152
You have a Windows 8.1 Pro laptop. You set the Power Options so the laptop does not sleep
when plugged in.
When the laptop is not plugged in, it will go to sleep but not always after the same amount of
time. It also wakes itself up seemingly randomly without user intervention.
You need to confirm that the sleep settings are configured when the laptop is functioning on
battery power, and you need to identify what may be causing the machine to wake up or is
preventing it from sleeping.
You run the command Powercfg /devicequery. The configuration is shown in the following
exhibit (Click the Exhibit button.)
You open the Power Options, which are shown in the following exhibit. (Click the Exhibit
button.)
Finally, you run powercfg /request from the command line. The configuration is shown in the
following exhibit. (Click the Exhibit button.)
Consider each of the following statements. Does the information in the three screenshots support
the inference as stated? (Each correct selection is worth one point.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Further Information:
http://technet.microsoft.com/en-us/library/cc748940%28v=ws.10%29.aspx
Powercfg Command-Line Options
You can use the Powercfg.exe tool to control power settings and configure computers to default to Hibernate
or Standby modes.
Powercfg Command-Line Options
powercfg [-l] [-q ] [-x] [-changename] [-duplicatescheme] [-d] [-deletesetting] [-setactive] [-getactivescheme]
[-setacvalueindex] [-setdcvalueindex] [-h] [-a] [-devicequery] [-deviceenablewake] [-devicedisablewake]
[-import] [-export] [-lastwake] [-?] [-aliases] [-setsecuritydescriptor] [-getsecuritydescriptor]
...
-devicequery wake_armed – Lists devices that are currently configured to wake the computer from any
sleep state.
QUESTION 153
A company has Windows 8.1 client computers.
A Windows Server Update Services (WSUS) server has been configured to manage the client computer updates.
You need to configure the client computers to join a WSUS group named Computers and to automatically receive updates from the WSUS server.
Which two Group Policy Object (GPO) settings should you configure? (To answer, select the appropriate two settings from the GPO Editor in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc720539%28v=ws.10%29.aspx
Configure Automatic Updates by Using Group Policy
..Specify Intranet Microsoft Update Service Location
The settings for this policy enable you to configure a WSUS server that Automatic Updates will contact for
updates. You must enable this policy in order for Automatic Updates to download updates from the
WSUS server.
..Enable Client-side Targeting
This policy enables client computers to self-populate computer groups that exist on the WSUS server.
If the status is set to Enabled, the specified computer group information is sent to WSUS, which uses it to
determine which updates should be deployed to this computer. This setting is only capable of indicating to
the WSUS server which group the client computer should use. You must actually create the group on the
WSUS server.
QUESTION 154
Your company is deploying new Windows 8.1 computers.
The company has several departments. Each department requires different hardware
configurations. You need to implement the appropriate hardware.
You have the following requirements:
Finance must have BitLocker To Go.
Operations must have the ability to use tablets and access the Windows Store to
download and run apps.
IT must have the ability to use Hyper-V with Windows 8.1.
Marketing must have the ability to use tablets as well as the snap app
functionality.
What are the minimum hardware requirements to meet each department's needs? (To answer,
drag the appropriate hardware to the correct location or locations in the answer area. Each
answer may be used more than once.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/bitlocker-drive-encryption
BitLocker Drive Encryption
BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data
drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a
removable data drive (such as an external hard drive or USB flash drive).
http://windows.microsoft.com/en-us/windows-8/system-requirements
System requirements
Windows 8.1
..
To use touch, you need a tablet or a monitor that supports multitouch (more info)
To access the Windows Store and to download, run, and snap apps, you need an active Internet connection
and a screen resolution of at least 1024 x 768
...
http://blogs.msdn.com/b/b8/archive/2011/09/07/bringing-hyper-v-to-windows-8.aspx
Bringing Hyper-V to “Windows 8”
.. Hyper-V requires a 64-bit system that has Second Level Address Translation (SLAT). SLAT is a feature
present in the current generation of 64-bit processors by Intel & AMD. You’ll also need a 64-bit version of
Windows 8, and at least 4GB of RAM. Hyper-V does support creation of both 32-bit and 64-bit operating
systems in the VMs.
http://windowsitpro.com/windows-8/q-what-resolution-do-windows-8-metro-ui-and-snap-feature-require
Q: What resolution do the Windows 8 Metro UI and Snap feature require?
..To use the Snap application capability, which allows two Metro applications to appear on the screen at
the same time with one application using up most of the screen and the other giving a summary view, you
need a resolution of 1366x768.
...
QUESTION 155
You are the network administrator for Contoso, Ltd. You want to do a non-interactive
installation of a desktop app named PDFApp on all of your Windows 8.1 computers by using the
Windows Installer.
You create an MSI package named pdfapp.msi and copy it to the E drive of your Windows 8.1
computers by using Group Policy. You plan to use this file to install the desktop app.
You need to write a Windows Installer command line that ensures the users do not see an
interface during the installation. A reboot is not required.
What should you do? (To answer, drag the appropriate command to the correct location in the
command line. Each command may be used only once, more than once, or not at all. You may
need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc759262%28v=ws.10%29.aspx
Msiexec (command-line options)
..
To install or configure a product
Syntax
msiexec /i {Package | ProductCode}
Parameters
/i
Installs or configures a product.
Package
Specifies the name of the Windows Installer package file.
ProductCode
Specifies the globally unique identifier (GUID) of the Windows Installer package.
...
To set the user interface level
Syntax
msiexec /q{n | b | r | f | n+ | b+ | b-}
Parameters
/qn
Displays no user interface.
...
QUESTION 156
You are on a company's desktop support team.
You receive a call from an employee. The employee is having problems installing an old printer
on a Windows 8.1 Pro computer. The employee asks you to look at the driver that is installed and
assess if it is the correct one.
You need to open the device manager remotely.
Which four actions should you perform in sequence? (To answer, move the appropriate four
actions from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc754081.aspx
Open Device Manager
...
To open Computer Management by using the command line
At a command prompt, in the Start Search box, or the Run box, type the command:
mmc compmgmt.msc
..To open Device Manager on a remote computer
1. Open Computer Management using either of the procedures in the previous section.
2. On the Action menu, click Connect to another computer.
3. In the Select Computer dialog box, do one of the following:
* In the Another computer text box, type the name of the computer to access, and then click OK.
* Click Browse, and then click Advanced to find the computer you want. Click OK when you have selected
the correct computer.
If the connection is successful, the name of the computer appears in parentheses next to the Computer
Management label in the upper left.
Note: Access to Device Manager on a remote computer in this manner is "read-only." You cannot make
any changes to devices or their settings.
Further Information:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-3-configure-networkconnectivity15/
...
Modify settings using MMC you can start Computer Management and then go Actions -> Connect to a another
computer …
For some of these settings remote registry service must be enabled and of course permission on the remote
client.
QUESTION 157
You are a consultant traveling out of town. You are carrying a Windows 8.1 Pro laptop that you
use for giving presentations while connected to a projector.
You are concerned about battery life while presenting and need to modify your power settings to
maximize battery life without risking interrupting your presentation.
Which two settings do you need to configure to increase battery life without risking interruption
to your presentation? (To answer, select the appropriate two settings from the Power Options
window in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 158
A company has 10 Windows 8.1 client computers. You purchase a Windows Store app and
install theapp on several computers.
The hard drive of a computer on which the application is installed fails. You reinstall Windows
8.1.
You need to reinstall the Windows Store app on the computer.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/windows-store-install-apps-multiple-pcs
Use your Microsoft account to install apps on multiple PCs
You can use your Microsoft account to sign in to the Windows Store and install your apps on different
PCs.
To install your apps on another PC
1. Sign in to the PC you want to install your apps on using your Microsoft account.
2. On the Start screen, tap or click Store to open the Windows Store.
3. Tap or click Account, and then tap or click My apps.
4. Swipe down on or right-click the apps you want to install, and then tap or click Install.
QUESTION 159
You are planning to upgrade Internet Explorer.
You have the following requirements:
Create a report that identifies which computers are successfully upgraded.
Do not install additional software on the client computers.
You need to design a deployment method that meets the requirements.
What should you do?
A.
B.
C.
D.
Use Windows Server Update Services (WSUS).
Use Internet Explorer Administration Kit (IEAK) and Group Policy.
Use Microsoft System Center Configuration Manager.
Use Microsoft System Center Essentials.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Windows Server Update Services 2.0 and above comprise a repository of update packages from Microsoft. It allows administrators to approve or decline updates
before release, to force updates to install by a given date, and to obtain extensive reports on what updates each machine requires. System administrators can also
configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.). One can also approve updates
for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update. http://en.wikipedia.org/wiki/
Windows_Server_Update_Services
QUESTION 160
Your company has a single Active Directory Domain Services (AD DS) domain with Windows Server 2008 R2 member servers and 1,000 Windows 7 client
computers. You are designing the deployment of a custom application.
You have the following requirements:
The application must be available to only users who need it.
Minimize network traffic during deployment.
You need to design a deployment strategy that meets the requirements.
Which deployment method should you use?
A. Microsoft Application Virtualization (App-V)
B. Microsoft System Center Configuration Manager 2007
C. RemoteApp and Desktop Connections
D. software installation in Group Policy
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/rds/archive/2009/06/08/introducing-remoteapp-and-desktop- connections.aspx
The RemoteApp and Desktop Connections feature offers several benefits:
RemoteApp programs launch from the Start menu just like any other application. Published Remote Desktop connections are included alongside RemoteApp
programs on the Start menu.
Changes to the published connection (such as newly published RemoteApp programs) are automatically reflected on the user's Start menu, without any effort on
the user's part. RemoteApp programs can be easily launched with Windows Search. Users only have to log on once, to create the connection. From that point on,
updates happen with no prompt for user credentials.
RemoteApp and Desktop Connections does not require domain membership for client computers.
RemoteApp and Desktop Connections benefits from new features in Windows Server 2008 R2, such as Personal Desktop assignment or per-user application
filtering. RemoteApp and Desktop Connections is built on standard technologies such as XML and HTTPS, making it possible for developers to build solutions
around it. It also offers APIs that allow the client software to support other types of resources, in addition to RemoteApp programs and Remote Desktop
connections.
QUESTION 161
Your network consists of an Active Directory Domain Services (AD DS) forest with 1,000 client computers that run Windows XP. Nine hundred of the computers are
on the local area network. One hundred computers are portable computers that connect to the main office only once every few months.
You are planning to deploy Windows 7.
You need to generate a report of the software that is installed on all client computers. You need this information as soon as possible.
What should you use?
A.
B.
C.
D.
Microsoft System Center Data Protection Manager
Microsoft Desktop Optimization Pack
Microsoft System Center Essentials
Microsoft System Center Operations Manager
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 162
Your network has client computers that run Windows Vista.
http://www.gratisexam.com/
You are planning to deploy Windows 7.
You need to detect and analyze the compatibility of an application that requires elevated privileges.
What should you do?
A.
B.
C.
D.
Use the Standard User Analyzer (SUA) Wizard.
Run a virtual version of the Setup Analysis Tool (SAT).
Use the Standard User Analyzer (SUA) tool.
Run a stand-alone version of the Setup Analysis Tool (SAT).
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Standard User Analyzer (SUA) tool enables you to test your applications to detect potential compatibility issues due to the User Account Control (UAC) feature.
http://technet.microsoft.com/en-us/library/cc765948(v=ws.10).aspx
QUESTION 163
Your company's network has client computers that run Windows 7. Multiple users share the computers in the shipping department. These computers reside in the
Shipping Computers organizational unit (OU).
The company wants to deploy a new application. The application is not packaged.
You have the following requirements:
Deploy the application to all computers in the shipping department.
Perform the deployment from a central location.
You need to plan the software deployment process to meet the requirements. Which two actions should you include in the process? (Each correct answer presents
part of the solution. Choose two.)
A. Using Microsoft System Center Configuration Manager, create a collection that contains the shipping department computers, and assign the package to the
collection.
B. Create a package by using Microsoft System Center Configuration Manager.
C. Create a Group Policy object (GPO) and add a software installation policy under the Computer Configuration container.
D. In the Group Policy Management Console, link the software installation policy to the Shipping Computers OU.
E. Using Microsoft System Center Configuration Manager, create a collection that contains the shipping department users, and assign the package to the
collection.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
GPO only support MSI & ZAP file type this application is not packaged = non MSI or ZaP file type
QUESTION 164
Your network has client computers that run Windows XP. All users access a custom line-of- business application. The line-of-business application is not compatible
with Windows 7.
You are planning to deploy Windows 7.
You have the following requirements:
The application must run on all client computers.
The application executable must reside on each client computer.
You need to manage application compatibility to meet the requirements.
What should you do?
A.
B.
C.
D.
Install the application on a Remote Desktop Services server.
Install a shim for the application on each client computer.
Virtualize the application by using Microsoft Application Virtualization (App-V).
Install the Windows Compatibility Evaluator on each client computer.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 165
Your company has 1,000 client computers that run Windows XP Professional x64. You are planning to deploy Windows 7 Enterprise x64. The company uses an
application that is incompatible with Windows 7 Enterprise x64.
You have the following requirements:
Provide all users with access to the application.
Deploy and manage the application by using a centralized solution.
You need to design a solution that meets the requirements.
What should you do?
A.
B.
C.
D.
Install the application on all client computers by using Group Policy, and then use the Compatibility tab.
Install the Microsoft Application Virtualization (App-V) client on each client computer, and run the application in offline mode.
Install the Microsoft Enterprise Desktop Virtualization (MED-V) package on each client computer.
Install the Microsoft Application Virtualization (App-V) client on each client computer, and stream the application by using App-V.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 166
Your company has 1,000 Windows XP computers. You plan to migrate these computers to Windows 7.
You need to detect compatibility issues that can occur during the installation and configuration process for a specific application.
Which tool should you use?
A.
B.
C.
D.
Windows Compatibility Evaluator
Setup Analysis Tool
Inventory Collector
Update Compatibility Evaluator
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/pt-pt/library/cc766109(v=ws.10).aspx The Setup Analysis Tool (SAT) automates the running of application installations while monitoring
the actions taken by each application's installer. The standalone version of SAT can monitor any MSI-based installers and third-party installers. However, the Virtual
SAT tool can only monitor MSI-based installers and third-party installers that run unattended.
hints:
You need to detect compatibility issues that can occur during the installation and configuration process for a specific application.
QUESTION 167
Your companys network has client computers that run Windows 7. Multiple users share the computers in the shipping department. These computers reside in the
Shipping Computers organizational unit (OU).
The network design is shown in the following diagram.
You are planning to deploy an application. The application is packaged as a Microsoft Windows Installer package (MSI).
You need to deploy the application only to computers in the shipping department.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Link the software installation policy to the Workstations OU.
Link the software installation policy to the Shipping Computers OU.
Create a new Group Policy object (GPO) and add a software installation policy under the User Configuration container.
Create a new Group Policy object (GPO) and add a software installation policy under the Computer Configuration container.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To specify how and when computers are updated through Group Policy In Group Policy Object Editor, expand Computer Configuration, expand Administrative
Templates, expand Windows Components, and then click Windows Update. In the details pane of Group Policy Object Editor, configure the appropriate policies.
See the following table for examples of the policies you might want to set.. refer to http://technet.microsoft.com/en-us/library/cc708536(v=WS.10).aspx Hints:
Workstations OU = engineering computer OU + finance computer OU + shipphing computer OU
QUESTION 168
Your companys network has client computers that run Windows 7. When a user attempts to log on to the domain from a computer named Client1, she receives the
following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that
account is incorrect. You need to ensure that the user can log on to the domain from Client1.
What should you do?
A.
B.
C.
D.
Disjoin and rejoin Client1 to the domain.
Reset the account password for Client1 through Active Directory Users and Computers.
Add the computer account for Client1 to the Domain Computers Active Directory group.
Reset the account password for the user through Active Directory Users and Computers.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Re-create the computer account, join a workgroup, and then rejoin the domain.
refer to http://support.microsoft.com/kb/810497
QUESTION 169
Your company has two Active Directory Domain Services (AD DS) domains, Domain1 and Domain2. A two-way trust relationship exists between the domains.
Users in both domains can log on to client computers in only their own domains. System logs on the domain controllers display the error message Clock skew too
great when users in Domain1 attempt to log on to client computers in Domain2.
You need to ensure that users can log on to client computers in both domains.
What should you do?
A.
B.
C.
D.
Decrease the Maximum tolerance for computer clock synchronization setting in the default Domain Group Policy object ( GPO ).
Configure the primary domain controller (PDC) emulatorin each domain to synchronize its clock with the same external time source.
Run a startup script that includes Net Time /setsntp on all client computers.
Run a startup script that includes Net Time /querysntp on all client computers.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 170
Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. The design of the organizational units (OUs) and
Group Policy objects (GPOs) is shown in the following diagram.
Multiple computer configuration settings and user configuration settings are defined in the Kiosk Computers GPO.
A security audit indicates that user configuration settings that are defined in the Kiosk Computers GPO are not applied when users log on to client computers that
are in the Kiosk Computers OU.
You need to ensure that the user configuration settings are correctly applied.
What should you do?
A. Enable loopback processing in Merge mode on the Default Domain Policy GPO.
B. Disable the user configuration settings on the Default Domain Policy GPO.
C. Enable loopback processing in Replace mode on the Kiosk Computers GPO.
D. Disable the user configuration settings on the New York Users GPO.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92
QUESTION 171
You have a single Active Directory Domain Services (AD DS) site. All client computers run Windows 7. Users in the marketing department use a custom
application. You create a new Group Policy object (GPO) and link it to the site. Users in the marketing department then report that they are unable to use the
custom application.
You need to ensure that all users in the marketing department are able to use the custom application. You need to ensure that all other users continue to receive
the new GPO.
What should you do?
A. Add marketing users to a domain group. Use security filtering to grant the group the Allow- Read permission and the Allow-Apply Group Policy permission for
the GPO.
B. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the OU.
C. Add marketing users to a domain group. Use security filtering to grant the group the Allow- Read permission and the Deny-Apply Group Policy permission for the
GPO.
D. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the domain.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 172
You use Group Policy to standardize Internet Explorer settings on Windows 7 client computers. Users occasionally change the Internet Explorer settings on
individual client computers.
The company wants to maintain a standard Internet Explorer configuration on all client computers.
You need to ensure that the standard Internet Explorer configuration is in place each time users log on to client computers.
What should you do?
A.
B.
C.
D.
Use Group Policy to disable the Advanced tab of the Internet Explorer Properties dialog box.
Use the Group Policy Update utility to refresh Group Policy.
Enable Internet Explorer Maintenance Policy Processing in Group Policy.
Enable User Group Policy loopback processing mode.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
nternet Explorer Maintenance policy processing
This policy affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer
Maintenance. It overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.
If you enable this policy, you can use the check boxes provided to change the options. Allow processing across a slow network connection updates the policies
even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant
delays.
Do not apply during periodic background processing prevents the system from updating affected policies in the background while the computer is in use.
Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data. Process even if the Group Policy
objects have not changed updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only
when changed.
However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
http://technet.microsoft.com/en-us/library/cc978526.aspx
QUESTION 173
Your companys network includes client computers that run Windows 7.
You design a wireless network to use Extensible Authentication ProtocolCTransport Level Security (EAP-TLS). The Network Policy Server has a certificate installed.
Client computers are unable to connect to the wireless access points. You need to enable client computers to connect to the wireless network.
What should you do?
A. Install a certificate in the Trusted Root Certification Authorities certificate store.
B. Configure client computers to use Protected Extensible Authentication ProtocolCTransport Layer Security (PEAP-TLS).
C. Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAP v2).
D. Install a certificate in the Third-Party Root Certification Authorities certificate store.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 174
Your company infrastructure includes a Windows Server 2008 R2 file server and 1,000 Windows 7 Enterprise client computers.
The company wants to require a secure connection between client computers and the file server.
You need to create and deploy a Group Policy object (GPO) that includes a rule for Windows Firewall with Advanced Security.
What should you do?
A.
B.
C.
D.
Create an Isolation rule and specify Request authentication for inbound and outbound connections.
Create a Tunnel rule and specify Gateway-to-client as the tunnel type.
Create a Server-to-server rule and specify the endpoints as Any IP address and the file server IP address.
Create an Authentication exemption rule and add the file server IP address to the Exempt Computers list.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to
synchronise to an external NTP time source
http://en.wikipedia.org/wiki/Primary_Domain_Controller
QUESTION 175
You deploy Windows 7 to the computers that are used by your companys Web developers. All Web developer user accounts are in a single organizational unit
(OU).
Internet Explorer is blocking pop-up windows for multiple internal Web applications that are hosted on different servers.
You need to use Group Policy to ensure that Internet Explorer does not block pop-up windows for internal Web applications.
What should you do?
A.
B.
C.
D.
Enable Compatibility View in Internet Explorer.
Add each server to the Intranet zone.
Add each server to the Trusted Sites zone.
Set the default security setting in Internet Explorer to Medium.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Pop-up Blocker features
Pop-up Blocker is turned on by default. There are restrictions on the size and position of pop-up windows, regardless of the Pop-up Blocker setting. Pop-up
windows cannot be opened larger than or outside the viewable desktop area. For more information, see "Windows Restrictions" in this document.
When this functionality is enabled, automatic and background pop-up windows are blocked, but windows that are opened by a user click will still open in the usual
manner. Note that sites in the
Trusted Sites and Local
Intranet zones do not have their pop-up windows blocked by default, as they are considered safe. This setting can be configured in the Security tab in Internet
Options. http://technet.microsoft.com/en-us/library/cc784600(v=ws.10).aspx hints: internal web , so i choose intranet zones.
Local Intranet Zone
By default, the Local Intranet zone contains all network connections that were established by using a Universal
Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local), as long as they
are not assigned to either the Restricted Sites or Trusted Sites zone. The default security level for the Local Intranet zone is set to Medium (Internet Explorer 4) or
Medium-low (Internet Explorer 5 and 6). Be aware that when you access a local area network (LAN) or an intranet share, or an intranet Web site by using an
Internet Protocol (IP) address or by using a fully qualified domain name (FQDN), the share or Web site is identified as being in the Internet zone instead of in the
Local intranet zone.
Trusted Sites Zone
This zone contains Web sites that you trust as safe (such as Web sites that are on your organization's intranet or that come from established companies in whom
you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage
your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.
http://support.microsoft.com/kb/174360
QUESTION 176
Your network has client computers that run Windows 7 Enterprise. You plan to deploy new administrative template policy settings by using custom ADMX files. You
create the custom ADMX files, and you save them on a network share. You start Group Policy Object Editor (GPO Editor). The custom ADMX files are not available
in the Group Policy editing session. You need to ensure that the ADMX files are available to the GPO Editor. What should you do?
A. Copy the ADMX files to the % systemroot% \ inf folder on each Windows 7 computer, and then restart the GPO Editor.
B. Set the network share permissions to grant all Windows 7 users Read access for the share.
C. Copy the ADMX files to the %systemroot% \ system32 folder on each Windows 7 computer, and then restart the GPO Editor.
D. Copy the ADMX files to the central store, and then restart the GPO Editor.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://support.microsoft.com/kb/929841
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location
that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later
replicated to all domain controllers in the domain.
QUESTION 177
Your company has a custom Web application that uses a self-signed SSL certificate. The company has an internal certification authority (CA) and uses
autoenrollment. When external users attempt to start the Web application, Internet Explorer displays an error message that recommends closing the Web page
rather than continuing to the application. You need to ensure that Internet Explorer does not display the error message. What should you do?
A.
B.
C.
D.
Install the current certificate into the personal store on each client computer. Add the applications URL to the Trusted Sites zone in Internet Explorer.
Install the current certificate into the computer store on each client computer.
Purchase and install a commercial certificate on the CA server. Ensure that users trust the issuing CA.
Issue a root certificate from the internal CA on the external users computers.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 178
Your companys network is shown in the following diagram.
There is a VPN between Branch Officebranch office B and the Core Networkcore network.
The company plans to deploy Windows 7 to all client computers. You need to manage the deployment to ensure that client computers in branch office A and in
branch office B can activate Windows.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A.
B.
C.
D.
Configure DNS so that client computers in branch office A use the Key Management Service (KMS) in the core network.
Deploy the Key Management Service (KMS) in branch office B.
Deploy the Key Management Service (KMS) in branch office A.
Configure DNS so that client computers in branch office B use the Key Management Service (KMS) in the core network.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 179
You are deploying an App-V client application to the New York office. You need to ensure that the application will be installed at a specific time.
What should you use to deploy the application?
A.
B.
C.
D.
ConfigMgr
a Group Policy object (GPO) with a software installation policy.
MED-V
Microsoft Deployment Toolkit
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 180
Your company has client computers that run Windows 7 Enterprise.
Each computer in the company is required to boot into a different Windows 7 application environment without compromising the main Windows 7 Enterprise
installation. You need to create a new Native Boot VHD that will host the alternate Windows 7 environments.
Which command should you use?
A.
B.
C.
D.
BCDEdit.exe
Bootcfg.exe
DiskPart.exe
BCDboot.exe
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.techexams.net/forums/windows-7-exams/66547-bcdedit-bcdboot-difference.html BCDboot is a tool used to quickly set up a system partition, or to repair
the boot environment located on the system partition. The system partition is set up by copying a small set of boot environment files from an installed Windows®
image. BCDboot also creates a Boot Configuration Data (BCD) store on the system partition with a new boot entry that enables you to boot to the installed Windows
image.
BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding
boot menu parameters, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements
QUESTION 181
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows 7 computers. You are planning to deploy a custom application.
You need to schedule the deployment to occur outside of business hours and without user interaction. What should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
Create a collection with the required computers and assign the software to the collection.
Create a software installation Group Policy object (GPO).
Assign the policy to the root of the Active Directory Domain Services (AD DS) domain.
Create a software deployment package by using System Center Configuration Manager 2007.
Create an unattend.xml file.
Create a silent install MSI file.
Correct Answer: ADF
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints: without user interaction = silent install MSI file
QUESTION 182
A network consists of 1,000 laptop computers that run Windows XP. The computers do not have access to the corporate network.
You plan to migrate 200 of the computers immediately to Windows 7. The remainder will be migrated over the next several months.
You need to plan the most efficient method for activating all of the computers.
What should you do?
A. Use Multiple Activation Key (MAK) Independent for the first 200 computers, and then use Multiple Activation Key (MAK) Proxy for the remaining computers.
B. Use the Key Management Service (KMS) for all the computers.
C. Use Multiple Activation Key (MAK) Independent for all the computers.
D. Use Multiple Activation Key (MAK) Proxy for the first 200 computers, and then use the Key Management Service (KMS) for the remaining computers.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself.
refer to http://technet.microsoft.com/en-us/library/ee939272.aspx MAK:
If users install a MAK using the user interface (UI), the MAK client attempts to activate itself over the Internet one time. If the users install a MAK using the
Slmgr.vbs script, the MAK client does not try to activate itself automatically.
refer to http://technet.microsoft.com/en-us/library/ff793438.aspx Hints:
The computers do not have access to the internet
QUESTION 183
Your company's network is shown in the following diagram.
Each office is connected to the Internet through a high-bandwidth connection. The branch offices are connected to the core network through low-bandwidth
connections.
Microsoft Windows Server Update Services (WSUS) must provide software updates for all offices.
You need to design the WSUS infrastructure to minimize traffic over the low-bandwidth connections.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Deploy BranchCache on the WSUS server and client computers
Configure WSUS to use updates that are stored locally
Configure WSUS to use updates that are stored on Microsoft Update
Deploy Quality of Service (QoS) on the WSUS server and client computers
Deploy WSUS servers in the branch offices
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
WSUS update from Microsoft update is faster then core network Deploy WSUS servers in each branch office in order to provide WSUS server for branch client.
hints:
1. Each office is connected to the Internet through a high-bandwidth connection.
2. The branch offices are connected to the core network through low-bandwidth connections.
QUESTION 184
Your network is configured as shown in the following diagram.
You are planning to deploy Windows 7.
You have the following requirements:
Use BitLocker on all computers in the isolated network.
Provide DirectAccess on all portable computers.
Use the Key Management Service (KMS) to activate all client computers.
You need to plan a client computer licensing strategy that meets the requirements.
What should you do?
A. License 500 copies of Windows 7 Ultimate.
B. License 500 copies of Windows 7 Enterprise.
C. License 350 copies of Windows 7 Professional, license 150 copies of Windows 7 Ultimate, and purchase Software Assurance for the Windows 7 Professional
licenses.
D. License 350 copies of Windows 7 Enterprise, and license 150 copies of Windows 7 Ultimate.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
Direct Access only available for Ultimate and Enterprise only.
Company should use Enterprise version
QUESTION 185
Your company has 1,000 client computers that run Windows 7. The company uses several custom line-of-business applications that are not compatible with
Windows 7. You need to distribute a Microsoft Enterprise Desktop Virtualization (MED-V) virtual machine (VM) image that includes the custom applications to all
Windows 7 client computers.
What should you do?
A.
B.
C.
D.
Mount the VM image from the MED-V workspace.
Deploy the VM image from the MED-V server.
Deploy the VM image by using Windows Deployment Services (WDS).
Deploy the VM image by using Windows Server Update Services (WSUS).
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 186
Your company plans to upgrade all client computers to Windows 7.
The company uses a custom line-of-business application. The application contains sensitive data.
The application will not run on Windows 7
You establish that Microsoft Enterprise Desktop Virtualization (MED-V) is the appropriate technology to allow your organization to continue to use the application.
You need to ensure that the virtual machine (VM) images that contain sensitive data can be used only when the user is connected to the MED-V server.
What should you do?
A.
B.
C.
D.
Using MED-V TrimTransfer technology, deploy the VM image over the network
In the MED-V console, configure the MED-V workspace to prevent offline operation
Use BitLocker Drive Encryption to encrypt the drive on which the VM image is stored
Using Microsoft System Center Configuration Manager, deploy the VM image to an image store directory
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 187
The client computers in your network run either Windows XP or Windows 7. All client computers are in a single Active Directory Domain Services (AD DS)
organizational unit (OU) named MyClients.
You install Windows Software Update Services (WSUS). You create a Group Policy object (GPO) that enables automatic updates from the WSUS server, and you
link the GPO to the MyClients OU. You place all client computers in a targeting group named MyClients.
Testing reveals that a security update that is applicable to both Windows XP and Windows 7 causes a line-of-business application to fail on the Windows XP client
computers.
You need to ensure that the application runs on the Windows XP client computers and that the Windows 7 client computers receive the security update.
What should you do?
A. Remove the Windows XP client computers from the MyClients targeting group. Approve the update for installation to the All Computers targeting group.
B. Remove the Windows 7 client computers from the MyClients targeting group. Approve the update for installation to the All Computers targeting group.
C. Create a targeting group named MyXPClients beneath the MyClients targeting group. Move the Windows XP client computers to the MyXpClients targeting
group. Approve the update for installation to the MyClients targeting group.
D. Remove the Windows 7 client computers from the MyClients targeting group. Approve the update for installation to the Unassigned Computers targeting group.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
All computers targeting group = assigned group and unassigned group. Unassigned computer targeting group = all computer which is not assign to any group.
hints:
Windows 7 remove from MyClients = unassigned computer targeting group Windows XP = MyClients targeting group
update will only done for unassigned computer targeting group
QUESTION 188
Your company uses Microsoft Windows Server Update Services (WSUS) to deploy software updates and service packs. Microsoft releases a security update for
Windows 7. You have the following requirements: The security update must be deployed by 5:00 P.M. on Friday. Computers that are off when the security update is
deployed must install the security update as soon as they are turned on. You need to manage the software update process to meet the requirements. What should
you do?
http://www.gratisexam.com/
A.
B.
C.
D.
Approve the security update for installation through the WSUS console with no deadline.
Approve the security update for download through the WSUS console with a deadline of Friday at 5:00 P.M.
Approve the security update for installation through the WSUS console with a deadline of Friday at 5:00 P.M.
Approve the security update for download through the WSUS console with no deadline.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
1. question mention at friday 5pm
2. question request install update in stead of download update
QUESTION 189
Your company has a single Active Directory Domain Services (AD DS) domain named contoso.com that uses Active DirectoryCintegrated DNS.
You deploy the Key Management Service (KMS) on a Windows 7 computer. You need to ensure that Windows 7 client computers can locate the KMS host and
perform activation.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Create and deploy a GPO firewall rule to allow RPC traffic through TCP port 1688 on the client computers.
Deploy a Windows Server 2008 KMS host.
Grant the KMS server the Full Control permission on the _vlmcs._tcp.contoso.com DNS record.
Grant the KMS server the Full Control permission on the _msdcs._tcp.contoso.com DNS zone.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/ee939272.aspx
The KMS clients find the KMS host via a DNS SRV record (_vlmcs._tcp) and then automatically attempt to discover and use this service to activate themselves.
When in the 30 day Out of Box grace period, they will try to activate every 2 hours. Once activated, the KMS clients will attempt a renewal every 7days.
Listening on Port:
Communication with KMS is via anonymous RPC. 1688 is the default TCP port used by the clients to connect to the KMS host. Make sure this port is open between
your KMS clients and the KMS host.
QUESTION 190
Your network contains 5 servers that have the Remote Desktop Session Host role service installed. The servers host a Remote Desktop RemoteApp named App1.
You need to recommend a solution for App1 that meets the following requirements:
Must ensure that users can connect to any Remote Desktop Session Host server
Must ensure that users are automatically reconnected to disconnected sessions
What should you include in the recommendations?
A.
B.
C.
D.
E.
Windows Virtual PC and Windows XP Mode
Remote Desktop Web Access
Remote Desktop Gateway
Windows Deployment Services
Remote Desktop Connection Broker
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Remote Desktop Connection Broker (RD Connection Broker), formerly Terminal Services Session Broker (TS Session Broker), is used to provide users with access
to RemoteApp and Desktop Connection. RemoteApp and Desktop Connection provides users a single, personalized, and aggregated view of RemoteApp
programs, session-based desktops, and virtual desktops to users. RD Connection Broker supports load balancing and reconnection to existing sessions on virtual
desktops, Remote Desktop sessions, and RemoteApp programs accessed by using RemoteApp and Desktop Connection. RD Connection Broker also aggregates
RemoteApp sources from multiple Remote Desktop Session Host (RD Session Host) servers that may host different RemoteApp programs.
http://technet.microsoft.com/en-us/library/dd560675(v=WS.10).aspx
QUESTION 191
Your company has two network segments. The core network segment is where centralized management is performed. The high-security network segment is an
isolated network. A firewall between the core network segment and the high-security network segment limits network communication between the segments.
These network segments are shown in the following diagram.
Your company plans to deploy Windows 7 to all client computers. You need to manage activation for client computers that are located in the high-security network
segment.
What should you do?
A.
B.
C.
D.
Deploy the Key Management Service (KMS) in the core network segment.
Deploy the Key Management Service (KMS) in the high-security network segment.
Install the Volume Activation Management Tool (VAMT) in the core network segment.
Install the Volume Activation Management Tool (VAMT) in the high-security network segment.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself.
refer to http://technet.microsoft.com/en-us/library/ee939272.aspx There is a firewall blocking, (VAMT) should setup at high-security network.
QUESTION 192
Your company has client computers that run Windows XP Professional.
You are planning to install Windows 7 Enterprise on the existing client computers. You need to ensure that the user state can be viewed after it has been collected
and saved. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
Perform an offline migration by using Windows PE.
Use an uncompressed migration store.
Perform an offline migration by using Windows.old.
Use a hard-link migration store.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 193
You plan to deploy Windows 7 to client computers.
You have the following requirements:
Deploy Windows 7 over the network.
Do not affect the performance of existing network applications.
You need to design a zero-touch deployment strategy that supports the requirements.
What should you do?
A.
B.
C.
D.
Deploy images from a Microsoft System Center Configuration Manager server that runs Windows Server 2008.
Deploy images from a dedicated share on a Windows Server 2008 server.
Ensure that all computers have the Internet Protocol version 6 (IPv6) protocol disabled prior to deployment.
Ensure that all computers have the Internet Protocol version 4 (IPv4) protocol disabled prior to deployment.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 194
Your company has an Active Directory Domain Services (AD DS) forest with a single domain. A server has the Windows Deployment Services (WDS) role installed.
You create a Windows 7 image.
You plan to use the Lite Touch Installation deployment method to deploy the Windows 7 image. You need to design a deployment strategy that will install an image
on unknown client computers only if administrative approval is granted.
What should you do?
A.
B.
C.
D.
Create a multicast transmission for the Windows 7 image.
Use an Auto-Add policy on the WDS server.
Create a unicast transmission for the Windows 7 image.
Use DHCP rogue detection on the WDS server.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc731409(v=ws.10).aspx#BKMK_2
QUESTION 195
Your network has 1,000 client computers that run Windows XP. You are planning to deploy Windows 7.
You plan to use the Microsoft Deployment Toolkit Lite Touch Installation deployment method to deploy the Windows 7 image.
You have the following requirements:
Migrate 20 computers at a time.
Ensure that you conserve network bandwidth.
You need to design a deployment strategy that meets the requirements.
What should you do?
A.
B.
C.
D.
Configure multicast transmission on the deployment point.
Configure unicast transmission on the deployment point.
Distribute the image by using Background Intelligent Transfer Service (BITS).
Compress the contents of the distribution folder.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Performing Multicast Deployments
In order to deploy an image using multicasting instead of unicasting, you must first create a multicast transmission. Multicast transmissions make the image
available for multicasting, which enables you to deploy an image to a large number of client computers without overburdening the network. When you deploy an
image using multicasting, the image is sent over the network only once, which can drastically reduce the amount of network bandwidth that is used. http://
technet.microsoft.com/en-us/library/dd637994(v=ws.10).aspx
QUESTION 196
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 client computers.
You are planning to deploy Windows 7 by using a zero-touch installation process.
You need to test the deployment methodology.
What should you do first?
A. Create a computer collection with test computers as members.
B. Create a security group with test computers as members.
C. Create an organizational unit and move test computer accounts into it.
D. Create a distribution group with test computers as members.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 197
You are planning a Windows 7 deployment infrastructure.
You have the following requirements:
Enable network deployments of WIM images or VHDs
Support multicast with the use of multiple stream transfer functionality.
Allow drivers to be stored centrally, and use dynamic driver provisioning.
You need to design an infrastructure that meets the requirements.
Which deployment method should you recommend?
A.
B.
C.
D.
Microsoft Deployment Toolkit (MDT) 2010
Microsoft Deployment Toolkit (MDT) 2008
Windows Deployment Services in Windows Server 2008 R2
Deployment Image Servicing and Management (DISM)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 198
Your network has a single domain with 1,000 client computers that run Windows Vista.
You are planning a deployment of Windows 7.
Your company has multiple departments. Only the sales department will use the existing target computers to run Windows 7.
You have the following requirements:
Migrate the user state for each user.
Preserve the file system and existing applications for only the sales department computers.
You need to recommend the deployment method that is appropriate for the environment. Which combination of deployment scenarios should you recommend?
A. Use the Upgrade Computer method for the sales department computers.
Use the Replace Computer method for all other computers.
B. Use the Upgrade Computer method for the sales department computers.
Use the Refresh Computer method for all other computers.
C. Use the Refresh Computer method for the sales department computers.
Use the New Computer method for all other computers.
D. Use the Refresh Computer method for the sales department computers.
Use the Replace Computer method for all other computers.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints: only upgrade can preserve existing application Replace method - change new computer and migrate user state for each user.
QUESTION 199
You are planning a zero-touch deployment of Windows 7 Enterprise to client computers on your corporate network.
Each client computer has three available boot methods:
boot from the network by using PXE
boot from USB media
boot from the local hard disk
You have the following requirements:
Set the boot method for a zero-touch deployment.
Ensure that client computers that fail on deployment can be manually configured.
You need to design a zero-touch deployment strategy that supports the requirements.
What should you do?
A.
B.
C.
D.
Remove USB media and local hard disk from the available boot methods
Remove USB media and network from the available boot methods
Set network as the first boot method, USB media as the second boot method, and local hard disk as the third boot method
Set USB media as the first boot method and local hard disk as the second boot method.
Remove network from the available boot methods
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints: zero-touch deployment of Windows 7 Enterprise to client computers on your corporate network so, set network as 1st boot.
QUESTION 200
Your company has client computers that run Windows XP Professional. You are planning to install Windows 7 Enterprise on the existing client computers. You
need to design a user state migration strategy that minimizes network bandwidth and server use when user data is being migrated.
What should you do?
A.
B.
C.
D.
Use the Refresh Computer method and a hard-link migration store.
Use the Refresh Computer method and a compressed migration store.
Use the Replace Computer method and a hard-link migration store.
Use the Replace Computer method and a compressed migration store.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A hard-link migration store enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is
removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. http://technet.microsoft.com/en-us/library/
dd560753(v=ws.10).aspx
Refresh Scenario
Similar to a new installation, the refresh scenario performs a clean setup. The difference is that the target computer already contains Windows, for which files and
settings will be preserved (installed applications are not taken into consideration). This scenario is especially useful in the event that preserving the user state is a
priority. It still leverages the consistency benefits that come through a new installation. You can automate this scenario with the latest version of the User State
Migration Tool (USMT 4.0), which will collect pertinent data for each user state found in the system, and restore it after the clean installation is performed.
Replace Scenario
This is similar to the refresh scenario, except the target system is a new computer that does not yet contain any files or settings. The scenario consists of
conducting a new installation on the target computer, and then using the USMT 4.0 to transfer files and settings from the old computer. You can run this scenario
side-by-side with an older system running Windows XP or
Windows Vista.
http://technet.microsoft.com/en-us/magazine/hh124549.aspx Hints:
Install on existing client computer = refresh
Replace a new client computer = Replace
QUESTION 201
Your company has 1,000 client computers that run Windows 7 Enterprise. You need to ensure that users cannot bypass or disable Internet Explorer logging.
What should you do?
A.
B.
C.
D.
Set the Disable the Advanced Page state to Enabled, and set the Turn off InPrivate Browsing state to Enabled.
Set the Turn off InPrivate Filtering state to Enabled, and set the Disable the General Page state to Enabled.
Set the Turn off InPrivate Browsing state to Enabled, and set the Disable the General Page state to Enabled.
Set the Disable the General Page state to Enabled, and set the Disable the Advanced Page state to Enabled.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
InPrivate Browsing in Internet Explorer 8 helps prevent one's browsing history, temporary Internet files, form data, cookies, and usernames and passwords from
being retained by the browser, leaving no easily accessible evidence of browsing or search history.
http://en.wikipedia.org/wiki/Internet_Explorer_8
hints:
run IE InPrivate Browsing will not keep any history or logging.
General Page able to clear IE history
QUESTION 202
All client computers in your network run Windows 7 with default firewall settings.
You have a server-based application that requires an agent to be installed on all client computers. You need to use Group Policy to allow the application to initiate
installation of the agent on all client computers.
What should you do?
A.
B.
C.
D.
Create inbound program rules.
Create inbound port rules.
Create Windows service hardening rules.
Create connection security rules.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
software havent install, so unable to block program
QUESTION 203
All client computers in your network run Windows 7 Enterprise. You need to prevent all standard user accounts from running programs that are signed by a specific
publisher.
What should you do?
A.
B.
C.
D.
Use AppLocker application control policies. Create an Executable rule.
Use software restriction policies. Create a hash rule.
Use AppLocker application control policies. Create a Windows Installer rule.
Use software restriction policies. Create a path rule.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/dd759068.aspx The AppLocker Microsoft Management Console (MMC) snap-in is organized into four areas called rule
collections. The four rule collections are executable files, scripts, Windows Installer files, and DLL files. These collections give the administrator an easy way to
differentiate the rules for different types of applications.
Rule conditions are criteria that the AppLocker rule is based on. Primary conditions are required to create an AppLocker rule. The three primary rule conditions are
publisher, path, and file hash. Publisher - This condition identifies an application based on its digital signature and extended attributes. The digital signature contains
information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name
of the product that the application is part of and the version number of the application. The publisher may be a software development company, such as Microsoft,
or the information technology department of your organization. Path - This condition identifies an application by its location in the file system of the computer or on
the network. AppLocker uses path variables for directories in Windows. File hash - When the file hash condition is chosen, the system computes a cryptographic
hash of the identified file.
QUESTION 204
Your network has a single domain with 1,000 client computers that run Windows 7. You use Microsoft System Center Configuration Manager 2007 to distribute and
install software applications. All users have standard user accounts.
You plan to use Group Policy to ensure that application installation functions properly. You need to design the User Account Control (UAC) policy.
What should you do?
A.
B.
C.
D.
Configure the User Account Control: Behavior of the elevation prompt for standard users setting to be Prompt for credentials.
Configure the User Account Control: Only elevate executables that are signed and validated setting to be Enabled.
Configure the User Account Control: Detect application installations and prompt for elevation setting to be Disabled.
Configure the User Account Control: Detect application installations and prompt for elevation setting to be Enabled.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
User Account Control: Detect application installations and prompt for elevation The User Account Control: Detect application installations and prompt for elevation
policy setting controls the behavior of application installation detection for the computer.
The options are:
Enabled. (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative
user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled. (Default for enterprise) Application
installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies
such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
http://technet.microsoft.com/en-us/library/dd851376.aspx
QUESTION 205
Your network has 1,000 client computers that run Windows 7. You need to install an application, in the Local System account context, on the client computers.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure a logon script.
B. Configure a startup script.
C. Configure a shutdown script.
D. Configure a logoff script.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 206
You are planning to deploy Windows 7 to all client computers in your network. You need to ensure that domain administrators can manage domain Group Policy
objects (GPOs) from their Windows 7 computers. What should you provide to the domain administrators?
A.
B.
C.
D.
Local Group Policy Editor
GPOAccelerator Tool
Remote Server Administration Tools
Administration Tools Pack
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Group Polices were modified using the Group Policy Edit tool that was integrated with Active Directory Users and Computers Microsoft Management Console
(MMC) snap-in, but it was later split into a separate MMC snap-in called the Group Policy Management Console (GPMC). The GPMC is now a user component in
Windows Server 2008 and Windows Server 2008 R2 and is provided as a download as part of the Remote
Server Administration Tools for Windows Vista and Windows 7.
http://en.wikipedia.org/wiki/Group_Policy
QUESTION 207
Your network has a single domain with 1,000 client computers that run Windows 7. Users frequently copy data from their computers to removable drives. You need
to ensure that data that is copied to removable drives is protected. What should you do?
A.
B.
C.
D.
Use Encrypting File System (EFS)
Enable Trusted Platform Module (TPM) hardware on all client computers
Use Active Directory Rights Management Services
Configure a Group Policy to enforce the use of BitLocker To Go
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
BitLocker to Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over
passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write
to them. http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows- 7/features.aspx#bitlocker
QUESTION 208
Your network has a single domain with 1,000 client computers that run Windows 7.
A large number of software installation scripts are configured to run on the client computers. You need to recommend a Group Policy setting to allow users to log on
to their computers as soon as possible at first boot.
What should you recommend?
A.
B.
C.
D.
Configure the Run logon scripts synchronously setting to be Enabled.
Configure the Run logon scripts synchronously setting to be Disabled.
Configure the Run startup scripts asynchronously setting to be Enabled.
Configure the Run startup scripts asynchronously setting to be Disabled.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Run logon scripts synchronously
Description
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop. If you enable this
policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user
starts working, but it can delay the appearance of the desktop. If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not
synchronized and can run simultaneously.
Run startup scripts asynchronously
Description
Lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each
startup script to complete before it runs the next startup script. If you enable this policy, the system does not coordinate the running of startup scripts. As a result,
startup scripts can run simultaneously.
If you disable this policy or do not configure it, a startup script cannot run until the previous script is complete.
http://msdn.microsoft.com/en-us/library/ms811602.aspx
QUESTION 209
Your company has 1,000 computers in the main office and 20 computers in store kiosks. All the computers run Windows 7 Enterprise. The kiosk computers do not
have network connections. The company brands the Internet Explorer program window on all computers by displaying the company logo at the left end of the title
bar. The company changes its logo.
You have the following requirements:
Display the new logo on the Internet Explorer program window title bar on the main office computers and the kiosk computers.
Modify the search providers that are available to main office computers.
You need to define Internet Explorer settings to support the requirements.
What should you do?
A. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package on the main office computers. Create a
deployment CD for the kiosk computers.
B. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package on the main office computers. Enable automatic
version synchronization and specify a flash drive for the path. Distribute the configuration package to the kiosk computers.
C. Save the logo as Logo.png and copy the file to the C:\Windows\Branding\ directory on each kiosk computer. Create and distribute a new OpenSearch
description file for the main office computers.
D. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package. Copy the setup file to a flash drive, and distribute
the file to all computers.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
Kiosk computer do not have network connections, deployment CD is needed.
QUESTION 210
You are planning to test a custom image of Windows 7 Enterprise. You deploy the image on test computers in Toronto by using ConfigMgr.
The deployed image fails to activate.
You need to ensure that the image meets company activation requirements.
What should you do?
A.
B.
C.
D.
Run the Sysprep /generalize command.
Run the Sysprep /oobe command.
Modify the unattend.xml file and enter a MAK key.
Modify the unattend.xml file and enter a KMS key.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 211
Your company has an Active Directory domain.
You are planning the deployment of Windows 7 to client computers that are located in a main office and in satellite offices. All client computers use the same
hardware. Your company's security policy has the following requirements:
All client computers in the main office must run Windows 7 Enterprise.
All client computers in the satellite offices must use BitLocker.
All client computers in the main office must apply a custom security template.
The template must not apply to client computers in the satellite offices. You need to recommend an image-creation strategy that meets the requirements of the
security policy. The solution must minimize administrative effort.
What should you include in your recommendations?
A. One image for all client computers
A Group Policy object
B. One image for the main office computers
One image for the satellite office computers
A Data Recovery Agent
A Security database (secedit.sdb)
C. One image for the main office computers
One image for the satellite office computers
A Group Policy object
D. One image for all client computers
A Data Recovery Agent
A Security database (secedit.sdb)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 212
You have an image that is used to deploy Windows 7 on client computers.
You need to add drivers to the Windows 7 image.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Use the Deployment Image Servicing and Management (DISM) tool offline.
Use INF files for driver packages.
Use executable files for driver packages.
Use Windows Installer files for driver packages.
Use the Deployment Image Servicing and Management (DISM) tool online.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Deployment Image Servicing and Management able to attach INF driver file to image at offline mode
QUESTION 213
Your company is planning to deploy Windows 7.
You have an image that is used to deploy Windows 7 on client computers. You need to add a volume image to the existing Windows image.
What should you do?
A. Service the image online.
B. Use ImageX to append the volume image.
C. Use the Deployment Image Servicing and Management (DISM) tool to mount the image.
D. Use DiskPart to attach a new volume.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
ImageX is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /
append option appends a volume image to an existing .wim file. It creates a single instance of the file, comparing it against the resources that already exist in the
.wim file, so you do not capture the same file twice http://technet.microsoft.com/en-us/library/cc749603(v=ws.10).aspx
QUESTION 214
Your company includes mobile computer users who frequently work offline. You are planning to deploy Windows 7 by using an image.
You have the following requirements:
Provide access to all applications when mobile computer users first start their computers.
Minimize network and local storage requirements.
Provide language-pack support based on the geographic location of the user.
You need to ensure that your image-creation strategy meets the requirements.
What should you do?
A.
B.
C.
D.
Create a single thin image for all computers.
Create one thin image for the mobile computers. Create one thick image for all other computers.
Create one thick image for the mobile computers. Create one thin image for all other computers.
Create a single hybrid image for all computers.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
MCTS Self-Paced Training Kit (Exam 70-680): Configuring Windows® 7 By Ian McLean, Orin Thomas
http://books.google.com.my/books?id=lpNuBdGgFncC&pg=PT310&lpg=PT310&dq=thin+ima ge+thick+image
+languagepack&source=bl&ots=mU6XADkqKY&sig=C_BBoYQjkIHwwo7B9 P2MlXM4TOU&hl=en&sa=X&ei=QEKTDvC4fJrAfs7JGyCw&ved=0CB8Q6AEwAA#v=onepage&q=thin%20image%20thick%20im age%20languagepack&f=false
QUESTION 215
Your network includes the client computer hardware configurations shown in the following table.
You need to deploy Windows 7 by using the fewest images.
http://www.gratisexam.com/
How many images are needed?
A.
B.
C.
D.
2
3
4
8
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
One for 32bit image and one for 64bit image
QUESTION 216
Your company has 1,000 client computers.
You are planning to deploy Windows 7 and a new line-of-business application.
You have the following requirements:
Install the application as part of the standard Windows 7 deployment.
Use a single Windows 7 image for the deployment.
The application must be available for use on client computers that are not connected to the network.
You need to ensure that the application is installed on all new client computers.
What should you do?
A. Deploy the application by using Windows Server Update Services (WSUS).
B. Publish the application by using Group Policy Software Installation.
C. Service an offline image of Windows 7 to add the new application.
D. Service an online image of Windows 7 to add the new application.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
Client computer that are not connected to the network = A & B is wrong the question refer to application installation. You can not do it offline servicing. Only online
will be able to achieve it.
QUESTION 217
You deploy Windows 7 Enterprise to 1,000 client computers by using an image file. You need to define an image update strategy to incorporate software updates.
What should you do?
A.
B.
C.
D.
Install the deployment image on a client computer. Run the update package on the client computer, run Sysprep, and then recapture the image.
Append a disk volume that contains the update to the deployment image.
Mount the deployment image on a client computer that runs Windows 7. Run the update package on the client computer.
Install the deployment image on a client computer. Run the update package on the client computer, run BCDedit, and then recapture the image.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints: incorporate software updates = update image online Sysprep is needed before capture image.
QUESTION 218
You are designing a Windows 7 deployment image.
You plan to partition the hard disk of each client computer during deployment.
You need to modify the unattended answer file by using a text editor.
Where should you add the disk information?
A.
B.
C.
D.
to the Generalize configuration pass
to the AuditSystem configuration pass
to the WindowsPE configuration pass
to the Specialize configuration pass
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/dd744551(v=ws.10).aspx The windowsPE configuration pass also enables you to specify Windows Setup-related settings,
including:
- Partition and format a hard disk.
- Select a specific Windows image to install, the path of that image, and any credentials required to access that image.
- Select a partition on the destination computer where you install Windows.
- Apply a product key and administrator password.
- Run specific commands during Windows Setup.
QUESTION 219
You are planning to deploy Windows 7 Enterprise and several custom applications. You create a custom Windows 7 Enterprise image. You need to validate that the
custom applications will run after the deployment. What should you do?
A.
B.
C.
D.
Use ImageX with the check option to mount the image.
Mount the custom image by using the Deployment Image Servicing and Management (DISM) tool.
Deploy the custom image, and then run the sigverif.exe command.
Deploy the custom image to a Virtual Hard Disk (VHD), and then boot from the VHD.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The only way to check custom application is C in question, as need to load image to VHD or real PC, then boot from VHD or PC to windows, then run the customer
application in windows.
QUESTION 220
Your company has a main office and 5 branch offices. Each office contains 200 client computer.
Each office has a direct connection to the Internet. The branch offices are connected to the main office through dedicated connections.
You plan to deploy an update solution for all client computers by using Windows Server Update Services (WSUS).
You need to recommend a WSUS deployment solution. The solution must minimize traffic over the dedicated connections.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Configure WSUS to download updates from an upstream server.
Deploy BranchCache in distributed cache mode in each office.
Deploy a WSUS server in each office.
Configure WSUS to download updates from Microsoft Update.
Deploy a WSUS server in the main office only.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
Each office has a direct connection to the Internet. The branch offices are connected to the main office through dedicated connections.
QUESTION 221
Your company has an Active Directory Domain Services (AD DS) forest with a single domain. The domain, organizational unit (OU), and Group Policy object (GPO)
design is shown in the following diagram.
You deploy a Microsoft Windows Server Update Services (WSUS) server. You need to ensure that only client computers that are members of the NY Computers
OU use the WSUS server for updates.
Where should you define Windows Update settings?
A. in the User Configuration settings of the New York Computers GPO
B. in the Computer Configuration settings of the New York Baseline GPO
C. in the User Configuration settings of the New York Baseline GPO
D. in the Computer Configuration settings of the New York Computers GPO
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
To specify how and when computers are updated through Group Policy In Group Policy Object Editor, expand Computer Configuration, expand Administrative
Templates, expand Windows Components, and then click Windows Update. In the details pane of Group Policy Object Editor, configure the appropriate policies.
See the following table for examples of the policies you might want to set.. refer to http://technet.microsoft.com/en-us/library/cc708536(v=WS.10).aspx
QUESTION 222
Your company's network is shown in the following diagram.
All client computers are members of the contoso.com Active Directory Domain Services (AD DS) domain. Each network segment is represented by an AD DS site
object that is named to match the network segment.
Your company plans to deploy Windows 7 to all client computers. You need to manage the deployment to ensure that client computers in branch office C can
activate Windows. What should you do?
A. Create a DNS service (SRV) resource record named
_vlmcs._udp.BranchOfficeC._sites.contoso.com.
B. Deploy the Multiple Activation Key (MAK) in branch office C.
C. Deploy the Key Management Service (KMS) in branch office C.
D. Create a DNS service (SRV) resource record named
_vlmcs._tcp.BranchOfficeC._sites.contoso.com.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself.
refer to http://technet.microsoft.com/en-us/library/ee939272.aspx
QUESTION 223
Your company has client computers that run Windows Vista and client computers that run Windows 7. The client computers connect directly to the Microsoft
Update Web site once per week and automatically install all available security updates.
Microsoft releases a security update for Windows 7.
You have the following requirements:
Create a report of all Windows 7 computers that are currently connected to the network and that do not have the security update installed.
Use the least amount of administrative effort.
You need to manage the software update process to meet the requirements.
What should you do?
A. Deploy Microsoft Windows Server Update Services (WSUS). Approve the security update for installation, and force a detection cycle on the client computers.
B. Deploy Microsoft Windows Server Update Services (WSUS). Approve the security update for detection, and force a detection cycle on the client computers.
C. Use the Microsoft Baseline Configuration Analyzer (MBCA) to scan the client computers.
D. Use the Microsoft Baseline Security Analyzer (MBSA) to scan the client computers.
Configure MBSA to use the Microsoft Update site catalog.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their
security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by
using MBSA to detect common security misconfigurations and missing security updates on your computer systems. http://technet.microsoft.com/en-us/security/
cc184924
QUESTION 224
Your company has client computers that run Windows 7 Enterprise. You need to provide 10 users with an additional operating system boot option. What should you
do?
A.
B.
C.
D.
Use the DiskPart tool in Windows PE to attach a Virtual Hard Drive (VHD).
Use BCDedit to add a native-boot Virtual Hard Drive (VHD) entry to the boot menu.
Use Bootcfg to modify the boot parameters.
Use BCDboot to modify the system partition.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
BCDEdit is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows. It is included with the Windows Vista distribution in
the %WINDIR%\System32 folder.
http://technet.microsoft.com/library/cc731662.aspx
QUESTION 225
Your network has a single domain with 1,000 client computers that run Windows Vista. All client computers are members of the domain.
You are planning to deploy Windows 7.
You need to create a report that shows hardware and device compatibility on all client computers.
You need to perform this action without installing any additional software on the client computers.
Which tool should you use?
A.
B.
C.
D.
System Center Configuration Manager
System Center Capacity Planner
Windows Performance Monitor Data Collector Sets
Microsoft Assessment and Planning Toolkit
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft Assessment and Planning Toolkit performs a detailed analysis of hardware and device compatibility for migration to Windows 7, Windows Server 2008
R2, SQL Server 2008 R2, Microsoft Office 2010, and Office 365. The hardware assessment looks at the installed hardware and determines if migration is
recommended. If it is not recommended, then reports provide information about why it is not.
http://technet.microsoft.com/en-us/library/bb977556.aspx
QUESTION 226
You are designing a Windows 7 virtual desktop infrastructure.
You have the following requirements:
Provide access to Remote Desktop Services RemoteApp sources from multiple remote desktop servers.
Support network load balancing. Support reconnection to existing sessions on virtual desktops.
You need to specify a design that meets the requirements.
What should you include in your design?
A.
B.
C.
D.
Remote Desktop Gateway
Windows Deployment Services
Remote Desktop Connection Broker
Windows Virtual PC and Windows XP Mode
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Remote Desktop Connection Broker (RD Connection Broker), formerly Terminal Services Session Broker (TS Session Broker), is used to provide users with access
to RemoteApp and Desktop Connection. RemoteApp and Desktop Connection provides users a single, personalized, and aggregated view of RemoteApp
programs, session-based desktops, and virtual desktops to users. RD Connection Broker supports load balancing and reconnection to existing sessions on virtual
desktops, Remote Desktop sessions, and RemoteApp programs accessed by using RemoteApp and Desktop Connection. RD Connection Broker also aggregates
RemoteApp sources from multiple Remote Desktop Session Host (RD Session Host) servers that may host different RemoteApp programs.
http://technet.microsoft.com/en-us/library/dd560675(v=WS.10).aspx
QUESTION 227
Your company plans to deploy Windows 7 Enterprise.
The current client computers run either Windows XP Professional or Windows Vista Enterprise. The company uses 20 custom applications that were written for
Windows XP. You need to create a log of compatibility issues for the custom applications.
What should you do?
A.
B.
C.
D.
Install each application on a Windows XP client computer, and then run the Application Compatibility Toolkit (ACT).
Install each application on a Windows 7 client computer, and then run the Application Compatibility Toolkit (ACT).
Install each application on a Windows XP client computer. Sequence each application by using Microsoft Application Virtualization (App-V).
Install each application on a Windows Vista client computer. Sequence each application by using Microsoft Application Virtualization (App-V).
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 228
A company has 100 client computers that run Windows 8.1.
You need to assign static IPv6 addresses to the client computers.
Which Windows Powershellcmdlet should you run?
A.
B.
C.
D.
Set-NetTCPSetting
Set-NetIPInterface
Set-NetlPv6Protocol
set-NetIPAddress
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh826151.aspx
Set-NetIPAddress
The Set-NetIPAddress cmdlet modifies IP address configuration properties of an existing IP address.
To create an IPv4 address or IPv6 address, use the New-NetIPAddress cmdlet.
QUESTION 229
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
Portable client computers no longer connect to the corporate wireless network. You need to ensure that when the corporate wireless network is available, the
computers always connect to it automatically.
Which two actions would achieve the goal? (Each correct answer presents a complete solution.
Choose two.)
A.
B.
C.
D.
Create a Group Policy object (GPO) to configure a wireless network policy. Link the GPO to the organizational unit that contains the computers.
Configure the corporate wireless network as an unmetered network.
Configure the corporate wireless network as a preferred network.
Manually connect to the corporate wireless network and select the option to connect automatically to that network.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Answer:
Configure the corporate wireless network as a preferred network. Manually connect to the corporate wireless network and select the option to connect automatically
to that network.
Explanation:
http://blogs.technet.com/b/canitpro/archive/2014/03/05/windows-8-1-tips-manage-wireless-network-profiles.aspx Windows 8.1 tips: Managing Wireless Network
Profiles
..
And finally, if you wanted to change the preferred order for your machine to connect to specific wireless network, you could move a network up in the priority list by
using the command: set profileorder name=goose interface="Wi-Fi" priority=1
..
http://www.eightforums.com/tutorials/20152-wireless-networks-priority-change-windows-8-a.html How to Change Connection Priority of Wireless Networks in
Windows 8 and 8.1 ..
Windows usually connects to networks in this priority order:
Ethernet
1.
Wi-Fi (wireless)
2.
Mobile broadband
3.
When you connect to a new Wi-Fi network, it's added to the list, and Windows will connect to that network while it's in range. If you connect to another Wi-Fi
network while in range of the first network, Windows will prefer the second network over the first one.
Mobile broadband networks are treated differently. If you manually connect to a mobile broadband network when there is a Wi-Fi network in range, the mobile
broadband network is preferred just for that session. The next time you're in range of both networks, the Wi-Fi network is preferred. This is because mobile
broadband networks typically are metered.
If you want to force your PC to prefer a mobile broadband network over Wi-Fi, tap or click the Wi-Fi network in the list of networks, and then click Disconnect.
Windows won't automatically connect to that Wi-Fi network.
QUESTION 230
A company has client computers that run Windows 8.1. The corporate network is configured for IPv4 and IPv6.
You need to disable Media Sensing for IPv6 on the client computers without affecting IPv4 communications.
What should you do on each client computer?
A.
B.
C.
D.
Run the Disable-NetAdapterBinding Windows PowerShell cmdlet.
Run the Disable-NetAdapter Windows PowerShell cmdlet.
Run the Set-NetlPv6Protocol Windows PowerShell cmdlet.
Run the Set-NetlPv4Protocol Windows PowerShell cmdlet.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh826144.aspx
Set-NetIPv6Protocol
Set-NetIPv6Protocol -DhcpMediaSense<DhcpMediaSense>
Specifies a value for Media Sense. The cmdlet modifies the value for this setting.
Media Sense provides a mechanism for the network adapter to notify the protocol stack of media connect and disconnect events. These events trigger the DHCP
client to take an action, such as attempting to renew a DHCP lease or removing routes that are related to a disconnected network. When Media Sense is enabled,
the network parameters on the laptop of a roaming user are automatically and transparently updated without requiring a restart when the user moves from one
location to another. The acceptable values for this parameter are:
-- Enabled
-- Disabled
The default value is Enabled.
Further information:
Disable-NetAdapterBinding
The Disable-NetAdapterBinding cmdlet disables a binding to a network adapter. Running this cmdlet causes loss of network connectivity depending on the binding
that is disabled. Note: Disabling some adapter bindings can automatically enable other network adapter bindings.
Disable-NetAdapter
The Disable-NetAdapter cmdlet disables a network adapter. A network adapter must be enabled to connect to a network. This cmdlet causes loss of network
connectivity of the specified network adapter. Note:
Do not disable the network adapter being used to manage a remote computer. By default the user will be prompted to confirm the network adapter should be
disabled
Set-NetlPv4Protocol
Is not a valid cmdlet.
QUESTION 231
A company has 100 client computers that run Windows 8.1. The client computers are members of a workgroup.
A custom application requires a Windows Firewall exception on each client computer.
You need to configure the exception on the client computers without affecting existing firewall settings.
Which Windows PowerShell cmdlet should you run on each client computer?
A.
B.
C.
D.
E.
New-NetFirewallRule
Set-NetFirewallSetting
Set-NetFirewallRule
Set-NetFirewallProfile
New-NetIPSecMainModeRule
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj554908.aspx
New-NetFirewallRule
The New-NetFirewallRule cmdlet creates an inbound or outbound firewall rule and adds the rule to the target computer.
Further information:
Set-NetFirewallSetting
The Set-NetFirewallSetting cmdlet configures properties that apply to the firewall and IPsec settings, regardless of which network profile is currently in use. This
cmdlet allows the administrator to specify global firewall behavior.
Set-NetFirewallRule
The Set-NetFirewallRule cmdlet modifies existing firewall rule properties.
Set-NetFirewallProfile
The Set-NetFirewallProfile cmdlet configures options for the profiles, including domain, public, and private, that are global, or associated with the input rules.
New-NetIPSecMainModeRule
The New-NetIPsecMainModeRule cmdlet creates an IPsec main mode rule. A main mode rule contains a set of local and remote end points to determine the peers
to which it applies. When an application on the local computer attempts to communicate with one of these specified remote hosts, the computer attempts to
establish a security association (SA) with the remote server.
QUESTION 232
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1. Portable client computers connect to the corporate
wireless network.
You have the following requirements:
Prevent users from configuring a wireless network by using
settings from a USB flash drive.
Do not affect the use of other USB devices.
You need to create a Group Policy object (GPO) to meet the requirements.
Which GPO should you create?
A.
B.
C.
D.
A GPO that disables the Allow only USB root hub connected Enhanced Storage Features policy setting.
A GPO that enables wireless policy processing.
A GPO that prohibits connections to mobile broadband networks when roaming.
A GPO that configures Windows Connect Now settings.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-US/windows-vista/What-is-Windows-Connect-Now Computer Configuration\Policies\Administrative Templates\Network\Windows
Connect Now Turn Off Ability To Configure Using A USB Flash Drive setting:
Prevents Windows from being able to store a Windows Connect Now configuration to a UFD. Because the Windows Connect Now information stored on a UFD
contains information that can allow computers to access your protected wireless network, you might choose to disable this setting to improve the security of your
wireless networks.
http://sourcedaddy.com/windows-7/windows-connect-now-in-windows-7.html Explanation:
http://windows.microsoft.com/en-US/windows-vista/What-is-Windows-Connect-Now What is Windows Connect Now?
Microsoft Windows Connect Now (WCN) is a technology designed to address the need for a simple and more secure way to configure network devices and
computers. In addition to easier device configuration, you can use WCN to save wireless network settings to a USB flash drive and then plug that drive into devices (such as routers) and computers so you can quickly and easily add them to a network.
http://support.epson.ru/products/manuals/101846/html_z/setpn_4.htm Using WCN (Windows Connect Now)
..
QUESTION 233
A company has client computers that run Windows 8.1.
The client computers are connected to a corporate private network.
Users are currently unable to connect from their home computers to their work computers by using Remote Desktop.
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate
network resource from their home computers.
Which setting should you configure on the home computers?
A.
B.
C.
D.
Virtual Private Network connection
Remote Desktop local resources
DirectAccess connection
Remote Desktop Gateway IP address
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 234
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1. Client computers use Window BitLocker Drive
Encryption with a Trusted Platform Module (TPM) chip.
You need to create a Group Policy object (GPO) that will secure the TPM owner information.
Which policy setting should you configure?
A.
B.
C.
D.
Enable the Turn on TPM backup to Active Directory Domain Services policy setting.
Enable the Configure the level of TPM usage authorization information available to the registry policy setting.
Set the Configure the level of TPM owner authorization information available to operating system policy setting to Full.
Enable the Configure TPM platform validation profile policy setting.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj679889.aspx
Trusted Platform Module Services Group Policy Settings
..
If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM
owner password.
QUESTION 235
A company has client computers that run Windows 8.1. The company uses Windows BitLocker Drive Encryption with the data-only option o all client computers.
You delete a file containing highly confidential information from your computer.
You need to clear the free space on the hard drive to minimize the chance of the confidential information being recovered.
Which command should you run on the client computer?
A. manage-bde w
B. chkdsk/spotfix
C. diskpart clean
D. BdeHdCfg -target c: shrink
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj647761.aspx
Manage-bde: WipeFreeSpace
Syntax:
manage-bde WipeFreeSpace|-w [<Drive>] [-Cancel] [-computername <Name>] [{-?|/?}] [{-help|-h}]
Wipes the free space on the volume removing any data fragments that may have existed in the space. Running this command on a volume that was encrypted
using the "Used Space Only" encryption method provides the same level of protection as the "Full Volume Encryption" encryption method.
Example:
The following example illustrates using the -w command to create wipe the free space on drive C.
manage-bde -w C:
Further information:
http://technet.microsoft.com/en-us/library/cc730714.aspx
Chkdsk
chkdsk [<Volume>[[<Path>]<FileName>]] [/f] [/v] [/r] [/x] [/i] [/c] [/l[:<Size>]] [/b]
http://technet.microsoft.com/en-us/library/cc731145.aspx
Clean
The Diskpart Clean command removes any and all partition or volume formatting from the disk with focus.
http://technet.microsoft.com/en-us/library/ff829850.aspx
Bdehdcfg
Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption.
QUESTION 236
You deploy several tablet PCs that run Windows 8.1.
You need to minimize power usage when the user presses the sleep button.
What should you do?
A.
B.
C.
D.
Configure the active power plan to disable Wake Timers.
Configure the active power plan to use Fast Startup.
In Power Options, configure the sleep button setting to Hibernate.
In Power Options, configure the sleep button setting to Sleep.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows7/sleep-and-hibernation-frequently-asked-questions Sleep and hibernation: frequently asked questions
What's the difference between sleep, hibernate, and hybrid sleep?
Sleep is a power-saving state that allows a computer to quickly resume full-power operation (typically within several seconds) when you want to start working again.
Putting your computer into the sleep state is like pausing a DVD player--the computer immediately stops what it's doing and is ready to start again when you want to
resume working.
Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power,
hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation
uses the least amount of power. On a laptop, use hibernation when you know that you won't use your laptop for an extended period and won't have an opportunity to
charge the battery during that time.
Hybrid sleep is designed primarily for desktop computers. Hybrid sleep is a combination of sleep and hibernate--it puts any open documents and programs in
memory and on your hard disk, and then puts your computer into a low-power state so that you can quickly resume your work. That way, if a power failure occurs,
Windows can restore your work from your hard disk. When hybrid sleep is turned on, putting your computer into sleep automatically puts your computer into hybrid
sleep. Hybrid sleep is typically turned on by default on desktop computers.
Further information:
http://www.howtogeek.com/122954/how-to-prevent-your-computer-from-waking-up-accidentally/ How To Prevent Your Computer From Waking Up Accidentally
..
Disable Wake Timers
If you find your Windows computer waking from sleep for no apparent reason, your computer is either being woken up by a hardware device such as your mouse
-- or scheduled task set to wake your computer.
http://msdn.microsoft.com/en-us/library/windows/hardware/jj835779%28v=vs.85%29.aspx Distinguishing Fast Startup from Wake-from-Hibernation
Starting with Windows 8, a fast startup mode is available to start a computer in less time than is typically required for a traditional, cold startup. A fast startup is a
hybrid combination of a cold startup and a wake- from-hibernation startup.
http://www.redmondpie.com/enable-windows-8-hibernate-mode-option-how-to-tutorial/ Enable Windows 8 / 8.1 Hibernate Mode Option [How-To Tutorial] ..
Another similarly missing power option (apparently) is Hibernate, which, although not readily visible, is still a part of the operating system, and you just have to
enable it.
QUESTION 237
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain.
You have the following requirements:
Ensure that files in shared network folders are available offline.
Maximize efficiency for users who connect to shared network folders from a mobile device.
You need to configure Group Policy settings to meet the requirements.
What should you do first?
A.
B.
C.
D.
Enable and configure the Configure slow-link mode policy setting.
Enable the Enable file synchronization on costed networks policy setting.
Enable the Synchronize all offline files when logging on policy setting.
Enable and configure the Specify administratively assigned Offline Files policy setting.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj127408.aspx
Enable Background File Synchronization on Metered Networks
This document describes how to enable background file synchronization of Offline Files while using metered connections that have usage limits, and while
roaming on another provider's network.
Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 support cost-aware synchronization by automatically tracking roaming and
bandwidth usage limits while on metered connections. By default, when the user is using a metered connection (such as a 4G mobile network) and is near or over
their bandwidth limit or roaming on another provider's network, Windows switches to Offline mode and disables background synchronization. Users can still
manually initiate synchronization, and administrators can override cost-aware synchronization for specific users, such as executives.
QUESTION 238
You install Windows 8.1 on a desktop computer. You create a system image and then install third-party desktop apps and create personal data. You disable the
creation of restore points.
The computer is not running optimally.
You need to remove the third-party applications and preserve files that are stored in your Documents folder.
You start the computer from a system repair disk.
Which troubleshooting option should you use?
A.
B.
C.
D.
Refresh your PC without affecting your files
System Restore
Remove everything and install Windows
System Image Recovery
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Basically the Refresh feature allows you to refresh your Windows 8.1 installation back to a vanilla, brand new install while preserving all your personal files.
Windows 8.1 also includes a Reset feature which is similar however resetting your install deletes all personal files so don't select this unless you want a full system
wipe.
This is what happens:
Your files and personalization settings won't change.
Your PC settings will be changed back to their defaults.
Metro-style apps from the Windows store will be retained.
Explanation:
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
Applies to Windows 8.1, Windows RT 8.1
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
If you want to back up and restore your personal files using File History, see Set up a drive for File History If you want to restart your PC, see Shut down (turn off),
sleep, or hibernate your PC.
Refresh your PC without affecting your files
If your PC isn't performing as well as it once did, and you don't know why, you can refresh your PC without deleting any of your personal files or changing your
settings.
Further information:
http://windows.microsoft.com/en-us/windows/restore-computer-from-system-image-backup#1TC=windows-7 Restore your computer from a system image backup
When you restore your computer from a system image, it's a complete restoration. You can't choose individual items to restore, and all of your programs, system
settings, and files are replaced with those on the system image.
QUESTION 239
A company has client computers that run Windows 8.1. File History is on.
An employee downloads data to a folder on drive D named Archives.
You need to ensure that the user can restore files from the Archives folder by using File History.
What should you do?
A.
B.
C.
D.
Configure the File History advanced settings to include the Archives folder.
From the File History configuration options, change the drive and select the Archives folder.
Create a library named History and add the Archives folder to the library.
Move the Archives folder into the Windows system folder.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Explanation:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx What is File History?
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
http://blogs.windows.com/windows/b/extremewindows/archive/2012/12/20/a-new-way-to-backup-file-history-in- windows-8.aspx
A New Way to Backup: File History in Windows 8
File History is a new feature in Windows 8 that helps to ensure that your personal files are safe. In addition to being a backup solution, File History also provides
the capability to restore multiple backup copies (versions) of your files. File history in Windows 8 is easy to setup, powerful, and reliable. This means you can have
more confidence when working with files, and also keep less redundant copies around for your own personal "data history". You can easily configure File History to
protect some or all of the files that are in your libraries on Windows 8. You can add folders to your libraries easily in Windows 8, giving you the ability to use File
History with any group of folders and files that you choose.
QUESTION 240
A company has client computers that run Windows 8.1. The client computers are in a workgroup. Windows Remote Management (WinRM) is configured on all
computers.
You need to configure a computer named COMPUTER1 to retrieve Windows event logs from all other computers in the workgroup.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
F.
G.
Add machine accounts of all other computers to the Event Log Readers local group on COMPUTER1.
Create and configure a collector-initiated subscription.
Start the Windows Event Collector service on all computers other than COMPUTER1.
Start the Windows Event Collector service on COMPUTER1.
Create and configure a source computer¡ªinitiated subscription.
Start the Windows Event Log service on all computers other than COMPUTER1.
Add COMPUTER1 machine account to the Event Log Readers local group on all other computers.
Correct Answer: BDG
Section: (none)
Explanation
Explanation/Reference:
Explanation:
For best management we want a collector-initiated subscription--meaning we'll be setting up the subscription at the collecting computer instead of at each individual
computer. The Windows Event Collector service is requested for subscriptions to work on the computer doing the collecting.
The collecting computer must be a member of the Event Log Readers local group on all computer in order to be able to read the event log.
http://blog.oneboredadmin.com/2012/06/windows-event-collection.html Windows Event Collection
The only basic rules are that the source machine should have Winrm2 installed and running on it, and the Event Collector Service should be running on the collector
machine. There are two methods available to complete this challenge - collector initiated and source initiated.
Collector Initiated
When defining such a subscription, you instruct the collector to open a WinRM session to the source machine(s) using a specified set of credentials (or the
computer account) and ask for a subscription.
Further Information:
For best management we want a collector-initiated subscription--meaning we'll be setting up the subscription at the collecting computer instead of at each
individual computer. The Windows Event Collector service is requested for subscriptions to work on the computer doing the collecting. The collecting computer
must be a member of the Event Log Readers local group on all computer in order to be able to read the event log.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443%28v=vs.85%29.aspx Windows Event Collector
You can subscribe to receive and store events on a local computer (event collector) that are forwarded from a remote computer (event source).
The following list describes the types of event subscriptions:
Source-initiated subscriptions: allows you to define an event subscription on an event collector computer without defining the event source computers. Multiple
remote event source computers can then be set up (using a group policy setting) to forward events to the event collector computer. This subscription type is useful
when you do not know or you do not want to specify all the event sources computers that will forward events.
Collector-initiated subscriptions: allows you to create an event subscription if you know all the event source computers that will forward events. You specify all the
event sources at the time the subscription is created.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb513652%28v=vs.85%29.aspx Creating a Collector Initiated Subscription
You can subscribe to receive events on a local computer (the event collector) that are forwarded from remote computers (the event sources) by using a collectorinitiated subscription. In a collector-initiated subscription, the subscription must contain a list of all the event sources. Before a collector computer can subscribe to
events and a remote event source can forward events, both computers must be configured for event collecting and forwarding.
http://technet.microsoft.com/en-us/library/cc748890.aspx
Configure Computers to Forward and Collect Events
Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which
events will be collected (source).
In a workgroup environment, you can follow the same basic procedure described above to configure computers to forward and collect events. However, there are
some additional steps and considerations for workgroups:
You can only use Normal mode (Pull) subscriptions.
You must add a Windows Firewall exception for Remote Event Log Management on each source computer.
You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure
Advanced Subscription Settings dialog when creating a subscription on the collector computer.
Type winrm set winrm/config/client @{TrustedHosts="<sources>"} at a command prompt on the collector computer to allow all of the source computers to use
NTLM authentication when communicating with WinRM on the collector computer. Run this command only once.
QUESTION 241
A portable computer that runs Windows 8.1 uses a mobile broadband connection for the corporate wireless network.
The computer also ha a wired corporate network connection. The computer successfully downloads Windows updates when connected to either network.
You need to ensure that the computer automatically downloads updates by using Windows Update while also connected to the wireless corporate network
connection.
What should you do?
A.
B.
C.
D.
Set the corporate wireless network to metered.
Set the corporate wireless network to non-metered.
Configure the Specify intranet Microsoft update service location local Group Policy setting.
Configure a Windows Firewall connection security rule.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Setting a Wireless network to METERED allows only critical Windows Updates using that connection.
Setting a Wireless network to NON-METERED allows all Windows Updates using that connection.
Source: http://windows.microsoft.com/en-US/windows-8/metered-internet-connections-frequently- .
askedquestions
http://windows.microsoft.com/en-US/windows-8/metered-internet-connections-frequently-asked-questions Metered Internet connections: FAQ
What's a metered Internet connection?
Internet service providers can charge by the amount of data used (the amount of data sent and received by your PC). That's called a metered Internet connection.
These plans often have a data limit, and if you exceed the limit you might have to pay extra. In some cases, you aren't charged extra but your connection speed
becomes slower until the billing cycle ends.
If you have a metered Internet connection, setting your network connection to metered in Windows can help you reduce the amount of data you send and receive.
How does setting my network connection to metered affect my PC? Any app that relies on an Internet connection to update or display info might be limited in the
amount of data it can download or display. You might notice these and other effects:
Windows Update will only download priority updates.
...
Further Information:
Setting a Wireless network to METERED allows only critical Windows Updates using that connection. Setting a Wireless network to NON-METERED allows all
Windows Updates using that connection.
QUESTION 242
A company has client computers that run Windows 8.1. Each computer has two hard drives.
You need to create a dynamic volume on each computer that maximizes write performance with data fault tolerance.
Which kind of dynamic volume should you create?
A. Striped Volume
B. RAID 5 Volume
C. Spanned Volume
D. Mirrored Volume
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc737048%28v=ws.10%29.aspx Types of Dynamic Volumes
A dynamic volume is a volume that is created on a dynamic disk. Dynamic volume types include simple, spanned, and striped volumes.
Mirrored Volumes
A mirrored volume is a fault-tolerant volume that provides a copy of a volume on another disk. Mirrored volumes provide data redundancy by duplicating the
information contained on the volume. The two disks that make up a mirrored volume are known as mirrors. Each mirror is always located on a different disk. If one
of the disks fails, the data on the failed disk becomes unavailable, but the system continues to operate by using the unaffected disk.
Mirrored volumes are typically created by the user who requires fault-tolerance and who has two disks in their computer. If one disk fails, the user always has a copy
of their data on the second disk. Mirrored volumes provide better write performance than RAID-5 volumes.
Further Information:
Striped Volumes
Striped volumes improve disk input/output (I/O) performance by distributing I/O requests across disks. Striped volumes are composed of stripes of data of equal
size written across each disk in the volume. They are created from equally sized, unallocated areas on two or more disks. Striped volumes cannot be extended or
mirrored and do not offer fault tolerance. If one of the disks containing a striped volume fails, the entire volume fails, and all data on the striped volume becomes
inacces- sible. The reliability for the striped volume is less than the least reliable disk in the set.
RAID-5 Volumes
A RAID-5 volume is a fault-tolerant volume that stripes data and parity across three or more disks. Parity is a calculated value that is used to reconstruct data if one
disk fails. RAID-5 volumes are typically created by the user who requires fault-tolerance and who has at least three disks in their computer. If one of the disks in the
RAID-5 volume fails, the data on the remaining disks, along with the parity information, can be used to recover the lost data. RAID-5 volumes are well-suited to
storing data that will need to be read frequently but written to less frequently. Database applications that read randomly work well with the built-in load balancing of a
RAID-5 volume.
Spanned Volumes
Spanned volumes combine areas of unallocated space from multiple disks into one logical volume. The areas of unallocated space can be different sizes. Spanned
volumes require two disks, and you can use up to 32 disks.
QUESTION 243
A company has client computers that run Windows 8.1.
The company implements the following security requirements:
All client computers must use two-factor authentication.
At least one authentication method must include more than four characters or gestures.
You need to choose authentication methods that comply with the security requirements.
Which two authentication methods should you choose? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
PIN
Biometric authentication
Picture Password
Microsoft Account
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
More than 4 characters are of course supported with the Microsoft Account. It is something the user knows. The picture password would be another thing the user
knows (gestures).
So there's only MS Account and Biometric authentication left. Two-factor authentication requires the use of two of the three authentication factors:
Something the user knows (e.g., password, PIN);
Something the user has (physical Object) (e.g., ATM card, smart card); and Something the user is (e.g., biometric characteristic, such as a fingerprint). The factors
are identified in the standards and regulations for access to U.S. Federal Government systems.
http://en.wikipedia.org/wiki/Multi-factor_authentication
Multi-factor authentication
Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S.
Federal Government systems. These factors are:
Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); and Something only the
user is (e.g., biometric characteristic, such as a fingerprint).
1. Something the user knows: Microsoft Account
Minimum password length is more than 4 characters.
2. Something only the user is: Biometric authentication
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Biometric in Windows 8 is built on Windows Biometric Framework and relies on Windows Biometric service that is set to start up manual by default.
Further information:
Something the user knows: Picture password
Problem: limited to 3 gestures
Something the user knows:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Sign in with PIN code (4-digit code) is not possible for a domain user, it is not even visible in PC Settings -> Users (if machine is not domain joined you see it). To
enable it for even domain joined computer/users you can enable the policy Turn on PIN sign-in and it becomes visible.
QUESTION 244
All client computers in a company's network environment run Windows 8.1. A client computer has two internal hard disk drives. The hard drives are configured as
shown in the following table.
You are choosing a backup destination for drive C.
You have the following requirements:
Ensure that the backup file is available if drive C fails.
Ensure that the backup file can be accessed by other
computers on the network.
Support the backup of multiple system images.
You need to select a backup destination that meets the requirements.
Which destination should you select?
A.
B.
C.
D.
shared network folder
drive D
multiple DVDs
external hard drive
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Shared network folder will only support one system image:
That applies to internal / external disks:
http://windows.microsoft.com/en-us/windows7/Back-up-your-programs-system-settings-and-files
Keeping different versions of system images:
If you're saving your system images on an internal or external drive, or on CDs or DVDs, you can keep several versions of system images.
On internal and external hard drives, older system images will be deleted when the drive runs out of space. Conclusion is to use external HDD and share it over the
network.
http://technet.microsoft.com/en-us/library/cc737048%28v=ws.10%29.aspx What Are Dynamic Disks and Volumes?
Like basic disks, which are the most commonly used storage type found on computers running Microsoft Windows, dynamic disks can use the master boot record
(MBR) or GUID partition table (GPT) partitioning scheme. All volumes on dynamic disks are known as dynamic volumes. Dynamic disks were first introduced with
Windows 2000 and provide features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes), and the
ability to create fault tolerant volumes (mirrored and RAID-5 volumes).
http://lifehacker.com/5958865/how-to-use-windows-8s-new-file-history-backup-aka-time-machine-for-windows How to Use Windows 8's New File History Backup
(aka Time Machine for Windows)
The Difference Between File History and Windows Backup
Windows Backup still exists in Windows 8, it's just been renamed to "Windows 7 File Recovery." So, if you want to back up your files, you have the choice of which
system you want to use. Windows Backup (now called "Windows 7 File Recovery") backs up your computer on a schedule you set --for example, once a week on
Sunday at 2am (though the default is once a month). You can choose to back up whatever you want, from a small selection of personal files to program files to
anything else. You can even create a full system image, which is handy when you want to restore your computer to exactly the way it was at a certain point in time.
To restore files, you had to go into it's slightly confusing interface and find the files you were looking for in a set of folders on your backup drive.
QUESTION 245
You are in the process of setting up File History on your workstation.
You are configuring the Size of offline cache Advanced settings.
Which of the following is the default setting?
A.
B.
C.
D.
2%
5%
10%
20%
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://news.softpedia.com/news/Windows-8-Secrets-Incremental-Backup-with-File-History-299238.shtml
QUESTION 246
You are in the process of setting up File History on your workstation. You are configuring the Save copies of files Advanced settings.
Which of the following is the default setting?
A.
B.
C.
D.
15 minutes
30 minutes
1 hour
6 hours
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 247
You are employed as an administrator at contoso.com.
The network consists of a single Active Directory Domain Services (AD DS) domain, named contoso.com.
All workstations on the contoso.com network have Windows 8.1 installed.
You need to configure files history on a client system.
You notice that the free storage space on the selected drive is low, but you do not have a spare drive to replace it.
What should you do?
A.
B.
C.
D.
Configure the save copies of files setting to back up files once a day.
Configure Size of offline cache setting to 2%
Keep saved versions setting to be 1 month
Keep saved versions setting until space is needed
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 248
You are employed as an administrator at contoso.com. The contoso.com network is made up of an Active Directory Domain Services (AD DS) domain, named
ABC.com.
All workstations on the contoso.com network, including laptops, have Windows 8.1 installed.
Your users have just been issued new laptops for use outside the office.
These users currently log in to their desktop workstations using a Windows domain account.
They would like their laptops to be set up exactly like their desktop workstations.
Which of the following would easily allow them to achieve this?
A.
B.
C.
D.
Transfer the user settings with the File and Transfer wizard
Windows Easy Transfer
Migrate the user profiles with USMT
Link the Windows domain accounts to a Windows Live ID.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/b8/archive/2011/09/26/signing-in-to-windows-8-with-a-windows-live-id.aspx Signing in with an ID allows you to:
Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8.1
PC. Your PC will be set up just the way you are used to!
Easily reacquire your Metro style apps on multiple Windows 8.1 PCs. The app's settings and last-used state Persist across all your Windows 8.1 PCs.
Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time.
Automatically sign in to apps and services that use Windows Live ID for authentication. http://windows.microsoft.com/en-us/windows-8/connect-microsoft-domainaccount Connect your Microsoft account to your domain account
You can connect your Microsoft account to your domain account and sync your settings and preferences between them. For example, if you use a domain account
in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other
Microsoft account settings that you see on your home PC. You'll also be able to use Microsoft account services from your domain PC without signing in to them
individually.
QUESTION 249
A company has 50 touch-enabled client computers that run Windows 7.
You are planning to migrate the client computers to Windows 8.1. You have the following requirements:
Choose the installation or upgrade path that includes touchoptimized desktop versions of Microsoft Word, Excel,
PowerPoint, and OneNote.
Minimize new hardware requirements.
You need to choose the path that meets the requirements.
Which path should you choose?
A.
B.
C.
D.
Upgrade to Windows RT
Perform a clean installation of Windows 8.1 Enterprise
Purchase hardware with Windows RT pre-installed.
Upgrade to Windows 8.1 Enterprise.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Windows RT is Windows for ARM; nothing in this specifies the computers are on ARM machines.
http://blogs.office.com/2012/07/18/using-the-new-office-with-touch/ Windows 8 provides a number of platform capabilities for enabling highly responsive touch
support in applications, ranging from hardware accelerated graphics and improved touch targeting to the a new app platform that makes it easy to build touchoptimized Windows 8-style apps. The new Office takes advantage of these to deliver great new touch-based experiences on Windows 8.
http://www.howtogeek.com/120936/beginner-how-to-enable-touch-mode-in-office-2013/ Beginner: How to Enable Touch Mode in Office 2013
By default, even if you are on a touch enabled PC, Office 2013 doesn't open with a touch optimized interface.
Further Information:
Windows RT is Windows for ARM; nothing in this specifies the computers are on ARM machines.
QUESTION 250
A company has 100 client computers that run Windows Vista. The company uses several custom applications.
The company plans to replace the Windows Vista computers with new computers that run Windows 8.1.
You need to establish which of the currently installed applications will work on Windows 8.1.
What should you do?
A. Install and run the Windows App Certification Kit.
B. Install and run the Microsoft Assessment and Planning Toolkit.
C. Install and run the Microsoft Deployment Toolkit.
D. Install and run the Windows Application Compatibility Toolkit.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/solutionaccelerators/dd537566.aspx
Explanation:
http://www.microsoft.com/en-us/download/details.aspx?id=30652 Windows Assessment and Deployment Kit (ADK) for Windows® 8
The Windows® Assessment and Deployment Kit (Windows ADK) is a collection of tools that you can use to customize, assess, and deploy Windows operating
systems to new computers.
Features available in the Windows ADK include:
Application Compatibility Toolkit (ACT) - The Application Compatibility Toolkit (ACT) helps IT Profession- als understand potential application compatibility issues by
identifying which applications are or are not compatible with the new versions of the Windows operating system. ACT helps to lower costs for application
compatibility evaluation by providing an accurate inventory of the applications in your organization. ACT helps you to deploy Windows more quickly by helping to
prioritize, test, and detect compatibility issues with your apps
...
Supported Operating System
To install the Windows ADK, your computer must be running one of the following operating systems:
Windows® 8
Windows® 7
Windows Server® 2012
Windows Server® 2008 R2
Windows Vista®
Windows Server® 2008
Further Information:
http://www.microsoft.com/en-us/download/details.aspx?id=7826 Microsoft Assessment and Planning Toolkit
The Microsoft Assessment and Planning Toolkit makes it easy to assess your current IT infrastructure for a variety of technology migration projects. This Solution
Accelerator provides a powerful inventory, assessment, and reporting tool to simplify the migration planning process.
Supported Operating System
Windows 7 Service Pack 1
Windows 8
Windows 8.1
Windows Server 2008 R2 SP1
Windows Server 2012
Windows Server 2012 R2
http://www.microsoft.com/en-us/download/details.aspx?id=25175 Microsoft Deployment Toolkit (MDT) 2012 Update 1
Microsoft Deployment Toolkit (MDT) 2012 Update 1 is the newest version of MDT, a Solution Accelerator for operating system and application deployment. MDT
2012 Update 1 supports deployment of Windows 8, Windows 7, Office 2010 and 365, Windows Server 2012, and Windows Server 2008 R2 in addition to
deployment of Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.
MDT 2012 Update 1 relies on several Windows deployment tools. After installation of the .msi package and startup of the Deployment Workbench, the user can
choose to download and install the following major tools from the Components:
Windows 8 Assessment and Deployment Kit
...
QUESTION 251
A company has 10 client computers that run Windows 8.1. Employees log on to resources by using multiple accounts.
You need to back up the user name and password for each logon account.
What should you do on each client computer?
A.
B.
C.
D.
Back up each user's Personal Information Exchange PKCS #12 (.pfx) certificate.
Use Credential Manager to save the information to a USB flash drive.
Use File History to back up the ntuser.dat file.
Run the Export-Certificate Windows PowerShell cmdlet.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.7tutorials.com/credential-manager-where-windows-stores-passwords-other-login-details Credential Manager - Where Windows Stores Passwords &
Login Details
What is the Credential Manager?
Credential Manager is the "digital locker" where Windows stores log-in credentials (username, password, etc.) for other computers on your network, servers or
Internet locations such as websites.
Windows 8 adds one more type of credentials called Web Credentials. As the name implies, such credentials are used by Internet Explorer to automatically log
you into certain websites.
http://www.7tutorials.com/how-backup-and-restore-windows-vault-passwords How to Backup and Restore Windows Vault Passwords
One way to use the Credential Manager is to export your Windows credentials to another Windows computer, or to back them up and import them after you
reinstall Windows, so that you don't have to manually type them again.
Backup Your Windows User Names and Passwords
Open the Credential Manager. Under the Windows Vault look for the "Back up vault" link and click on it.
This starts the Stored User Names and Passwords wizard.
You are asked to select where you want to backup the Windows credentials stored on your computer. Click on Browse, select the folder and type the name of the
file where the data will be stored. Then, click Next.
...
This procedure has been tested both on Windows 7 and Windows 8. In Windows 8, there are some minor differences but it all works the same.
QUESTION 252
A company has client computers that run Windows 8.1. You implement an AppLocker file hash rule that allows an application to run. You then apply a service pack
to the application.
When users attempt to run the application, the application is blocked by Group Policy.
You need to ensure that the application runs.
What should you do?
A.
B.
C.
D.
Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.
Create a new has rule for the updated app
Set the wired network connection to metered.
Configure the Automatic Maintenance setting.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 253
A company has an Active Directory Domain Services (AD DS) domain. The corporate environment includes a Windows Software Update Services (WSUS) server.
All client computers run Windows 8.1 and a custom web application. The company has a Microsoft Software Assurance for Volume Licensing agreement.
After deploying Windows Updates to the computers, the web application stops responding. You establish that a specific optional update installed by Windows
Update is causing the problem. In the Windows Update Control Panel item, the option to remove the update is unavailable.
You need to remove the optional update from one client computer.
What should you do?
A.
B.
C.
D.
E.
Install and run the Debugging tools for Windows.
Clear the SusClientID registry value on the client computer.
Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Crash Analyzer tool.
Run the wuauclt /resetauthorization command on the client computer.
Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Hotfix Uninstaller tool.
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/jj713340.aspx
Getting Started with DaRT 8.0
How to Get DaRT 8.0
DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Soft- ware Assurance.
http://technet.microsoft.com/en-us/library/jj713326.aspx
Overview of the Tools in DaRT 8.0
From the Diagnostics and Recovery Toolset window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you
include when you create the DaRT 8.0 recovery image.
Exploring the DaRT tools
...
Hotfix Uninstall
The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool
when a hotfix or service pack is suspected in preventing the operating system from starting.
Further Information:
..
Crash Analyzer
Use the Crash Analyzer Wizard to quickly determine the cause of a computer failure by analyzing the memory dump file on the Windows operating system that you
are repairing. Crash Analyzer examines the memory dump file for the driver that caused a computer to fail. You can then disable the problem device driver by using
the Services and Drivers node in the Computer Management tool.
QUESTION 254
A client computer that runs Windows 8.1 has two hard disk drives: a system drive and a data drive.
You are preparing to back up the computer prior to installing a developing software product.
You have the following requirements:
The system disk that is part of the backup must be mountable from within Windows.
The system disk that is part of the backup must be bootable. The backup must be viable to restore in the event of a hard disk failure.
The backup must contain data from both hard disk drives.
You need to select a backup method.
Which method should you use?
A. System repair disk
B. Storage pool
C. System image
D. File History
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh825258.aspx
DISM Image Management Command-Line Options
Deployment Image Servicing and Management (DISM.exe) mounts a Windows image (.wim) file or virtual hard disk (.vhd or .vhdx) for servicing. You can also use
the DISM image management command to list the image index numbers, to verify the architecture for the image that you are mounting, append an image, apply
an image, capture an image and delete an image.
Further Information:
http://devhammer.net/blog/follow-up-on-backups-mounting-a-system-image Follow-up On Backups: Mounting a System Image
Yesterday, I posted about my practice of using the built in system image creation tools in Windows 7 and Windows 8 to create a backup of my system whenever I'm
getting ready to upgrade.
Now, if something goes tragically wrong, I can just boot to a system repair disk, and restore the image, and I'm back to where I started. But let's suppose the install
goes fine, but I find that there's a file I need to get to from my backup, but I don't want to restore the entire backup, just get that file.
The good news is that you can do this easily, because the system image is stored as a .vhd (or in the case of Windows 8, a .vhdx) file. And Windows 8 can mount a
VHD as a drive, making it easy to access the files from the backup.
Just plug in the external drive you used for your backup, and find the WindowsImageBackup folder (should be at the root of the drive), and inside it find the folder
matching the name of the machine you backed up. Inside that should be a folder that starts with "Backup" and the date of the backup. And finally, inside the backup
folder is a .vhd (or .vhdx) file containing the backup of your system (you might see more than one .vhd(x)...if so, look for the largest one, as shown in the image
below):
If you right-click that file and select "Mount" (as shown below) Windows will mount the VHD file for you, and assign it a drive letter.
QUESTION 255
You have a Windows 8.1 computer.
The drive on which your File History is stored is almost full.
You need to move the File History storage location to another drive.
Which three actions should you perform in sequence? (To answer, move the appropriate actions
http://www.gratisexam.com/
from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
When choosing a new storage location for File History, if it's a USB drive, there's nowhere to browse to.
You can only choose a folder when backing up to a network share.
And when you change the storage location, File History will move the files for you:
Explanation:
http://windows.microsoft.com/en-gb/windows-8/what-something-goes-wrong-file-history
What if something goes wrong in File History?
..Select a different File History drive
If your File History drive is full or almost full, you can start again from scratch with a new drive or you can
move your existing files to a new, larger drive.
To select a new drive and start again
1. Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the bottomright corner of the screen, move the mouse pointer up, then click Search.)
2. Enter File History settings in the search box, then tap or click File History settings.
3. Tap or click Select drive.
4. Tap or click the new drive.
To select a new drive and move your files to it
5. Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the bottomright corner of the screen, move the mouse pointer up, then click Search.)
6. Enter File History in the search box, then tap or click File History.
7. Tap or click Select drive.
8. On the Change your File History drive page, do one of the following:
* To use a new external drive, connect the drive to your PC, refresh the page, then tap or click OK.
* To use a network location, tap or click Add network location, browse to or enter a location, tap or
click Select folder, then tap or click OK.
9. When you're asked, tap or click Yes to copy all of the versions of your files to the new drive.
QUESTION 256
You administer Windows 8.1 client computers in your company network. The computers belong
to an Active Directory Domain Services (AD DS) domain and have Windows Firewall enabled.
All of the computers are connected to the Internet.
You ping one of the desktops, which has an IP Address of 10.4.4.4, but you receive the message
"Request timed out."
You need to configure the desktop to reply on ping requests.
From the Windows Firewall with Advanced Security window, which inbound rule should you
modify? (To answer, select the appropriate inbound rule in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.howtogeek.com/77132/how-to-enable-ping-echo-replies-in-windows-8/
How to Enable Ping Echo Replies in Windows 8
When you ping a PC running Windows 8, by default it doesn’t reply to the echo request. This is caused by
a firewall rule that blocks all incoming ICMP packets, but this can be changed quickly in the Advanced
Firewall Settings instead of disabling the entire firewall.
When the Windows Firewall with Advanced Security snap-in opens, click on inbound rules.
..
Now scroll through the list of inbound rules until you find a rule called File and Printer Sharing (Echo Request
– ICMPv4-In). Right click on the rule and select Enable rule.
Note: There is a different rule depending on your network location, there is a one rule that covers Public
and Private network locations and a separate rule for the Domain network location. Also this will only allow
ICMPv4 packets, if you want be to hear IPv6 echo requests there are two rules below the ICMPv4
rules to enable this functionality.
Once enabled the rule will turn green.
Now your PC will be able to answer the echo requests.
QUESTION 257
You administer Windows 8.1 Pro computers in your company network, including a computer
named Client1.
On Client1, you create a new folder named C:\Folder1 and configure its NTFS permissions.
You need to ensure that only members of a group named Managers can access the folder content.
In the Advanced Security Settings for Folder1 pane, which security setting should you
configure? (To answer, select the appropriate setting in the answer area.)
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
If you remove all inherited permissions on this particular folder, only the Managers will have left permissions
on it.
Explanation:
QUESTION 258
A company has 100 client computers.
The company plans to deploy Windows 8.1 to the client computers and utilize the following
features:
Microsoft Hyper-V 3.0
Snap
Secure boot
You need to establish whether the current hardware supports the features.
What hardware is required to enable each of the features? (To answer, drag the appropriate
hardware requirements to the correct location or locations in the answer area. Requirements may
be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/b8/archive/2011/09/07/bringing-hyper-v-to-windows-8.aspx
Bringing Hyper-V to “Windows 8”
.. Hyper-V requires a 64-bit system that has Second Level Address Translation (SLAT). SLAT is a feature
present in the current generation of 64-bit processors by Intel & AMD. You’ll also need a 64-bit version of
Windows 8, and at least 4GB of RAM. Hyper-V does support creation of both 32-bit and 64-bit operating
systems in the VMs.
..
http://windowsitpro.com/windows-8/q-what-resolution-do-windows-8-metro-ui-and-snap-feature-require
Q: What resolution do the Windows 8 Metro UI and Snap feature require?
..To use the Snap application capability, which allows two Metro applications to appear on the screen at
the same time with one application using up most of the screen and the other giving a summary view, you
need a resolution of 1366x768.
http://technet.microsoft.com/en-us/library/hh824987.aspx
Secure Boot Overview
.. Manufacturing Requirements
Secure Boot requires a PC that meets the UEFI Specifications Version 2.3.1, Errata C or higher.
Secure Boot is supported for UEFI Class 2 and Class 3 PCs. For UEFI Class 2 PCs, when Secure Boot is
enabled, the compatibility support module (CSM) must be disabled so that the PC can only boot authorized,
UEFI-based operating systems.
Secure Boot does not require a Trusted Platform Module (TPM).
QUESTION 259
You administer Windows 8.1 client computers in your company network. A computer has a
simple (no resiliency) storage space configured. The storage space is assigned to drive letter E.
You plug an eSATA drive into the computer and extend the storage space.
You need to unplug the eSATA drive without deleting existing data from the storage space.
Which three actions should you perform in sequence? (To answer, move the appropriate three
actions from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Note:
QUESTION 260
You manage Windows 8.1 client computers.You have the following client computer update requirements:
Ensure that all client computers check for updates twice a day.
Install all critical and available updates, including updates that require a
restart, each day.
Restart client computers at 11:00 P.M. if required.
Distribute all updates from a Windows Server Update Services (WSUS)
server on the local network
.
You need to deploy Group Policy settings to the client computers to meet the update
requirements.
Which Group Policy settings should you enable and configure? (To answer, drag the appropriate
Group Policy settings to the correct location or locations in the answer area. Group Policy
settings may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 261
You install Windows 8.1 Enterprise on a new laptop that will be shipped to a remote user. You
logon to the laptop with the user credentials, map network drives, and configure the network
drives to be always available offline.
Company policy requires that files with a .db1 extension should be excluded from offline file
synchronization.
You need to prevent the user from creating files with a .dbl extension on the mapped drives.
In the Local Group Policy Editor, which setting should you configure? (To answer, select the
appropriate setting in the answer area.)
Answer:
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 262
You are a system administrator for Fabrikam, Inc.
You are upgrading an end user's computer to Windows 8.1.
You need to evaluate the system's readiness for the upgrade. The computer properties are
displayed in the graphic below:
Use the drop-down menus to select the answer choice that completes each statement. Each
correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/system-requirements
System requirements
Windows 8.1
If you want to run Windows 8.1 on your PC, here's what it takes:
Processor: 1 gigahertz (GHz) or faster with support for PAE, NX, and SSE2 (more info)
RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
Hard disk space: 16 GB (32-bit) or 20 GB (64-bit)
Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
http://www.techsoup.org/support/articles-and-how-tos/how-to-upgrade-to-windows-8
How to Upgrade to Windows 8.1
..
Installing Windows 8.1
Once you decide to make the switch to Windows 8.1, you have a few options for deploying it. If you are
upgrading from Windows 7, you can do an in-place upgrade. Your system settings, as well as your installed
applications and user settings, are preserved. This requires minimal reconfiguration, and you won't
need to re-install your programs after you've upgraded.
You can also opt to upgrade from Windows 7 to Windows 8.1 through a custom install, which is also
known as a "clean" install. This means your programs, files, and settings are not preserved. You will need
to back up your files and programs before upgrading and then re-install them afterwards.
..
Further Information:
http://technet.microsoft.com/en-us/library/jj203353.aspx
Windows 8 and Windows 8.1 Upgrade Paths
QUESTION 263
You administer Windows 8.1 Pro computers in your company network, including a computer
named Wst1. Wst1 is configured with multiple shared printer queues.
Wst1 indicates hardware errors. You decide to migrate the printer queues from Wst1 to a new
computer named Client1.
You export the printers on Wst1 to a file. You need to import printers from the file to Client1.
From the Print Management console, which Print Management node should you select? (To
answer, select the appropriate node in the answer area.)
Answer:
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc722360.aspx
Migrate Print Servers
You can export print queues, printer settings, printer ports, and language monitors, and then import them
on another print server running a Windows operating system. This is an efficient way to consolidate multiple
print servers or replace an older print server.
...
To migrate print servers by using Print Management
1. Open Print Management.
2. In left pane, click Print Servers, right-click the print server that contains the printer queues that you
want to export, and then click Export printers to a file. This starts the Printer Migration Wizard.
3. On the Select the file location page, specify the location to save the printer settings, and then click Next
to save the printers.
4. Right-click the destination computer on which you want to import the printers, and then click Import
printers from a file. This launches the Printer Migration Wizard.
5. On the Select the file location page, specify the location of the printer settings file, and then click Next.
6. On the Select import options page, specify the following import options:
* Import mode. Specifies what to do if a specific print queue already exists on the destination computer.
* List in the directory. Specifies whether to publish the imported print queues in the Active Directory
Domain Services.
* Convert LPR Ports to Standard Port Monitors. Specifies whether to convert Line Printer Remote
(LPR) printer ports in the printer settings file to the faster Standard Port Monitor when importing printers.
7. Click Next to import the printers.
...
Reference:http://blogs.technet.com/b/canitpro/archive/2013/06/17/step-by-step-install-use-andremovewindows-server-migration-tools.aspx
QUESTION 264
You are setting up a Windows 8.1 computer.
The computer's network connections are shown in the Network Connections exhibit (Click the
Exhibit button.)
The computer's network settings are shown in the Network Settings exhibit. (Click the Exhibit
button.)
Advanced TCP/IP settings are shown in the Advanced TCP/IP Settings exhibit. (Click the
Exhibit button,)
Consider each of the following statements. Does the information in the three screenshots support
the inference as stated? Each correct selection is worth one point.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
http://www.virtualizationadmin.com/articles-tutorials/microsoft-hyper-v-articles/networking/virtualnetworkinghyper-v-part4.html
Virtual Networking for Hyper-V (Part 4)
QUESTION 265
You have a portable computer that runs Windows 8.1. You are creating a backup plan.
You have the following requirements:
Automatically back up the files in your Documents folder every hour.
Ensure that you can recover different versions of the backed-up files.
Do not back up the Windows operating system files.
You need to configure the computer to meet the requirements.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Create a volume mount point in your Documents folder.
Connect an external hard drive to the computer.
Schedule a task to create a restore point every hour.
Create a recovery drive on drive C.
Turn on File History.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
File History only backs up data in libraries, favorites, desktop, and contacts and must use a non- system drive for backup.
http://blogs.windows.com/windows/b/extremewindows/archive/2012/12/20/a-new-way-to-backup-file- history-in-windows-8.aspx
A New Way to Backup: File History in Windows 8
File History is a new feature in Windows 8 that helps to ensure that your personal files are safe. In addition to being a backup solution, File History also provides
the capability to restore multiple backup copies (versions) of your files. File history in Windows 8 is easy to setup, powerful, and reliable. This means you can have
more confidence when working with files, and also keep less redundant copies around for your own personal "data history". You can easily configure File History to
protect some or all of the files that are in your libraries on Windows 8. You can add folders to your libraries easily in Windows 8, giving you the ability to use File
History with any group of folders and files that you choose.
QUESTION 266
A company has client computers that run Windows 8.1.
You install a new device on a client computer. The device installation includes an application that runs when the computer starts. You experience problems with the
application.
You need to prevent the application from running when the computer starts, without affecting any other application.
What should you do?
A.
B.
C.
D.
Configure the application by using Task Manager.
Run the bcdedit command.
Configure the device by using Device Manager.
Run the msconuig command.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
It's a new feature of Windows 8.1
http://pcworld.co.nz/pcworld/pcw.nsf/feature/20-essential-windows-8-tips-and-tricks
QUESTION 267
A company has client computers that run Windows 8.1. Finance department employees store files in the C:\Finance directory. File History on.
A Finance department employee attempts to restore a file to a previous version by using File History. The file is not available to restore.
You need to establish why the file history is not available and ensure that it is available in the future.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Set the Protection Settings for drive C to On.
Restore the data files from the Previous
Versions tab located in the folder properties.
Review the File History backup log.
Move the file into a library.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
File History only backs up data in libraries, favorites, desktop, and contacts and must use a non- system drive for backup.
Since File History is already on we can assume the drive doesn't need to be changed. So we should review the log and move the file to a library.
Volume shadow copy has been replaced with File History: http://msdn.microsoft.com/en- .
us/library/windows/desktop/hh848072(v=vs.85)
Explanation:
http://blogs.windows.com/windows/b/extremewindows/archive/2012/12/20/a-new-way-to-backup-file-history-in- windows-8.aspx
A New Way to Backup: File History in Windows 8
File History only backs up data in libraries, favorites, desktop, and contacts and must use a non-system drive for backup.
Since File History is already on we can assume the drive doesn't need to be changed. So we should review the log and move the file to a library.
QUESTION 268
An organization has client computers that run Windows 7.
You install the Windows Assessment and Deployment Kit (ADK) in the environment.
You capture user settings and data files to a network share, and then perform a clean installation of Windows 8.1 on the client computers.
You need to apply the user profiles from the Windows 7 installation to the Windows 8.1 installation.
What should you do?
A.
B.
C.
D.
E.
Run the Ioadstate command.
Copy the Default Profile to a folder on drive C.
Run the scanstate command.
Run Windows Easy Transfer and select the user profile to migrate.
Run the ImageX command
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://4sysops.com/archives/windows-8-migration-user-data-and-settings/ Windows 8 migration User data and settings
...
User State Migration Tools (USMT)
You can extract the USMT tools from the Windows ADK.
USMT is revised to version 5.0 for Windows Server 2012 and Windows 8, and consists of the following three programs:
Scanstate.exe: This tool performs the user state backup
Loadstate.exe: This tool performs the user state restore
Usmtutils.exe: This tool enables you to verify compressed migration store files as well as extract contents from them
QUESTION 269
A company has client computers that run Windows 8.1. Each employee has one client computer at the office. Some employees also have personal computers at
home.
The company has applications that run only on Windows 8.1.
You need to deploy Windows To Go so that employees can run the applications on their home computers.
Which two command-line tools should you use? (Each correct answer presents part of the solution. Choose two.)
A. isoburn
B. BdeHdCfg
C. ImageX
D. bcd boot
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
If you get DISM as an additional option in this question, I would select DISM. DISM is already integrated in the Windows 8.1 OS and it is the newer feature than
ImageX.
To use ImageX we have to install Windows 8.1 AIK first.
QUESTION 270
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 7.
You plan to upgrade the client computers to Windows 8.1 Pro.
You need to choose the methods that do not require the manual entry of a product key during the upgrade.
Which two methods should you choose? (Each correct answer presents a complete solution.
Choose two.)
A.
B.
C.
D.
Use the Windows 8.1 online upgrade tool.
Use Group Policy to assign the Windows 8.1 installation file to the client computers.
Use the Microsoft Deployment Toolkit.
Extract the contents of the Windows 8.1 .iso image file to a new shared folder and run the setup program from that folder.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://msdn.microsoft.com/en-us/library/dn475741.aspx
Microsoft Deployment Toolkit
The Microsoft Deployment Toolkit (MDT) provides a unified collection of tools, processes, and guidance for automating desktop and server deployments. In addition
to reducing deployment time and standardiz- ing desktop and server images, MDT offers improved security and ongoing configuration management.
http://www.technize.net/install-windows-8-install-pxe-boot-network-lan/ How To Install Windows 8 Over The Network (LAN)
..
6. Now share the folder in which Windows 8 setup files are located. At least one user should be able to read the network folder to be able to run the setup remotely.
..
http://technet.microsoft.com/en-us/library/hh824952.aspx
Windows Setup Edition Configuration and Product ID Files (EI.cfg and PID.txt) Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012
R2
The edition configuration (EI.cfg) file and the product ID (PID.txt) file are optional configuration files that you can use to specify the Windows® product key and the
Windows edition during Windows installation. You can use these files to automate the product-key entry page in Windows Setup instead of using an answer file. If
you use an EI.cfg file to differentiate volume license media, but you do not include a PID.txt file, the user receives a prompt for a product key to continue Windows
Setup.
You can reuse the product key in the product ID file for multiple installations. The product key in the product ID file is only used to install Windows. This key is not
used to activate Windows.
QUESTION 271
A company has 100 client computers that run Windows XP 64-bit Edition.
You are deploying new computers that run a 32-bit version of Windows B.
You need to transfer the contents of each user's Documents folder to the new computer by using the least amount of administrative effort.
What should you do?
A. Back up the folders by running the NTBackup command.
Then restore the backup to the new computer.
B. Manually copy the folder content to a USB flash drive.
Then paste the files to the new computer.
C. Use Windows Easy Transfer.
D. Use the User State Migration Tool.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Great Lake Bunyip from Australia:
Windows Easy Transfer can't transfer files from a 64-bit version of Windows to a 32-bit version of Windows. If you're transferring from a 64-bit version of Windows
Vista to a 32-bit version of Windows 7, you can move your files manually, or use Backup and Restore in Windows Vista. For more information, see Back up your
files and Restore a backup created on a previous version of Windows on the Windows website. If you're transferring from a 64-bit version of Windows XP, you'll
need to move your files manually.
http://windows.microsoft.com/en-AU/windows7/transferring-files-and-settings-frequently-asked- questions
Windows Easy Transfer can transfer:
Files and folders including photos, music, videos, documents, email messages and contacts User accounts and user account settings
Application configuration data files and settings
Several Windows configuration settings stored in the registry The program does not support transferring entire applications themselves and system files such as
fonts and drivers.
Explanation:
http://windows.microsoft.com/en-au/windows/transferring-files-settings-faq#1TC=windows-7 Transferring files and settings: frequently asked questions
Windows Easy Transfer can't transfer files from a 64-bit version of Windows to a 32-bit version of Windows.
..
If you're transferring from a 64-bit version of Windows XP, you'll need to move your files manually.
..
Further information:
http://www.microsoft.com/en-us/download/details.aspx?id=4220 NTBackup
Windows NT Backup - Restore Utility
Utility for restoring backups made on Windows XP and Windows Server 2003 to computers running Windows Vista and Microsoft® Windows Server® 2008.
http://www.techrepublic.com/blog/windows-and-office/restore-a-windows-xp-backup-in-windows-8/ Restore a Windows XP backup in Windows 8
Regardless of your situation, you will not be happy to learn that Windows 8's backup and restore tools are completely different from the Backup Utility that came
with Windows XP and as such the backup files are incompatible. You'll also not be happy to learn that while Microsoft provided supplemental utilities that were
designed to allow you to restore a Windows XP backup in Windows Vista and for Windows 7; they haven't done so for Windows 8. And, to add insult to injury,
neither of the previous supplemental utilities will work in Windows 8.
http://windowsitpro.com/windows-xp/windows-xp-migration-user-state-migration-toolkit-usmt The Microsoft User State Migration Toolkit (USMT) is a set of
command-line tools that allow you to extract settings and data from one computer and transfer them to another computer.
USMT 5.0 supports running the ScanState component on the following operating systems:
Windows XP Professional (x86 and x64)
Windows Vista (x86) and (x64)
Windows 7 (x86) and (x64)
Windows 8.1/8 (x86) and (x64)
It's important to note that LoadState is supported only on computers running the following operating systems:
Windows Vista (x86) and (x64)
Windows 7 (x86) and (x64)
Windows 8.1/8 (x86) and (x64)
Although you can migrate data from a client running an x86 version of Windows to a client running an x64 version of Windows (and x86 client to x86 client, or x64
client to x64 client), you can't migrate data from a client running an x64 version of Windows to a client running an x86 version of Windows.
QUESTION 272
A company has 100 client computers that run Windows 8.1.
You plan to install a custom app that requires a license key.
You need to ensure that the installation process does not prompt for the manual entry of a license key.
What should you do?
A.
B.
C.
D.
Install and run the Microsoft Deployment Toolkit.
Install and run the Microsoft Assessment and Planning Toolkit.
Install and run the Windows App Certification Kit.
Install and run the Windows Application Compatibility Toolkit.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://tweaks.com/windows/65179/how-to-install-windows-8-without-a-product-key/ Windows Assessment and Deployment Kit for Windows 8.1:
http://technet.microsoft.com/en-us/library/hh825212.aspx
Step-by-Step: Windows 8 Deployment for IT Professionals
This guide uses the tools included in the Windows Assessment and Deployment Kit (Windows ADK). This includes Windows System Image Manager (Windows
SIM), the Deployment Imaging Servicing and Man- agement tool (DISM), and Windows Preinstallation Environment (Windows PE). In addition to the tools that this
guide describes, other tools are available in the Windows ADK that you can use to prepare your organization for migrating to Windows 8 and Windows 8.1:
http://technet.microsoft.com/en-us/library/hh825079.aspx
DISM Global Options for Command-Line Syntax
Global options can be added to most of the servicing and imaging options in the Deployment Image Ser- vicing and Management (DISM) tool. These options can be
used to access the command-line help, specify the location of files to use, and control logging.
Basic Syntax for Servicing Commands
After you have mounted or applied a Windows® image so that it is available offline as a flat file structure, you can specify any DISM global options, the servicing
option that will update your image, and the location of the offline image. You can use only one servicing option per command line.
If you are servicing a running computer, you can use the /Online option instead of specifying the location of the offline Windows image. The commands and options
that are available for servicing an image depend on which Windows operating system you are servicing. They also depend on whether the image is offline or a
running operating system. All commands work on an offline Windows image. Subsets of the commands are available for servicing a running operating system.
The base syntax for DISM servicing commands is:
DISM.exe {/Image:<path_to_image> | /Online} [dism_global_options] {servicing_option} [<servicing_argu- ment>]
http://technet.microsoft.com/en-us/library/hh824882.aspx
DISM App Package (.appx or .appxbundle) Servicing Command-Line Options
You can use app package-servicing commands to add, remove, and list provisioned app packages (.appx or .appxbundle) in a Windows image. An .appxbundle,
new for Windows 8.1, is a collection of app and resource packages used together to enrich the app experience, while minimizing the disk footprint on a given PC.
Provisioned app packages are added to a Windows image and are then installed for every new or existing user profile the next time the user logs on. For more
information, including requirements for app package provisioning, see Sideload Apps with DISM.
You can also use Windows PowerShell to add, remove, and list app packages (.appx or .appxbundle) per image or per user in a Windows installation.
http://technet.microsoft.com/en-us/library/hh852635.aspx
Sideload Apps with DISM
You can sideload line-of-business (LOB) Windows Store apps to a Windows® image by using Windows PowerShell® or the Deployment Image Servicing and
Management (DISM) platform. Windows Store apps are a new type of application that runs on:
Windows 8.1 devices
Windows 8 devices
Windows Server 2012 R2 devices
Windows Server 2012
Windows Embedded 8 Industry
Typically, Windows Store apps are available only through the Windows® Store. You can submit LOB Windows Store apps to the Windows Store and make them
available outside of your enterprise. However, you can also develop Windows Store apps for use only within your enterprise and add them to Windows devices you
manage through a process we call sideloading. Sideloaded apps do not have to be certified by or installed through the Windows Store.
Further information:
http://msdn.microsoft.com/en-us/library/bb977556.aspx
Microsoft Assessment and Planning Toolkit
The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop,
server and cloud migrations. MAP provides detailed readiness assessment reports with extensive hardware and software information, and actionable
recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current
environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization
candidate assessments.
http://msdn.microsoft.com/en-us/windows/apps/bg127575.aspx
Windows App Certification Kit
Before you submit your app for certification and listing in the Windows Store, use the Windows App Certi- fication Kit to test your app and make sure it's ready to go.
http://msdn.microsoft.com/en-us/library/windows/desktop/dd562082%28v=vs.85%29.aspx Application Compatibility Toolkit (ACT)
The Microsoft Application Compatibility Toolkit (ACT) is a lifecycle management tool that assists in identifying and managing your overall application portfolio,
reducing the cost and time involved in resolving application compatibility issues, and helping you quickly deploy Windows and Windows updates.
QUESTION 273
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are members of the domain. Client computers
maintain a list of sites in the Internet Explorer Restricted Sites security zone.
Users of one client computer are able to download and install an application from a site within the Restricted Sites zone.
You need to ensure that users of the computer can install applications only from sites that are not in the Restricted Sites zone.
What should you do?
A.
B.
C.
D.
E.
Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
Configure the Software Restriction Policy settings in the local Group Policy of the computer.
Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
Run the Cet-AppLockerPolicy Windows PowerShell cmdlet.
Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Only Software Restriction policy allows for the control of applications from a network zone; AppLocker does not.
Further information:
http://technet.microsoft.com/en-us/library/ee176961.aspx
Using the Set-ExecutionPolicy Cmdlet
The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer.
http://technet.microsoft.com/en-us/library/ee460964.aspx
Get-AppLockerPolicy
Gets the local, effective, or domain AppLocker policy.
http://technet.microsoft.com/en-us/library/dd723678%28v=ws.10%29.aspx AppLocker
You can use AppLocker as part of your overall security strategy for the following scenarios:
Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications. Implement application control policy to satisfy security policy or compliance requirements in your
organization.
http://technet.microsoft.com/en-us/library/ee619725%28v=ws.10%29.aspx#BKMK_WhatisAppLocker AppLocker: Frequently Asked Questions
...
Understanding AppLocker - What is AppLocker?
AppLocker is a feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that advances the functionality of the Software Restriction
Policies feature.
In Windows Server 2008 R2 and Windows 7, you can manage four types of files: executable (.exe), Windows Installer (.msi and .msp), script (.bat, .cmd, .js, .ps1,
and .vbs), and DLL (.dll and .ocx). Each of these file types is managed in its own rule collection.
In Windows Server 2012 and Windows 8, in addition to the file types, you can manage .mst and .appx files with AppLocker.
QUESTION 274
You are planning to deploy Windows 7.
You have a custom line-of-business application that is not compatible with Windows 7. You need to design a solution that allows the application to run.
What should you do?
A.
B.
C.
D.
Use the Windows Compatibility Evaluator.
Use the Setup Analysis Tool.
Use the Compatibility Administrator.
Use the Update Compatibility Evaluator.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Compatibility Administrator tool can help you to resolve many of your compatibility issues by enabling the creation and the installation of application mitigation
packages (shims), which can include individual compatibility fixes, compatibility modes, and AppHelp messages. The flowchart in Figure illustrates the steps
required while using the Compatibility Administrator to create your compatibility fixes, compatibility modes, and AppHelp messages. http://sourcedaddy.com/
windows-7/using-the-compatibility-administrator.html
QUESTION 275
Your company is planning to deploy Windows 7 to all client computers.
You have the following requirements:
Test an application to detect potential compatibility issues caused by User Account Control (UAC). Monitor an applications operating system use. You need to select
the appropriate method to detect application compatibility issues.
What should you do?
A.
B.
C.
D.
Use the Setup Analysis Tool in a virtual environment.
Use the standalone Setup Analysis Tool.
Use the Standard User Analyzer Wizard.
Use the Standard User Analyzer tool.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Standard User Analyzer (SUA) tool enables you to test your applications to detect potential compatibility issues due to the User Account Control (UAC) feature.
http://technet.microsoft.com/en-us/library/cc765948(v=ws.10).aspx
QUESTION 276
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows 7 computers.
You are planning to deploy a custom application.
You need to schedule the deployment to occur outside of business hours and without user interaction.
Which deployment method should you choose?
A. Lite Touch Installation
B. software deployment with Microsoft System Center Configuration Manager 2007
C. software installation with Group Policy
D. Microsoft Application Virtualization (App-V)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft System Center Configuration Manager 2007 able to set schedule to deploy (text book) hints: without user interaction = zero touch
QUESTION 277
Your network has 1,000 client computers that run Windows 7.
You plan to deploy a new application.
You need to ensure that the application deploys only during non-business hours.
What should you do?
A.
B.
C.
D.
Use Group Policy.
Use Microsoft System Center Configuration Manager.
Use Windows Deployment Services with a schedule cast.
Use a logon script.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft System Center Configuration Manager able to schedule task (Text Book)
QUESTION 278
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows Vista computers.
You are planning to deploy Windows 7 and a custom application.
You have the following requirements:
The application must be available to only a specific group of users.
You must be able to monitor application usage.
You need to design a deployment method for the custom application that meets the requirements. Which deployment method should you use in your design?
A.
B.
C.
D.
software installation in Group Policy
Microsoft Application Virtualization (App-V)
baseline Windows 7 image that includes the custom application
startup scripts in Group Policy
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
MS App-V thus allows centralized installation and management of deployed applications. It supports policy based access control; administrators can define and
restrict access to the applications by certain users by defining policies governing the usage. App-V can require that applications not be run 'cached' from
workstations, or require that 'cached' App-V applications routinely update license information from the App-V server, enforcing license compliance. These policies
are centrally applied on the application repository. App-V also allows copy of the applications across multiple application servers for better scalability and fault
tolerance, and also features a tracking interface to track the usage of the virtualized application.
http://en.wikipedia.org/wiki/Microsoft_App-V
QUESTION 279
Your companys network has client computers that run Windows 7.
A software vendor releases version 2 of an application that your company uses.
Your company currently uses version 1.
Version 1 and version 2 are not compatible.
You plan to deploy version 2 of the application.
You have the following requirements:
Users must be able to run both versions of the application on their computers.
Version 2 must be available when a client computer is not connected to the network.
You need to plan a software deployment process that meets the requirements.
What should you do?
A. Deploy version 2 of the application by using a Microsoft System Center Configuration Manager package.
B. Deploy version 2 of the application by using a Group Policy Software Installation policy.
C. Deploy version 2 of the application as a Remote Desktop Services RemoteApp.
D. Deploy version 2 of the application by using Microsoft Application Virtualization (App-V).
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft Application Virtualization (MS App-V) platform allows applications to be deployed in real-time to any client from a virtual application server. It removes the
need for local installation of the applications. Instead, only the App-v client needs to be installed on the client machines. All application data is permanently stored on
the virtual application server. Whichever software is needed is either streamed or locally cached from the application server on demand and run locally. The App-V
stack sandboxes the execution environment so that the application does not make changes to the client itself (OS File System and/or Registry). App-V applications
are also sandboxed from each other, so that different versions of the same application can be run under App-V concurrently.
http://en.wikipedia.org/wiki/Microsoft_App-V
QUESTION 280
Your network has client computers that run Windows XP. Users do not have administrative rights to their local computers. You use Windows Server Update
Services (WSUS) to manage software updates.
You are planning to deploy Windows 7. Your company uses a custom application that is not compatible with Windows 7.
You need to ensure that all users are able to run the custom application.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
Install and register a shim on the WSUS server.
Install and register a shim on the client computers by using Group Policy.
Deploy and register the compatibility-fix database file to the client computers by using a computer startup script.
Deploy and register the compatibility-fix database file to the client computers by using a user startup script.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 281
Your companys client computers run Windows 7. Your companys network has a wireless access point (WAP).
A user reports that he regularly loses connectivity to the WAP. You need to display information about client connectivity to the WAP.
http://www.gratisexam.com/
What should you do?
A.
B.
C.
D.
Use Event Viewer to view events from a source of WlanConn.
Use auditpol.exe to enable successful attempts in the Object Access category.
Use Event Viewer to view events from a source of WLAN AutoConfig.
Use auditpol.exe to enable failed attempts in the Object Access category.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
WLAN AutoConfig service is built-in tool in Windows 7 that can be used to detect and connect to wireless network,
http://www.home-network-help.com/wlan-autoconfig-service.html
QUESTION 282
Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. The design of the domain and Group Policy
object (GPO) is shown in the following diagram.
You configure Group Policy preferences to define mapped drives in the Boston staff GPO.
Users in the Boston organizational unit (OU) then report that the mapped drives are not available
You need to identify and resolve Group Policy issues to ensure that the mapped drives are available.
What should you do?
A.
B.
C.
D.
Enable loopback processing in Replace mode.
Enable loopback processing in Merge mode.
Enable the computer configuration settings.
Enable the user configuration settings.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 283
You deploy Windows 7 and several custom Internet Explorer add-ons to 1,000 client computers. Internet Explorer closes when users run a specific Web application.
You need to find out whether an add-on is the cause of the problem. What should you do?
A.
B.
C.
D.
Use Group Policy to disable the Programs tab in Internet Explorer for all client computers.
Use Group Policy to turn on Internet Explorer 7 Standards mode.
Start Internet Explorer in No Add-ons mode.
Reset all Internet Explorer security zones to the default levels.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 284
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 client computers.
You are planning to deploy Windows 7 Enterprise to the client computers. You need to design a zero-touch installation strategy.
What should you use in your design?
A.
B.
C.
D.
custom Windows 7 image on DVD
unattended installation
Windows Deployment Services (WDS)
Microsoft System Center Configuration Manager 2007 R2
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft Deployment Toolkit (MDT) 2010 is a Microsoft solution accelerator available at no cost for deploying Windows operating systems. Based on the
experience of Microsoft employees, partners, and customers, MDT 2010 contains many thousands of lines of code--code that provides a deployment framework so
that customers can focus on their business, not on programming. Integrating MDT 2010 with Configuration Manager 2007 R2 helps large organizations use this
framework to more easily implement the Zero-Touch, High-Volume Deployment strategy.
Benefits of integrating MDT 2010 with Configuration Manager 2007 R2 in the Zero-Touch, High-Volume
Deployment strategy include:
- Streamlined deployment, because installation is fully automated without interaction.
- Lower support costs, because configurations are consistent across all client computers.
- Streamlined maintenance, because Configuration Manager 2007 R2 handles applications, device drivers, and updates.
http://technet.microsoft.com/en-us/library/dd919178(v=ws.10).aspx
QUESTION 285
Your company has client computers that run Windows Vista. The company plans to upgrade the Windows Vista computers to Windows 7. The current configuration
of all client computers in your company is based on a common Windows Vista image. Some branch offices use WAN connections to connect to the main office.
You have the following requirements:
Transfer all user data from the original Windows Vista installation to the new Windows 7 installation.
Use the least amount of bandwidth while transferring the user data. Support the same migration strategy for all offices.
You need to design a user state migration strategy that supports the requirements.
What should you do?
A.
B.
C.
D.
Use the Deployment Image Servicing and Management (DISM) tool.
Use the User State Migration Tool (USMT) and a hard-link migration store.
Use Windows PE to perform an offline migration.
Use the multicast feature of Windows Deployment Services (WDS).
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
A and B is not use for user state migration
C is the best tool to do that
QUESTION 286
You are designing a Windows 7 deployment image.
You plan to install Windows 7 Enterprise with a Multiple Activation Key (MAK). You need to add the MAK to the configuration pass by using an answer file.
To which configuration pass should you add the MAK?
A.
B.
C.
D.
the WindowsPE configuration pass
the Generalize configuration pass
the AuditSystem configuration pass
the Specialize configuration pass
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
As a single key is used, you can add MAK keys images when deploying them centrally. When using the Sysprep utility to prepare an image, you add a MAK key to
an image during the Specialize configuration pass. When performing a traditional installation, you can enter MAK keys in the same way that you would enter a retail
key. The main issue that requires consideration when using a MAK key is how you will perform activation. http://blogs.msdn.com/b/microsoft_press/
archive/2010/10/27/new-book-mcitp-self-paced- training-kit-exam-70-686-windows-174-7-enterprise-desktop-administrator.aspx
QUESTION 287
All client computers in your network run Windows XP. Some of the computers are part of a secure network. Some of the computers connect to the network by using
virtual private networking (VPN).
You are planning to deploy Windows 7.
You have the following requirements:
Use a dedicated server for deployment.
Use a single operating system image for deployment.
Ensure that you can use removable media to deploy the image.
Ensure that you can select which applications are installed onto a client computer at the time of deployment.
You need to design a deployment strategy that meets the requirements.
What should you do?
A. Use the Microsoft Deployment Toolkit to perform a lite-touch installation.
B. Use Windows Deployment Services on a network server to deploy Windows 7 by using an install image.
C. Using a Windows PE boot media, use ImageX to apply the image from a network share to the client computers.
D. Use System Center Configuration Manager 2007 R2 to perform a zero-touch installation.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 288
You have a single Active Directory domain. All domain controllers run Windows Server 2003 with Service Pack 1 (SP1).
You plan to store Windows BitLocker Drive Encryption recovery passwords in Active Directory. You need to recommend the solution that uses the least amount of
administrative effort.
What should you recommend?
A.
B.
C.
D.
Upgrade the domain controller that has the role of operations master to Windows Server 2008 R2.
Upgrade all domain controllers to Windows Server 2008 R2.
Upgrade all domain controllers to Windows Server 2003 SP2.
Extend the Active Directory schema.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory
This section provides information about how BitLocker and TPM recovery information can be backed up in Active Directory.
By default, no recovery information is backed up. Administrators can configure Group Policy settings to enable backup of BitLocker or TPM recovery information.
Before configuring these settings, as a domain administrator you must ensure that the Active Directory schema has been extended with the necessary storage
locations and that access permissions have been granted to perform the backup.
http://technet.microsoft.com/en-us/library/cc766015(v=ws.10).aspx
QUESTION 289
You create a Windows 7 deployment image that includes custom Internet Explorer branding and search providers.
Your company decides to deploy all custom settings by using Group Policy. You need to restore the Internet Explorer settings in the deployment image to the
Microsoft default settings.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Use the Reset Internet Explorer Settings (RIES) feature, and run the Remove Branding process on the deployment image.
Update the Internet Explorer Maintenance policy processing Group Policy object (GPO) settings for all computers.
Update the Internet Explorer Manage Add-ons settings for all computers.
Use the Reset Internet Explorer Settings (RIES) feature, and run the Reset process on the deployment image.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Reset Internet Explorer settings Deletes all temporary files, disables browser add-ons, and resets all the changed settings to factory settings. It can be used if the
browser is in an unusable state.
http://en.wikipedia.org/wiki/Internet_Explorer_7
QUESTION 290
Your company has an Active Directory Domain Services (AD DS) forest with a single domain. The domain, organizational unit (OU), and Group Policy object (GPO)
design is shown in the following diagram.
The NY Computers OU contains client computers that run either Windows Vista Enterprise or Windows 7 Enterprise. The New York Computers GPO defines
software restriction policies (SRPs).
You have the following requirements:
·
SRPs must be used for only Windows Vista Enterprise client computers.
·
AppLocker policies must be used for only Windows 7 Enterprise client computers.
·
AppLocker policies must be defined by using Group Policy.
You need to design an AppLocker deployment that meets these requirements.
What should you do?
A.
B.
C.
D.
Create a new GPO that has the AppLocker settings, and link it to the NY Users OU.
Define the AppLocker settings in the New York Baseline GPO.
Define the AppLocker settings in the New York Users GPO.
Create a new GPO that has the AppLocker settings, and link it to the NY Computers OU.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 291
Your network has client computers that run Windows 7. A custom Web-based application requires specific security settings. You need to prevent users from
permanently modifying their Internet Explorer browsers security settings.
What should you do?
A.
B.
C.
D.
Reset the Internet Explorer settings
Restore the advanced settings in Internet Explorer
Use Windows Internet Explorer Maintenance (IEM) extension settings in Preference mode
Use Windows Internet Explorer Maintenance (IEM) extension settings in Normal mode
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Normal mode, you can configure IEM settings so that they are refreshed on users' computers on a periodic basis (or each time the users log in). However, users
can temporarily change these settings between the times scheduled for their setting refresh. For this reason, these settings in Normal mode behave as "pseudopolicies."
In Preference mode, you can configure IEM settings, but allow users to change these settings later by using the Internet Explorer 9 user interface. http://
technet.microsoft.com/en-us/library/gg699413.aspx
QUESTION 292
You plan to use Windows PowerShell scripts to configure system settings when you deploy Windows 7.
You need to ensure that Windows PowerShell scripts will run on the client computers during initial setup.
What should you do?
A.
B.
C.
D.
Set the script execution policy to Restricted.
Set the script execution policy to RemoteSigned.
Use Group Policy preferences.
Set the script execution policy to AllSigned.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
I am not sure why the answer is A. i found some information, hope it can help to understand. =) As part of PowerShell's "secure by default" initial setup, scripts are
not allowed to be ran by the command interpreter. This behavior can be modified by changing the PowerShell execution policy. There are four execution polices to
choose from.
Restricted - The default, allows no scripts to run
AllSigned - All scripts must be Authenticode-signed to run RemoteSigned - Scripts downloaded from a remote location must be signed Unrestricted - PowerShell
will run any script, works like what you are probably used to now http://powershellscripts.com/article3_powershell_script_signing.html
QUESTION 293
Your company has offices in several countries. You must test and validate all operating system images before you deploy them.
You create a Windows 7 Enterprise master image that has all language packs installed. You test and validate the master image.
You are planning to create regional images based on the master image. Each regional image will contain only the language pack that is necessary for a specific
geographic region.
You have the following requirements:
Remove the language packs that are unnecessary for each region.
Minimize the necessary testing and validation.
You need to create the regional images.
What should you do?
A.
B.
C.
D.
Run lpksetup.exe /u in unattended mode on the master image.
Deploy the master image to a target computer. Remove the unnecessary language packs, and then capture each regional image.
Service the master image online by using the Deployment Image Servicing and Management (DISM) tool.
Service the master image offline by using the Deployment Image Servicing and Management (DISM) tool.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Deployment Image Servicing and Management (DISM) tool:
Image servicing and management solutions fall into two main categories:
Managing the data or information included in the Windows image, such as enumerating or taking an inventory of the components, updates, drivers, or applications
contained in an image. Servicing the image itself, including adding or removing driver packages and drivers, modifying language settings, enabling or disabling
Windows features, and upgrading to a higher edition of Windows.
http://technet.microsoft.com/en-us/library/dd744566(v=ws.10).aspx
QUESTION 294
You are planning the deployment of Windows 7 to computers that are located in a main office, in branch offices, and in a store kiosk.
Computers in all three types of location use the same hardware. Kiosk computers are members of a workgroup. Kiosk computers must use specific settings for
local security. Branch office computers must use BitLocker Drive Encryption.
You have the following requirements: Create deployment images. Minimize image maintenance.
You need to define an image-creation strategy that meets the requirements.
What should you do?
A.
B.
C.
D.
Create a single image to use for the branch office computers and the kiosk computers. Create a separate image to use for the main office computers.
Create a single image to use for all location types. Create a custom Windows security template for each location type.
Create one image to use for each location type. Encrypt the hard disks on the branch office computers prior to capturing the image.
Create a single image to use for the main office computers and the branch office computers, and apply the required settings through Group Policy. Create a
separate image to use for the kiosk computers.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
Kiosk is belong to workgroup, it does not support by group policy. so it must use seperate image for its own local security.
QUESTION 295
You have an image that is used to deploy Windows 7 on client computers. You need to modify the image to change the edition of Windows 7.
What should you do?
A.
B.
C.
D.
Use Windows Setup to service the image.
Service the image online.
Service the image offline.
Use audit mode to service the image.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/dd744572(v=ws.10).aspx Change the Windows Image to a Higher Edition
You can change your Windows image to a higher edition while it is offline by using the DISM commands in the following procedure. You should not use this
procedure on an image that has already been changed to a higher edition.
QUESTION 296
Your company has more than 1,000 client computers. You deploy Windows 7 by using six different images.
A driver that is included in the images needs to be replaced.
You have the following requirements:
Update the Windows 7 images with the new driver.
Ensure that the old driver is no longer available.
You need to define an image-update strategy that meets the requirements. What are two possible ways to achieve this goal? (Each correct answer presents a
complete solution. Choose two.)
A.
B.
C.
D.
Deploy each image to a reference computer, and then uninstall the old driver and install the new driver. Capture the new image.
Mount each image by using ImageX, and then install the new driver.
Mount each image by using the Deployment Image Servicing and Management (DISM) tool, and then delete the old driver and inject the new driver.
Mount each image by using the Deployment Image Servicing and Management (DISM) tool, and then copy the new driver into a new folder in the image.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
Question request add new drive and remove old driver.
QUESTION 297
You manage computers that run Windows 8.1.
You plan to install a desktop app named App1 on one of the client computers.
You need to install the app without any user interaction and without displaying a progress bar.
Which command should you run?
A.
B.
C.
D.
msiexec /i appl.msi /qb
msiexec /x appl.msi /qb
msiexec /i appl.msi /qn
msiexec /x appl.msi /qn
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc759262(v=ws.10).aspx Msiexec (command-line options)
Provides the means to install, modify, and perform operations on Windows Installer from the command line.
/i installs or configures a product
/qn displays no user interface
Further information:
/x uninstalls a product.
QUESTION 298
You update the video card driver on a portable computer that runs Windows 8.1.
When a user connects the portable computer to an external monitor, the external monitor duplicates the display on the portable computer screen.
You need to ensure that the user can display additional desktop space on the external monitor.
What should you do?
A.
B.
C.
D.
Run the DisplaySwitch /extend command.
Start the computer from the Windows 8.1 installation media and perform a system image recovery.
Roll back the video card driver to the previous version.
Run the sic /scannow command.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://jeffwouters.nl/index.php/2012/06/switch-your-display-through-the-command-line/ Switch your display through the command line
displayswitch.exe parameters:
QUESTION 299
A company has client computers that run Windows 8.1.
You attempt to roll back a driver for a specific device on a client computer.
The Roll Back Driver button is unavailable in Device Manager.
You need to roll back the driver to the previous version.
What should you do first?
A.
B.
C.
D.
In the system properties for hardware, modify the device installation settings.
Disable driver signature enforcement.
In the local Group Policy, modify the device installation restrictions.
Run Device Manager as an administrator.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc732648.aspx
Roll Back a Device Driver to a Previous Version
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review the details in "Additional considerations" in
this topic.
QUESTION 300
A company has an Active Directory Domain Services (AD DS) domain with one physical domain controller. All client computers run Windows 8.1.
A client computer hosts a Windows 8.1 virtual machine (VM) test environment. The VMs are connected to a private virtual switch that is configured as shown in the
Virtual Switch Manager exhibit. (Click the Exhibit button.)
You have the following requirements:
Configure the test environment to allow VMs to communicate with the host machine.
Minimize impact on the host machine.
You need to meet the requirements.
What should you do?
A.
B.
C.
D.
Create a new virtual switch with a Private Network [CP1] connection type.
Create a new virtual switch with an ExternalNetwork connection type.
Change the VLAN ID of the private virtual switch to Enable Virtual LAN identification.
Create a new virtual switch with an Internal Network connection type.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-2-configure-hardware-and- applications-16/
Virtual switches/ Hyper-V VLAN you can create 3 different types of virtual switches depending the needs of your virtual machines and one single machine can use
multiple virtual NICs that is member of different Virtual Switches.
External This virtual switch binds to the physical network adapter and create a new adapter you can 1.
see in Control Panel\Network and Internet\Network Connections so if a virtual machine needs contact outside the host machine this one is a must.
Internal This virtual switch can be used to connect all virtual machines and the host machine but can- 2.
not go outside that.
Private This virtual switch can only be used by the virtual host 3.
Further information:
http://technet.microsoft.com/en-us/library/cc816585%28v=ws.10%29.aspx Configuring Virtual Networks
Private will not allow communication with the host machine. External will allow communication with the host machine but also allow access to other machines on the
host machine's network which is not a requirement.
QUESTION 301
A company has client computers that run Windows 8.1. On all client computers, Internet Explorer has the Display intranet sites in Compatibility View option enabled
and the Download updated compatibility lists from Microsoft option disabled.
The corporate website was designed for a previous version of Internet Explorer. When viewed on the client computers, menus and image on the corporate website
are displayed out of place.
You need to ensure that the corporate website displays correctly on the client computers without negatively impacting the display of any other website.
What should you do?
A.
B.
C.
D.
Manually add the corporate website to the compatibility view settings.
Enable the Display all websites in Compatibility View option.
Disable the Display intranet sites in Compatibility View option.
Manually download an updated compatibility list from Microsoft.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 302
A portable computer that runs Windows 8.1 uses a mobile broadband connection for the corporate wireless network. The computer also has a wired corporate
network connection. The computer successfully downloads Windows updates when connected to either network. You need to ensure that the computer
automatically downloads updates by using Windows Update only while connected to the wired corporate network connection.
What should you do?
A.
B.
C.
D.
Set the corporate wireless network to metered.
Set the corporate wireless network to non-metered.
Configure the Specify intranet Microsoft update service location local Group Policy setting.
Configure a Windows Firewall connection security rule.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.eightforums.com/tutorials/5371-wireless-network-set-unset-metered-connection-windows-8- a.html
http://www.windowsnetworking.com/articles_tutorials/Using-Wireless-Networks-Windows-8.html
To help you gauge the amount of data usage on networks, Windows 8.1 includes a new data usage tracking and metering feature. This is especially useful when
using mobile broadband networks, as your service likely has a limit to the amount of data you can use before you're charged overage fees or the speed is throttled,
or maybe you're even on a pay-as-you-go plan that charges per usage.
By default, Windows 8.1 tracks the amount of data you transfer over Wi-Fi and mobile broadband networks. The running total (in MBs or GBs) and the time or day
since it's been tracked is displayed when you click (or tap) on a network name from the new network list, as shown in the figure below:
You can also set particular networks as a metered connection, which will then disable Windows Update from downloading updates (except for critical security
patches) and possibly disable or reduce data usage from other Microsoft and non-Microsoft applications as well.
QUESTION 303
You manage client computers that run Windows 7 and Windows 8.1.
You are configuring Windows updates for all client computers.
You have the following requirements:
All client computers must use a specific Windows Server Update Services (WSUS) server for updates.
All client computers must check for updates each hour.
You need to configure local Group Policy settings to meet the requirements.
Which three actions should you perform? (Each answer presents part of the solution. Choose three.)
A.
B.
C.
D.
E.
Configure the Automatic Maintenance Activation Boundary policy setting.
Configure the Automatic Updates detection frequency policy setting.
Enable the Specify intranet Microsoft update service location policy setting.
Enable the Configure Automatic Updates policy setting for automatic download and scheduled installation.
Enable the Reschedule Automatic Updates scheduled installations policy setting.
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/dn595129.aspx
Step 5: Configure Group Policy Settings for Automatic Updates
Automatic Updates detection frequency
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the
hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20 hour detection frequency, all clients to
which this policy is applied will check for updates anywhere between 16 and 20 hours. Note: The "Specify intranet Microsoft update service location" setting must be
enabled for this policy to have effect.
Specify intranet Microsoft update service location
Specifies an intranet server to host updates from Microsoft Update. You can then use WSUS to automatically update computers on your network.
Configure Automatic Updates
Specifies specify whether automatic updates are enabled on this computer.
Further Information:
http://technet.microsoft.com/en-us/library/dn595129.aspx
Step 5: Configure Group Policy Settings for Automatic Updates
Automatic Maintenance Activation Boundary
Starting Windows 8, you can set updates to install during automatic maintenance instead of using a specific schedule tied to Windows Update. Automatic
maintenance will install updates when the computer is not in use, and avoid installing updates when the computer is running on battery power. If automatic
maintenance is unable to install updates within days, Windows Update will install updates right away. Users will then be notified about a pending restart. A pending
restart will only take place if there is no potential for accidental data loss.
Reschedule Automatic Updates scheduled installations
Specifies the amount of time for Automatic Updates to wait following a computer startup, before proceeding with a scheduled installation that was previously
missed. If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started.
QUESTION 304
A company has client computers that run Windows 8.1.
You need to create a baseline performance report that includes disk status by using the least amount of administrative effort.
What should you do?
A.
B.
C.
D.
Start the System Diagnostics Data Collector Set.
Create and start a custom Data Collector Set.
Start the System Performance Data Collector Set.
Add counters to Performance Monitor, and then print the Performance Monitor output.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
System Diagnostics and Performance Data Collector Set both deliver the same, 17 performance counters for disk.
Don't get fooled by the word "Performance Baseline"
The System Diagnostics Report includes Basic System Checks (see below), where Disk status is listed.
This item does not appear in the System Performance Report.
QUESTION 305
A company has client computers that run Windows 8.1 in a kiosk environment.
You need to ensure that Windows updates are automatically applied and cannot be disabled by users.
What should you do?
A.
B.
C.
D.
Configure Windows Update to install updates automatically.
In the local Group Policy, enable the Turn on recommended updates via Automatic Updates policy setting.
msiexec /i app1.msi /qn
In the local Group Policy, configure the Remove access to use all Windows Update features policy setting.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
If you enable the Remove access to use all Windows Update features policy setting:
Changing the Windows Update settings will be grayed out:
Further information:
If you enable the Turn on recommended updates via Automatic Updates policy setting, even when logged with a limited rights user, you can still change the
Automatic Updates settings:
QUESTION 306
You administer Windows 8.1 Pro client computers in your company network.
You need to configure a backup and recovery solution that meets the following requirements:
Recovers the system if it doesn't start.
Recovers the system if the hard drive fails.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Turn on File History.
Create a storage space.
Configure system protection.
Create a system repair disk.
Create a system image backup.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
http://www.techrepublic.com/blog/windows-and-office/restore-windows-8-with-system-image-recovery/ Restore Windows 8 with System Image Recovery
What you need
In order to run the System Image Recovery tool as I'll describe in this article, you'll need to have created a Recovery Drive as I showed you in the article Create a
Recovery Drive in Windows 8. You'll also need a set of optical discs or on an external drive on which to create a system image of your hard disk.
Launching System Image Recovery
In the case of a hard drive failure, you can restore Windows 8 by running the System Image Recovery tool from the Recovery Drive.
QUESTION 307
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 7. You plan to upgrade the client computers to Windows
8.1 Pro.
You need to choose the methods that do not require the manual entry of a product key during the upgrade.
Which two methods should you choose? (Each correct answer presents a complete solution.
Choose two.)
A.
B.
C.
D.
Use the Volume Activation Management Tool.
Use the Microsoft Deployment Toolkit.
Use the Windows 8.1 online upgrade tool.
Create a catalog (.clg) file by using Windows System Image Manager (SIM).
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh824953.aspx
Volume Activation Management Tool (VAMT) Overview
Applies To: Windows 8, Windows 8.1
The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®,
Microsoft® Office, and select other Microsoft products volume and retail-activation process. VAMT can manage volume activation using Multiple Acti- vation Keys
(MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft
Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
Windows® 7
Windows® 8
Windows 8.1
Windows Server 2008 R2
Windows Server® 2012
Windows Server 2012 R2
http://blogs.technet.com/b/askpfeplat/archive/2013/09/16/getting-started-with-windows-deployment-for-windows- server-2012-or-windows-8-using-microsoftdeployment-toolkit-mdt.aspx Getting Started with Windows Deployment for Windows Server 2012 or Windows 8 Using Microsoft De- ployment Toolkit (MDT)
Use the Microsoft Deployment Toolkit (MDT) to accelerate and automate deployments of Windows 8, Windows Server 2012, Windows 7, Office 2010, and
Windows Server 2008 R2.
Here's a table from the MDT .chm file that lists the available wizard pages and which properties need to be configured in order to skip each wizard page:
QUESTION 308
You administer computers in your company network. All computers in the network belong to a single Active Directory Domain Services (AD DS) domain. The
network includes Windows Server 2012 servers located in a perimeter network.
You add a new Windows 8.1 computer to the perimeter network. You enable only Remote Desktop access to the Windows 8.1 computer from other computers
located outside the perimeter network.
http://www.gratisexam.com/
You need to use the Windows 8.1 computer to manage the Windows servers in the perimeter network.
What should you do?
A.
B.
C.
D.
Add the Windows 8.1 computer as a Trusted Host to the servers.
Enable PowerShell Remoting on the Windows 8.1 computer.
Add the Windows 8.1 computer as a Trusted Host to computers outside the perimeter network.
Install Remote Server Administration Tools for Windows 8.1 (RSAT) on the Windows 8.1 computer.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.microsoft.com/en-gb/download/details.aspx?id=28972 Remote Server Administration Tools for Windows 8
Remote Server Administration Tools for Windows 8 enables IT administrators to manage roles and features that are installed on computers that are running
Windows Server 2012 from a remote computer that is running Windows 8.
Further Information:
http://searchnetworking.techtarget.com/tip/Perimeter-networks Perimeter networks
A perimeter network is the network closest to a router that is not under your control. Usually a perimeter network is the final step a packet takes traversing one of
your networks on its way to the internet; and conversely the first network encountered by incoming traffic from the Internet. Most administrators create perimeter
networks in order to place their firewall in between them and the outside world so that they can filter packet traffic. Most perimeter networks are part of the DMZ
(Demilitarized Zone) if they exist at all. However, perimeter networks have some additional utilities that you might want to consider when decid- ing where to place
systems and services.
http://technet.microsoft.com/en-us/library/hh849694.aspx
Enable-PSRemoting
The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management
technology.
On Windows Server® 2012, Windows PowerShell remoting is enabled by default. You can use En- able-PSRemoting to enable Windows PowerShell remoting on
other supported versions of Windows and to re-enable remoting on Windows Server 2012 if it becomes disabled.
You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands.
Because the configuration activates listeners, it is pru- dent to run it only where it is needed.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx
Enable and Use Remote Commands in Windows PowerShell
The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows Remote Management (WinRM) service that
implements WS-Management in Windows.
...
In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer
might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local
computer in WinRM.
...
QUESTION 309
A company has 10 portable client computers that run Windows 8.1.
The portable client computers have the network connections described in the following table.
None of the computers can discover other computers or devices, regardless of which connection they use.
You need to configure the connections so that the computers can discover other computers or devices only while connected to the CorpWired or CorpWifi
connections.
What should you do on the client computers?
A. For the CorpWired connection, select yes, turn on sharing and connect to devices.
B. Change the CorpWired connection to public. Turn on network discovery for the Public profile. For the HotSpot connection, select No, don't turn on sharing or
connect to devices.
C. For the CorpWifi connection, select yes, turn on sharing and connect to devices.
D. Turn on network discovery for the Public profile.
E. Turn on network discovery for the Private profile.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The CorpWifi and HotSpot connections are already set properly. The private profile has network discovery enabled by default. So we need to deal with the
CorpWired without breaking anything else. CorpWired connection is already public so it doesn't make sense to set it again to public. Also, enabling network
discovery for the Public profile is a dangerous practice. Ideally it would be to set the CorpWired connection to private. However, since this is not one of the available options, turning on sharing basically does the same thing.
Explanation:
http://www.7tutorials.com/network-locations-explained
Simple Questions: What are Network Locations in Windows 7 & Windows 8?
Network Locations in Windows 8: Private vs Public
Windows 8 further simplifies the concept of network locations, reducing them to only two choices:
Private network - This profile should be applied to your home network or to the network from your workplace. When this profile is assigned to a network
connection, network discovery is turned on, file and printer sharing are turned on and homegroup connections are allowed. Public network - This profile is also
named Guest. It is the more secure of the two because network discovery is turned off as well as file and printer sharing. This profile should be used when
connecting to public networks you don't trust, like those found in airports, coffee shops, bars, hotels, etc. There's also a third network location profile named Domain
network. This one cannot be set by a normal user. It is available for enterprise workplaces and it is set by the network administrator. The settings applied to this
profile are those set by your company and you cannot change them.
http://www.tekrevue.com/tip/change-network-location-windows-8/ How to Change a Network Location in Windows 8
Let's get back to the Networks list: right click or press and hold your active network connection. A menu is displayed with several options, depending on the network
type.
Click or tap "Turn sharing on or off" (the only option common to both wired and wireless networks). For wired networks you will see less options being displayed din
the contextual menu. You are asked if you want to turn on sharing between PCs and connect to devices on this network.
Selecting "No, don't turn on sharing or connect to devices" is the equivalent of applying the Public profile. Selecting "Yes, turn on sharing and connect to devices" is
the equivalent of applying the Private profile.
Make your choice and the appropriate settings are applied.
QUESTION 310
You administer Windows 8.1 Pro laptops in your company network. Your network has a Remote Access Server (RAS) in a perimeter network that runs Windows
Server 2012.
All laptop users have a PPTP VPN configured on their computer. Users report that their VPN disconnects when they switch between WLAN and WWAN networks.
You need to ensure that if a VPN is disconnected, the laptop will automatically attempt to reconnect.
What should you do?
A.
B.
C.
D.
Create a new VPN connection, and the open Local Computer Policy and define Files not cached policy.
Run the netsh.exe command and include the wlan parameter
Create a new VPN connection, and disable offline files
Create a new Remote Desktop connection, and then set the Local Computer policy to Disable drives redirection for Remote Desktop Services.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 311
You administer client computers in your company network. The network includes an Active Directory Domain Services (AD DS) domain.
Employees in the human resources (HR) department are getting new Windows 8.1 Enterprise computers. The HR department uses a line of business (LOB)
Windows Store app named Timesheet that is not available in Windows Store.
You need to ensure that all employees in the HR department can use Timesheet on their new computers.
What should you do?
A.
B.
C.
D.
Use a Microsoft account to log on to each computer.
Use a local account to log on to each computer.
Activate the side loading product key on each computer.
Install and run the Windows App Certification Kit.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://msdn.microsoft.com/en-us/library/windows/apps/jj657971.aspx Deploying enterprise apps
Preparing your PCs
Windows Server 2012 and Windows 8 Enterprise editions are classified as "enterprise sideloading enabled." This means that the PCs are ready to receive the
apps that you deploy outside of the Windows Store. To make sure a PC is ready, verify that:
The PC is domain joined.
The group policy is set to Allow trusted apps to install.
If you are deploying apps to Windows 8 Pro, Windows RT, or Windows 8 Enterprise, you can configure them for sideloading apps by:
Activating the product key for enterprise sideloading on each PC.
Setting the group policy to Allow trusted apps to install.
Further Information:
http://technet.microsoft.com/en-US/windows/jj874388.aspx
Try It Out: Sideload Windows Store Apps
By now, you are familiar with Windows Store apps. There are some pretty cool ones available in the store, and publishers are adding more every week. A great
thing about Windows Store apps is they are super simple to install (and uninstall). But what about line of business (LOB) apps? You probably do not want to publish
them through the Windows Store since that would make them publically available. Instead, you can sideload LOB apps. Sideloading simply means installing a
Windows Store app without publishing it in and downloading it from the store. You install it directly.
...
Verify the Requirements
There are a small number of requirements computers must meet to sideload Windows Store apps on them. We will start with computers running Windows 8
Enterprise:
The computer running Windows 8 Enterprise must be joined to the domain. You must enable the "Allow all trusted apps to install" Group Policy setting. The app
must be signed by a \ certificate that is chained to a trusted root certificate. In many cases, the only thing you will have to do is enable the policy setting. Your
computers running Windows 8 Enterprise are already joined to the domain, and your developers will sign the app.
...
Sideload the App for a User
As promised when we started this article, sideloading the sample app is no more difficult than running a few commands in Windows PowerShell. In fact, the first
command should not really count, as it just im- ports the AppX module into Windows PowerShell.
...
Sideload the App for All Users
DISM is a command-line tool that you can use to service a Windows image -- online or offline. You can use DISM to provision a Windows Store app in an online
Windows image for all users who share the computer. To do that, you use the Add-ProvisionedAppxPackage option.
...
Use a Sideloading Product Key
Earlier in this article, we listed the requirements for sideloading Windows Store apps. The computer must be running Windows 8 Enterprise. It must be joined to the
domain, and you must enable the policy setting "Allow all trusted apps to install." This is great if in a typical enterprise scenario where you use the Enter- prise
editions and join computers to the domain. What about increasingly common Bring Your Own De- vice (BYOD) scenarios, where Windows RT devices and
computers running Windows 8 Pro are more common; and devices are not always joined to the domain?
Easy.
You can enable sideloading for these additional scenarios by installing a sideloading product key on the computers.
...
Conclusion
We hope that experiencing how to sideload Windows Store apps firsthand showed you how simple the process really is. You enable sideloading on computers
running Windows 8 Enterprise by simply joining them to the domain and enabling the "Allow all trusted apps to install" policy setting. You can enable app
sideloading in the scenarios that Table 1 describes by using a sideloading product key. To sideload an app for an individual user, you use the add-appxpackage
cmdlet in Windows PowerShell, and to provision an app for all users, you use the Add-ProvisionedAppxPackage DISM option.
Figure 3. Sideloading Requirements
http://msdn.microsoft.com/en-us/windows/apps/bg127575.aspx
Windows App Certification Kit
Before you submit your app for certification and listing in the Windows Store, use the Windows App Certi- fication Kit to test your app and make sure it's ready to go.
QUESTION 312
A company has client computers that run Windows 8.1. Finance department employees store files in the C:\Finance directory. File History is on.
A Finance department employee attempts to restore a file to a previous version by using File History. The file is not available to restore.
You need to establish why the file history is not available and ensure that it is available in the future.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Review the File History backup log.
Move the file into a library.
Restore the data files from the Previous Versions tab located in the folder properties.
Set the Protection Settings for drive C to On.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.windows.com/windows/b/extremewindows/archive/2012/12/20/a-new-way-to-backup-file-history-in- windows-8.aspx
File History only backs up data in libraries, favorites, desktop, and contacts and must use a non-system drive for backup.
Since File History is already on we can assume the drive doesn't need to be changed. So we should review the log and move the file to a library.
QUESTION 313
A company has client computers that run Windows 8.1. Each computer has two hard drives.
You need to create a dynamic volume on each computer to support the following features:
Fault tolerance
Fast write performance
What kind of dynamic volume should you create?
A.
B.
C.
D.
Striped volume
Spanned volume
RAID 5 volume
Mirrored volume
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc737048%28v=ws.10%29.aspx What Are Dynamic Disks and Volumes?
..
Types of Dynamic Volumes
A dynamic volume is a volume that is created on a dynamic disk. Dynamic volume types include simple, spanned, and striped volumes.
Mirrored Volumes
A mirrored volume is a fault-tolerant volume that provides a copy of a volume on another disk. Mirrored volumes provide data redundancy by duplicating the
information contained on the volume. The two disks that make up a mirrored volume are known as mirrors. Each mirror is always located on a different disk. If one
of the disks fails, the data on the failed disk becomes unavailable, but the system continues to operate by using the unaffected disk.
Mirrored volumes are typically created by the user who requires fault-tolerance and who has two disks in their computer. If one disk fails, the user always has a copy
of their data on the second disk. Mirrored volumes provide better write performance than RAID-5 volumes.
Further Information:
Striped Volumes
Striped volumes improve disk input/output (I/O) performance by distributing I/O requests across disks. Striped volumes are composed of stripes of data of equal
size written across each disk in the volume. They are created from equally sized, unallocated areas on two or more disks. Striped volumes cannot be extended or
mirrored and do not offer fault tolerance. If one of the disks containing a striped volume fails, the entire volume fails, and all data on the striped volume becomes
inacces- sible. The reliability for the striped volume is less than the least reliable disk in the set.
RAID-5 Volumes
A RAID-5 volume is a fault-tolerant volume that stripes data and parity across three or more disks. Parity is a calculated value that is used to reconstruct data if one
disk fails. RAID-5 volumes are typically created by the user who requires fault-tolerance and who has at least three disks in their computer. If one of the disks in the
RAID-5 volume fails, the data on the remaining disks, along with the parity information, can be used to recover the lost data. RAID-5 volumes are well-suited to
storing data that will need to be read frequently but written to less frequently. Database applications that read randomly work well with the built-in load balancing of a
RAID-5 volume.
Spanned Volumes
Spanned volumes combine areas of unallocated space from multiple disks into one logical volume. The areas of unallocated space can be different sizes. Spanned
volumes require two disks, and you can use up to 32 disks.
QUESTION 314
A portable computer that runs Windows 8.1 uses a mobile broadband connection. The computer successfully downloads Windows updates only when not
connected to the corporate wireless network.
You need to ensure that the computer automatically downloads updates by using Windows Update while connected to the corporate wireless network.
What should you do?
A.
B.
C.
D.
Configure the Specify intranet Microsoft update service location local Group Policy setting.
Set the corporate wireless network to metered.
Set the corporate wireless network to non-metered.
Configure a Windows Firewall connection security rule.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-US/windows-8/metered-internet-connections-frequently-asked-questions Metered Internet connections: FAQ
What's a metered Internet connection?
Internet service providers can charge by the amount of data used (the amount of data sent and received by your PC). That's called a metered Internet connection.
These plans often have a data limit, and if you exceed the limit you might have to pay extra. In some cases, you aren't charged extra but your connection speed
becomes slower until the billing cycle ends.
If you have a metered Internet connection, setting your network connection to metered in Windows can help you reduce the amount of data you send and receive.
How does setting my network connection to metered affect my PC? Any app that relies on an Internet connection to update or display info might be limited in the
amount of data it can download or display. You might notice these and other effects:
Windows Update will only download priority updates.
...
Further Information:
Setting a Wireless network to METERED allows only critical Windows Updates using that connection. Setting a Wireless network to NON-METERED allows all
Windows Updates using that connection.
QUESTION 315
A company has client computers that run Windows 8.1. The client computers are in a workgroup. Windows Remote Management (WinRM) is configured on all
computers.
You need to configure a computer named COMPUTER1 to retrieve Windows event logs from all other computers in the workgroup.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
F.
G.
Start the Windows Event Collector service on COMPUTER1.
Add machine accounts of all other computers to the Event Log Readers local group on COMPUTER1.
Start the Windows Event Log service on all computers other than COMPUTER1.
Create and configure a source computer-initiated subscription.
Add the COMPUTER1 machine account to the Event Log Readers local group on all computers.
Start the Windows Event Collector service on all computers other than COMPUTER1.
Create and configure a collector-initiated subscription.
Correct Answer: AEG
Section: (none)
Explanation
Explanation/Reference:
http://blog.oneboredadmin.com/2012/06/windows-event-collection.html Windows Event Collection
The only basic rules are that the source machine should have Winrm2 installed and running on it, and the Event Collector Service should be running on the collector
machine. There are two methods available to complete this challenge - collector initiated and source initiated.
Collector Initiated
When defining such a subscription, you instruct the collector to open a WinRM session to the source machine(s) using a specified set of credentials (or the
computer account) and ask for a subscription.
Further Information:
For best management we want a collector-initiated subscription--meaning we'll be setting up the subscription at the collecting computer instead of at each
individual computer. The Windows Event Collector service is requested for subscriptions to work on the computer doing the collecting. The collecting computer
must be a member of the Event Log Readers local group on all computer in order to be able to read the event log.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443%28v=vs.85%29.aspx Windows Event Collector
You can subscribe to receive and store events on a local computer (event collector) that are forwarded from a remote computer (event source).
The following list describes the types of event subscriptions:
Source-initiated subscriptions: allows you to define an event subscription on an event collector computer without defining the event source computers. Multiple
remote event source computers can then be set up (using a group policy setting) to forward events to the event collector computer. This subscription type is useful
when you do not know or you do not want to specify all the event sources computers that will forward events.
Collector-initiated subscriptions: allows you to create an event subscription if you know all the event source computers that will forward events. You specify all the
event sources at the time the subscription is created.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb513652%28v=vs.85%29.aspx Creating a Collector Initiated Subscription
You can subscribe to receive events on a local computer (the event collector) that are forwarded from remote computers (the event sources) by using a collectorinitiated subscription. In a collector-initiated subscription, the subscription must contain a list of all the event sources. Before a collector computer can subscribe to
events and a remote event source can forward events, both computers must be configured for event collecting and forwarding.
http://technet.microsoft.com/en-us/library/cc748890.aspx
Configure Computers to Forward and Collect Events
Before you can create a subscription to collect events on a computer, you must configure both the collecting computer (collector) and each computer from which
events will be collected (source).
In a workgroup environment, you can follow the same basic procedure described above to configure computers to forward and collect events. However, there are
some additional steps and considerations for workgroups:
You can only use Normal mode (Pull) subscriptions.
You must add a Windows Firewall exception for Remote Event Log Management on each source computer.
You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure
Advanced Subscription Settings dialog when creating a subscription on the collector computer.
Type winrm set winrm/config/client @{TrustedHosts="<sources>"} at a command prompt on the collector computer to allow all of the source computers to use
NTLM authentication when communicating with WinRM on the collector computer. Run this command only once.
QUESTION 316
You administer Windows 8.1 Enterprise computers in your company's Active Directory Domain Services (AD DS) domain.
Your company uses several peripheral devices. The drivers for these devices are not available on Windows Update.
You need to ensure that the drivers install when users connect these devices to their computers.
What should you do?
A. For the Group Policy setting Prioritize all digitally signed drivers equally during the driver ranking and selection process, select Disabled.
B. From Device Manager, find the detected scanner device and select Update Driver.
C. Add the following registry key to the computers:
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/DevicePath. Add °/osystemroot%\inf and t he UNC path to the drivers share.
D. For the Group Policy setting Configure driver search locations, select Enabled. Make the drivers available on the UNC path to the driver's share.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc753716.aspx
Configure Windows to Search Additional Folders for Device Drivers
To configure Windows to Search Additional Folders for Device Drivers Start Registry Editor. Click Start, and in the Start Search box type regedit.
1.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, 2.
and then click Yes.
Navigate to the following registry key:
3.
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version In the details pane, double-click DevicePath.
4.
Add additional folder paths to the setting, separating each folder path with a semi-colon. Ensure that 5.
%systemroot%\inf is one of the folders included in the value.
Caution:
Do not remove %systemroot%\inf from the DevicePath registry entry. Removal of that folder can break device driver installation.
Further Information:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff553973%28v=vs.85%29.aspx Where Windows Searches for Drivers
After a device is attached, Windows attempts to locate a matching driver package from which it can install a driver for the device. Windows searches for driver
packages from various locations and performs this search in two phases, as described in the following table.
Starting with Windows 7, Windows automatically downloads matching driver packages from Windows Up- date without prompting the user for permission. If a
matching driver package is found, Windows downloads the package and stages it to the driver store.
If a matching driver package cannot be downloaded, Windows searches for matching driver packages in the driver store. This includes in-box drivers, installed
drivers other than in-box drivers, and preinstalled drivers.
Windows also searches for driver packages that were preloaded in the locations that are specified by the DevicePath registry value. This value is under the
following subkey of the registry.
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
By default, the DevicePath value specifies the %SystemRoot%\INF directory.
If a matching driver package is found either on Windows Update or in a location that is specified by the DevicePath value, Windows first stages the driver package
to the driver store before the driver is installed. In this way, Windows always installs drivers from the driver store.
QUESTION 317
You use a Windows 8.1 Pro computer. The computer stores research data in a folder named
C:\Research.
You turn on File History.
You need to back up the Research folder.
What should you do?
A.
B.
C.
D.
Create a new library and include the folder in the library.
Create a new volume mount point in the root of the folder.
Create a new storage space and move the folder to the storage space.
Create a new restore point.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
It's a feature introduced in Windows 8 that offers a new way to protect files for consumers. It supersedes the existing Windows Backup and Restore features of
Windows 7.
Before you start using File History to back up your files, you'll need to set up a drive to save files to. We recommend that you use an external drive or network
location to help protect your files against a crash or other PC problem.
File History only saves copies of files that are in your libraries, contacts, favorites, and on your desktop. If you have folders elsewhere that you want backed up, you
can add them to one of your existing libraries or create a new library.
Advanced settings can be accessed from the File History control panel applet.
File History also supports new storage features introduced in Windows 8. Users who have lots of data to back up can use Storage Spaces to create a resilient
storage pool using off-the-shelf USB drives. When the pool fills up, they can easily add more drives and extra storage capacity to the pool.
Further Information:
http://blogs.msdn.com/b/b8/archive/2012/01/05/virtualizing-storage-for-scale-resiliency-and-efficiency.aspx Virtualizing storage for scale, resiliency, and efficiency
Windows 8 provides a new capability called Storage Spaces enabling just that. In a nutshell, Storage Spaces allow:
Organization of physical disks into storage pools, which can be easily expanded by simply adding disks. These disks can be connected either through USB, SATA
(Serial ATA), or SAS (Serial Attached SCSI). A storage pool can be composed of heterogeneous physical disks different sized physical disks accessible via
different storage interconnects.
Usage of virtual disks (also known as spaces), which behave just like physical disks for all purposes. However, spaces also have powerful new capabilities
associated with them such as thin provisioning (more about that later), as well as resiliency to failures of underlying physical media.
QUESTION 318
You administer 100 Windows 8.1 laptops, all of which have PowerShell Remoting enabled. You run the following command on a computer named Computer1.
Invoke-Command -filepath \\Computer2\Share\MyScript.ps1 -computer name Computer2 MyScriptl.psl fails to execute.
You verify that you are able to access it from the network.
You need to be able to execute MyScriptl.psl on Computer1.
What should you do?
A. Copy MyScriptl.psl to a local drive on Computer1 and run the Invoke-Command cmdlet on Computer1.
B. Run the Set-ExecutionPolicycmdlet on Computer1.
C. Run the Enter-PSSessioncmdlet on Computer1.
D. Run the Set-ExecutionPolicycmdlet on Computer2.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh849719.aspx
Invoke-Command
Runs commands on local and remote computers.
..
The Invoke-Command cmdlet runs commands on a local or remote computer and returns all output from the commands, including errors. With a single InvokeCommand command, you can run commands on multiple computers.
..
Parameters
..
-ComputerName<String[]>
Specifies the computers on which the command runs. The default is the local computer. When you use the ComputerName parameter, Windows PowerShell
creates a temporary connection that is used only to run the specified command and is then closed.
..
-FilePath<String>
Runs the specified local script on one or more remote computers. Enter the path and file name of the script, or pipe a script path to Invoke-Command. The script
must reside on the local computer or in a directory that the local computer can access. Use the ArgumentList parameter to specify the values of parameters in the
script.
..
Further Information:
http://technet.microsoft.com/en-us/library/ee176961.aspx
Using the Set-ExecutionPolicy Cmdlet
The Set-ExecutionPolicy cmdlet enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell
has four different execution policies:
Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode. AllSigned - Only scripts signed by a trusted publisher can be run.
RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run. Unrestricted - No restrictions; all Windows PowerShell scripts
can be run. To assign a particular policy simply call Set-ExecutionPolicy followed by the appropriate policy name.
http://technet.microsoft.com/en-us/library/hh849812.aspx
Set-ExecutionPolicy
The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows
PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.
http://technet.microsoft.com/en-us/library/hh849707.aspx
Enter-PSSession
The Enter-PSSession cmdlet starts an interactive session with a single remote computer. During the session, the commands that you type run on the remote
computer, just as though you were typing directly on the remote computer. You can have only one interactive session at a time.
QUESTION 319
You administer Windows 8.1 computers for a software development company.
The marketing department is going to meet a potential customer to demonstrate the product. You want to configure a laptop that has a stand-alone virtual machine
that runs Windows 8.1 Enterprise and the latest build of your software.
You need to enable BitLocker on the system drive of the virtual machine.
What should you do first?
A.
B.
C.
D.
Activate Windows.
Join the virtual machine to an Active Directory Domain Services (AD DS) domain.
Turn on the Require additional authentication at startup local policy.
Turn off the Require additional authentication at startup local policy.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://rc.partners.org/kbase?cat_id=9&art_id=245
How to setup BitLocker Encryption on Windows 8 without TPM
BitLocker is a full disk encryption software that comes standard with PCs running Windows 8 Pro or higher.
This document provides instructions for encrypting the hard drive without Trusted Platform Module (TPM - integrated security chip) present or enabled, and
bypasses the USB flash drive encryption key requirement.
From the Metro UI or the search box, type GPEDIT.MSC and press enter 1.
Open Computer Configuration => Administrative Templates => Windows Components => BitLocker 2.
Drive Encryption => Operating System Drives. From the right pane double-click "Require additional authentication at startup"
Select Enabled radio button and check the box for "Allow BitLocker without a compatible TPM...". Click 3.
OK and close the policy editor.
Right-click your C drive in the Computer folder, click Turn on BitLocker 4.
....
QUESTION 320
A company has a main office and several branch offices. The company has an Active Directory Domain Services (AD DS) domain. All client computers run
Windows 8.1. All printers are deployed to all client computers by using Group Policy.
When a user attempts to print from his portable client computer while at a branch office, the main office printer is set as his default printer.
You need to ensure that a location-specific default printer for each branch office is set for the user.
What should you do?
A.
B.
C.
D.
Create a Group Policy object (GPO) that enables the Computer location policy setting.
In the Manage Default Printers dialog box, select the Always use the same printer as my default printer option.
In the Manage Default Printers dialog box, select the Change my default printer when I change networks option.
Create a Group Policy object (GPO) that enables the Allow Print Spooler to accept client connections policy setting.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/set-change-your-default-printer Set or change your default printer
To set a different default printer for each network
..
3. Tap or click any printer, and then tap or click Manage default printers.
4. Select Change my default printer when I change networks.
5. Under Select network, choose the first network you want to set a printer for.
6. Under Select printer, choose the printer you want to be the default on that network, and then tap or click Add.
7. When you're finished setting a default printer for each network, tap or click OK.
Further Information:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-3-configure-networkconnectivity-15/
configure location-aware printing
Location-aware printing is not a new feature, it existed already in Windows 7, it works that your default printer follows you, so at work you can have one default
printer and another at home without manually switching.
Just click on an installed printer in control panel and select Manage default printers.
Be sure Change my default printer when I change Networks is selected and then manage per network which printer you want to be default.
Location-Aware Printing is dependent upon the Network List Service and the Network Location Aware- ness service. If either one of these services are stopped or
malfunctioning, then Windows will not be able to detect network changes and may not switch default printers as expected
QUESTION 321
You use many Windows Store apps on a computer that runs Windows 8.1.
You are planning a performance audit on the computer.
You need to establish the volume of data upload from each app over a five-day period.
Which three actions should you perform? (Each correct answer presents part of the solution.
Choose three.)
A.
B.
C.
D.
E.
On the fifth day, review the upload statistics in Task Manger.
Configure Task Manager to save usage data to a file.
Configure Task Manager to record data upload from each Windows Store app.
On the first day, delete any existing application usage history
Open Task Manager and add the Uploads column.
Correct Answer: ADE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.7tutorials.com/windows-8-task-manager-which-apps-use-most-system-resources The Windows 8 Task Manager - Which Apps Use the Most
Resources? ...
Before you get in to tweak settings, the app history tab will display five columns:
Name - The name of the process or app.
CPU Time - Total amount of CPU time the selected app has taken up. Network - Total network utilization in MB for the selected app. Metered Network - Total
network utilization on a network that is marked as metered. Tile Updates - Amount of network usage for updating the chosen app's live tile.
...
By default, the App History tab will only display usage for modern Windows 8 apps.
...
While the default view displays a pretty good picture of your data using apps, you can take it farther by adding more columns. Right-click or long-press an existing
column header to view a list of available data points. You can deselect any of the existing columns to hide them, or select any of the following columns to add them
to your view:
Non-Metered Network - Network usage on networks that aren't marked as metered.
Downloads - Amount of downloads done for the selected app.
Uploads - Amount of uploads done for the selected app.
..
How to Clear your App History Data
When viewing your app history data, it can be difficult to discern how quickly your apps are racking up network usage. You may see that Netflix has used gigs of
data, but if that's over a long period that may not be so bad. However, if it's only been a few minutes since data logging began, you're in trouble.
If you want to clear your data and start counting again from zero, go ahead and click or tap "Delete usage history."
All of your recorded history will be deleted and all columns will be zeroed out. With careful monitoring you can now see how quickly your heavy users chew up data.
QUESTION 322
A computer runs Windows 8.1. You install an application by running an .msi file.
You need to apply a patch to the application.
Which command should you run?
A.
B.
C.
D.
dism /Online /add-package:C:\MyPatch.msp
dism /get-AppPatches /get-PackageInfo:C:\MyPatch.msp
msiexec /x "C:\MyPatch.msp"
msiexec/p "C:\MyPatch.msp"
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc759262%28v=ws.10%29.aspx Msiexec (command-line options)
To apply an update
Syntax
msiexec /p UpdatePackage
Parameters
/p Applies an update.
UpdatePackage Specific update.
QUESTION 323
Your network has a single domain with 1,000 client computers that run Windows 7. You use Microsoft System Center Configuration Manager 2007 to distribute and
install software applications. All users have standard user accounts.
You plan to use Group Policy to ensure that application installation functions properly.
You need to design the User Account Control (UAC) policy.
Which setting should you select? To answer, select the appropriate setting in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
User Account Control: Detect application installations and prompt for elevation
The User Account Control: Detect application installations and prompt for elevation policy setting controls the behavior of application installation detection for the
computer.
The options are:
Enabled. (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative
user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
Disabled. (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops
and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In
this case, installer detection is unnecessary.
http://technet.microsoft.com/en-us/library/dd851376.aspx
QUESTION 324
You are creating a Windows 7 image.
You need to prevent users from sharing their desktop sessions with remote users. You also need to allow administrators who are using Windows XP to administer
the Windows 7 image remotely.
Which settings should you configure? To answer, select the appropriate setting or settings in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Only less secure allow using windows XP to adminster the windows 7 image remotely smith answer original is C, but print screen is B.
QUESTION 325
A company has 1,000 computers in the main office and 20 computers in store kiosks. All the computers run Windows 7 Enterprise. The kiosk computers do not
have network connections.
The company brands the Microsoft Internet Explorer program window on all computers by displaying the company logo at the left end of the title bar. The company
changes its logo.
You have the following requirements:
• Display the new logo on the Internet Explorer program window title bar on the main office computers and the kiosk computers.
• Modify the search providers that are available to main office computers.
You need to define Internet Explorer settings to support the requirements.
Which two actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
Kiosk computer do not have network connections, deployment CD is needed.
QUESTION 326
You use a computer named Client02 to manage the BitLocker configuration on a remote computer named Client01.
A new company policy states that when BitLocker is used, you must be able to access the data in case of a system failure.
You need to comply with the company policy.
Using manage-bde, how should you achieve this goal? (To answer, drag the appropriate parameter from the list of options to the correct location or locations in the
work area.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 327
A network has a single domain with 1,000 client computers that run Windows 7.
A large number of software installation scripts are configured to run on the client computers.
You need to recommend a Group Policy setting that allows users to log on to their computers as soon as possible at first boot.
What should you recommend?
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Run startup scripts asynchronously
Description Lets the system run startup scripts simultaneously.
Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next
startup script.
If you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.
If you disable this policy or do not configure it, a startup script cannot run until the previous script is complete.
http://msdn.microsoft.com/en-us/library/ms811602.aspx
hints: allows users to log on to their computers as soon as possible at first boot
QUESTION 328
A company network includes Windows 7 client computers and DirectAccess.
When using DirectAccess, users cannot connect to the companys internal resources.
You need to create a batch file that users can execute to trace all network traffic for DirectAccess from their home computers.
Which command should you use? To answer, drag the appropriate terms from the list of terms to the correct location or locations in the work area.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 329
A user is unable to log on to a client computer that runs Windows 7. The user receives an error message that says The local policy of this system does not permit
you to logon interactively. The user belongs only to the Users group.
You need to ascertain which policy in the local security policy must be modified.
Which security policy should you select? To answer, select the appropriate policy in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 330
You upgrade all of an organization's client computers to Windows 7.
After the upgrade, a specific legacy application does not function correctly.
You need to generate a list of all the computers that have the legacy application installed.
Which two actions should you perform? (To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 331
A company runs Windows Server 2008 R2 in an Active Directory Domain Services (AD DS) environment. Windows 7 is installed on all the companys client
computers.
You add a domain user account named User1 to the local Administrators group on a client computer named PC01. When User1 returns to the office, User1 does
not have administrative access on PC01.
When you inspect PC01, you find that the local Administrators group does not contain the user account. You need to ensure that User1 is a member of the local
Administrators group.
Which Group Policy setting should you select? To answer, select the appropriate Group Policy setting in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Restricted groups allow an administrator to define the following two properties for security-sensitive (restricted) groups:
Members
Member Of
The "Members" list defines who should and should not belong to the restricted group. The "Member Of" list specifies which other groups the restricted group should
belong to.
Using the "Members" Restricted Group Portion of Policy
When a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of
administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added.
Using the "Member Of" Restricted Group Portion of Policy
Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted
group is a member of groups that are listed in the Member Of dialog box.
http://support.microsoft.com/kb/279301
hints: if user was not added into local restricted group, it will remove from administrator group, even it already was added to administrator group.
QUESTION 332
Your company has a main office and 20 branch offices.
The network contains 5,000 client computers. 100 users have laptop computers and work remotely. All remaining users have desktop computers. You plan to
deploy Windows 7 on all client computers. You need to ensure that your image-creation strategy meets the following requirements:
Provide access to all applications on the laptop computers when the users first start their computers.
Provide language-pack support based on the geographic location of the user.
Minimize the bandwidth used to deploy images to the desktop computers.
What should you create?
A.
B.
C.
D.
E.
one thick image for all client computers
one thin image for all client computers
one hybrid image for all client computers
one thick image for the portable computers and one thin image for the desktop computers
one thin image for the portable computers and one thick image for the desktop computers
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints: all applications on the laptop computers = thick image languagepack support based on the geographic location = thin image
QUESTION 333
You are planning to deploy Windows 7 Enterprise to all of your company's client computers.
You have the following requirements:
Create two custom partitions on each client computers hard disk, one for the operating system and the other for data.
Automatically create the partitions during Windows Setup.
You need to design an image that meets the requirements.
What should you do?
A.
B.
C.
D.
Use SysPrep to create the two partitions during Windows Setup.
Use Windows PE to create the partitions. Install Windows 7 on the first partition.
Use Windows System Image Manager (Windows SIM) to specify the partition configuration.
Use Disk Management to create the two partitions on the hard disk.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Windows System Image Manager (Windows SIM) creates and manages unattended Windows Setup answer files in a graphical user interface (GUI). Answer files
are XML-based files that are used during Windows Setup to configure and to customize the default Windows installation.
For example, you can use Windows SIM to create an answer file that partitions and formats a disk before installing Windows, changes the default setting for the
Internet Explorer home page, and configures Windows to boot to Audit mode after installation. By modifying settings in the answer file, Windows SIM can also install
third-party applications, device drivers, language packs, and other updates.
http://technet.microsoft.com/en-us/library/cc766347(v=ws.10).aspx
QUESTION 334
You plan to deploy an image of Windows 7 Enterprise to 1,000 client computers. You need to design a custom image that will enable users to connect to a Telnet
server.
What should you do?
A.
B.
C.
D.
Create a Network Connection before capturing the image.
Turn on the Telnet Server feature in the image.
Create a Certificate-Based credential before capturing the image.
Turn on the Telnet Client feature in the image.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 335
You are planning a migration to Windows 7.
You need to recommend applications that obtain a list of software installed on client computers.
Which applications should you recommend? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
Microsoft Deployment Toolkit (MDT)
Sysprep
Microsoft Assessment and Planning Toolkit (MAP)
Microsoft Application Compatibility Toolkit (ACT)
windows User State Migration Tool (USMT)
Windows System Image Manager (windows SIM)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
accurate answers
QUESTION 336
You are designing a Windows 7 deployment image. You receive a baseline image over the network, from a different geographic location.
http://www.gratisexam.com/
You need to verify that the baseline image is valid.
Which tool should you use?
A.
B.
C.
D.
ImageX
the Deployment Image Servicing and Management (DISM) tool
Windows Compatibility Evaluator
windows System Image Manager (Windows SIM)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
imagex /append image_path image_file {"description"}{/boot | /check | /config configuration_file.ini | /scroll | /verify}/check
Checks the integrity of the .wim file. If not provided, existing checks are removed. http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx
QUESTION 337
You are installing a new third-party application to all the Windows 7 client workstations that your company has deployed.
You need to monitor all of the actions taken by the application installer.
Which application should you use?
A.
B.
C.
D.
Update Compatibility Evaluator
Setup Analysis Tool
Windows Compatibility Evaluator
Compatibility Administrator
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 338
Your company has client computers that run Windows XP Professional.
You are planning to install Windows 7 Enterprise on the existing client computers.
You have the following requirements:
Migrate user data and operating system components.
Encrypt and password-protect the migration store.
You need to design a user state migration strategy that supports the requirements.
What should you do?
A.
B.
C.
D.
Use a hard-link migration store.
Perform an offline migration by using Windows.old.
Use a compressed migration store.
Perform an offline migration by using Windows PE.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Compressed migration
The compressed migration store is a single image file that contains all files being migrated and a catalog file.
This image file is often encrypted and protected with a password, and cannot be navigated with Windows Explorer.
http://technet.microsoft.com/en-us/library/dd560795(v=ws.10).aspx
QUESTION 339
Your company uses Windows Update to download and install security updates on client computers.
When Microsoft releases a security update, you have the following requirements:
Establish which client computers require the security update.
Identify what changes will occur as a result of the security update.
Identify which applications might be affected by the security update.
You need to select the appropriate tool to detect application-compatibility issues.
What should you do?
A.
B.
C.
D.
Use the Inventory Collector
Use the Setup Analysis Tool
Use the Update Compatibility Evaluator.
Use the Windows Compatibility Evaluator
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The Update Compatibility Evaluator (UCE) examines your organization's computers and identifies the installed applications and system information, matches that
information against the profile set for the Windows® update, and looks for potential conflicts due to changes in the registry, application files, or application file
properties. You configure the compatibility evaluator, defining when and how it runs, in the Application Compatibility Manager. You can also view your potential
compatibility issues on the Analyze screen of the Application
Compatibility Manager.
http://technet.microsoft.com/en-us/library/cc766043(v=ws.10).aspx
QUESTION 340
You are designing a Windows 7 Enterprise image creation strategy.
The strategy must meet the following requirements:
Support 32-bit and 64-bit hardware.
Support 64-bit applications.
Minimize the total number of images.
Reduce the bandwidth required to deploy an image.
Use System Center Configuration Manager (ConfigMgr) for application deployment.
You need to recommend the images that meet the requirements.
Which images should you recommend? (Choose all that apply.)
A.
B.
C.
D.
a thin image for the 32-bit version of Windows 7
a thick image for the 32-bit version of Windows 7
a thick image for the 64-bit version of Windows 7
a thin image for the 64-bit version of Windows 7
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 341
You plan to upgrade Windows Vista to Windows 7 on a computer named Computer01. You run ScanState and store the results on a remote computer at \\Server01
\mystore. After the ScanState command completes, a user customizes a profile and adds mission-critical data.
You attempt to run ScanState again but it fails.
You need to overwrite Computer01's existing information on Server01.
Which command line options should you use to execute the ScanState command? (Choose all that apply.)
A.
B.
C.
D.
/efsxopyraw
/v:13
\\Server01\mystore
/o
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 342
Your company plans to upgrade 1,000 client computers to Windows 7. The company uses a custom line-of-business application that is frequently updated.
The application is not compatible with Windows 7.
You need to ensure that the company can use the application. You also need to ensure that the application can be updated with the least amount of administrative
effort.
What should you do?
A. Deploy Microsoft Enterprise Desktop Virtualization (MED-V) v2 to all Windows 7 client computers, and distribute the virtual machine image and updates through
MED-V TrimTransfer.
B. Deploy Microsoft Enterprise Desktop Virtualization (MED-V) v2 to all Windows 7 client computers, and distribute the virtual machine image and updates through
Microsoft System Center Configuration Manager.
C. Configure Windows XP Mode on all Windows 7 client computers, and distribute the virtual machine image and updates through a file share resource.
D. Configure Windows XP Mode on all Windows 7 client computers, and distribute the virtual machine image and updates through Microsoft System Center
Configuration Manager.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 343
Your company has 1,000 client computers. Each client computer has 1 GB of RAM.
You are planning to deploy Windows 7 Enterprise.
You need to design a zero-touch deployment strategy to increase the number of client computers that can be imaged at one time.
What should you do?
A.
B.
C.
D.
Increase the amount of RAM on the client computers.
Change from unicast to multicast deployment of images.
Change from multicast to unicast deployment of images.
Decrease the trivial file transfer protocol (TFTP) block size on the TFTP server.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Performing Multicast Deployments
In order to deploy an image using multicasting instead of unicasting, you must first create a multicast transmission. Multicast transmissions make the image
available for multicasting, which enables you to deploy an image to a large number of client computers without overburdening the network. When you deploy an
image using multicasting, the image is sent over the network only once, which can drastically reduce the amount of network bandwidth that is used. http://
technet.microsoft.com/en-us/library/dd637994(v=ws.10).aspx
QUESTION 344
Your company's network includes a main office and several branch offices. The branch offices are connected to the main office by high-latency links. All client
computers run Windows 7 Enterprise, and all servers run Windows Server 2008 R2.
No servers are located in the branch offices.
Client computers in the branch offices frequently access a specific group of files on a file server named Server1.
These access requests consume significant amounts of bandwidth and reduce the speed of higher-priority traffic.
You need to reduce the bandwidth that is consumed by requests for frequently accessed files.
What should you do?
A. Configure BranchCache in Hosted Cache mode on client computers in the main office and the branch offices.
B. Configure BranchCache in Distributed Cache mode on client computers in the main office and the branch offices.
C. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Hosted Cache mode on client computers in only the branch
offices.
D. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Distributed Cache mode on client computers in only the branch
offices.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Branch office does not have server, Distributed cache is only choice. Since we have server at main office, we can enable the BranchCache For Network Files role
service
Topic 2, Scenario A
Background
You are the desktop architect for a company with 14,000 client computers. Some client computers are portable computers and some are desktop computers. All
client computers currently run Windows XP. You are in the evaluation phase for upgrading to Windows 7. Approximately half of the Carlsbad and Madrid offices are
used by sales employees. Sales employees report to the office only once per quarter. Your company has users in offices as shown in the following table.
The address for the SharePoint site is https://intranet.company.com.
Each location has gigabit network connections to the desktop except Madrid, which has 100 megabit connections. Each office has a Dynamic Host Configuration
Protocol (DHCP) server and uses multiple VLANs.
You use Group Policy objects (GPOs) to manage various settings. The following figure displays the Organizational Unit (OU) layout for the Active Directory Domain
Services (AD DS) domain.
Each office has two connections, a data center WAN link and an Internet connection. Each office connects to a central data center facility with connection speeds
as shown in the following table.
You currently use one of each client computer model to create and maintain a disk image for each model. The models supported by your company are listed in the
following table.
You currently use a third-party disk imaging application to capture and deploy new Windows XP computers. Desktop administrators use optical media to deploy the
image to new or repurposed client computers. The current Windows XP image is about 11 GB in size, which includes 2 GB of applications and 9 GB of Windows
XP files.
Business Requirements
The deployment of Windows 7 must meet the following business requirements:
Deployment requirements:
The deployment must maximize the use of existing client computers. The deployment must reduce the amount of time spent updating client computers after
deployment.
Technical Requirements
The application must meet the following technical requirements:
Infrastructure requirements:
The amount of disk space required to store deployment images must be reduced. The number of images that need to be copied across WAN links must be
reduced. You are based in the Los Angeles office and use the Microsoft Deployment Toolkit. You have a file server hosting a deployment share in Los Angeles.
Application compatibility:
- All current applications must be supported on Windows 7.
- All offices are moving to a new finance application in the next six months. The new finance application installs and runs correctly on Windows 7.
Migration requirements:
- The deployment cannot require users to store their files on a network or external drive for the migration. Only system administrators can be allowed to install
applications. User data must be migrated during upgrades to Windows 7. There is a small budget for hardware upgrades when required.
Image maintenance:
- You need to minimize the re-arm passes.
Security
- Each location has a security group made up of the desktop computer objects in that location.
- Users must not be able to change their web browser or client computer security settings.
- Your requirements are as follows:
·
A startup PIN and TPM are required for all BitLocker users.
·
Local regulations prohibit the use of BitLocker for all computers in the Munich office.
This supersedes any other requirement.
·
All laptops within the company must have BitLocker enabled.
·
All Madrid desktops must have BitLocker enabled.
·
No other desktops besides Madrid should have Bitlocker enabled.
- Computers in office lobbies are not permitted to join the domain.
- You need to block the use of ActiveX controls for all external websites.
QUESTION 345
You have deployed a ConfigMgr site server at each site. You are planning to use PXE boot to deploy a new Windows 7 image. You need to deploy the image to all
office locations. When you attempt to perform a PXE boot, it fails at each office location.
You need to prepare the infrastructure.
What should you do? (Choose all that apply.)
A.
B.
C.
D.
On each VLAN or subnet, create an IP helper for PXE that points to the PXE service point in each office.
Install a single PXE service point in the Los Angeles office.
On each VLAN or subnet, create an IP helper for PXE that points to the PXE service point in the Los Angeles office.
Install a PXE service point in each office.
E. Create a single IP helper for PXE that points to the DHCP server in the Los Angeles office.
F. Create a single IP helper for PXE that points to the DHCP server in each office.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
This dump's question is not complete.
MS exam question mention Deployment share is only setup at los Angeles office.
one of question from testlets
QUESTION 346
You need to prevent users from accessing USB flash drives on portable computers.
What should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
Create a security group in AD DS and place all user objects for users with portable computers in the group.
Create a security group in AD DS and place all portable computer objects in the group.
Create a GPO that blocks the use of specific GUIDs used by USB flash drives and link it to the root of the domain.
Create a WMI filter that applies only to Model A and B computers and link it to a GPO.
Create an AppLocker policy that applies to the AD DS computer group you created.
Create an AppLocker policy that applies to the AD DS user group you created.
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
specified answers
QUESTION 347
You create a Windows 7 image. You plan to test the image on 10 percent of the computers in each office. You need to recommend a deployment strategy to
minimize the amount of time spent deploying the image. What should you recommend?
A. Distribute one USB flash drive containing a Windows 7 installation to Madrid, Carlsbad, and New Orleans. Create a new deployment share in Munich.
B. Send one USB flash drive containing a Windows 7 installation to each site.
C. Send one DVD installation disk to each site.
D. Distribute one USB flash drive containing a Windows 7 installation to Carlsbad and New Orleans. Create a new deployment share in Los Angeles.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 348
You are deploying Windows 7 Enterprise and Microsoft Office to client computers.
The deployment must meet the following requirements:
Deploy Windows 7 Enterprise to all client computers.
Deploy Office 2007 Professional to client computers in the Munich office.
Deploy Office 2010 Professional to client computers in the Madrid office.
Automate the deployment to minimize administrative effort.
You need to recommend a deployment solution that meets the requirements.
What should you recommend?
A. Create a single Windows 7 Enterprise Edition image. Deploy the image that installs Office by using a task sequence that checks for the account used for
deployment.
B. Create a single Windows 7 Enterprise Edition image. Deploy the image that installs Office by using a Group Policy object based on the user who is logged in.
C. Create a Windows 7 Enterprise Edition image with Office 2007 installed. Create a second Windows 7 Enterprise Edition image with Office 2010 installed.
D. Create a single Windows 7 Enterprise Edition image. Deploy the image that installs Office by using a task sequence that checks for the Organizational Unit of
the client computer.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
AppLocker (a set of Group Policy settings that evolved from Software Restriction Policies, to restrict which applications can run on a corporate network, including
the ability to restrict based on the application's version number or publisher)
http://en.wikipedia.org/wiki/Features_new_to_Windows_7
QUESTION 349
You are planning to deploy a computer in the lobby of each office. You need to control which programs can run on the computer.
What should you do?
A.
B.
C.
D.
Use the Group Policy Object Editor to modify the local computer policy on the computer to enable and configure AppLocker.
Use the Group Policy Object Editor to modify the local computer policy on the computer to enable and configure BitLocker.
Create a GPO that enables and configures AppLocker and link it to the Carlsbad OU.
Create a GPO that enables and configures BitLocker and link it to the root of the AD DS domain.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 350
Your company's computers experience malware infections as a result of using unsafe ActiveX controls.
You need to update the client computer settings to follow the company policy.
What should you do?
A. Upgrade all users to Internet Explorer 9. Use a GPO to change the default setting of the Internet security zone to high. Add all internal web addresses to the
Trusted Sites list.
B. Use a GPO to change the default setting of the local intranet security zone to medium-low.
Add all internal web addresses to the Trusted Sites list.
C. Upgrade all users to Internet Explorer 9. Use a GPO to change the default setting of the Trusted Sites security zone to block ActiveX controls for all websites.
Add all internal web addresses to the Trusted Sites list.
D. Create a GPO that enables the Disable add-on performance notifications setting. Link it to the OU for each site.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 351
You create a deployment image that must be tested in each office. You need to complete testing within a week to finalize the image for production. You need to
recommend a deployment strategy to test the image with at least two users from each of the following departments:
Finance Research Accounting Sales What should you recommend?
A. Create a deployment share at each site. Direct the desktop technicians at each site to create Windows PE DVDs that install Windows 7 from the deployment
share at each site.
B. Create a deployment share in Los Angeles. Enable network boot at each site and have desktop technicians support users from each department.
C. Create a deployment share in Los Angeles. Create a DVD installation disk and send one to each user from the Sales department. Have the desktop technicians
at each site create DVD- based installations for users at each site.
D. Create a deployment share at each site. Direct the desktop technicians at each site to create Windows PE USB flash drives that install Windows 7 from the
deployment share at each site.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 352
You create and test a Windows 7 image that supports all existing client computer hardware in the company. User settings must be preserved during migrations to
Windows 7. You need to deploy the new image to all office locations by using the Zero Touch Installation methodology. What should you recommend? (Choose all
that apply.)
A.
B.
C.
D.
E.
F.
Enable a DHCP helper address on the routers for each remote office.
Enable network boot functionality on all client computers at the remote locations.
Deploy and configure Microsoft System Center Configuration Manager (ConfigMgr).
Deploy and configure Microsoft System Center Operations Manager (OppMgr).
Create a task sequence that enables local administrators to select their local office.
Create a User State Migration Tool configuration file and include it in the deployment.
Correct Answer: BCF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 353
C-2nd
You deploy Windows 7 Enterprise in a VDI pool resource group. You need to ensure that the visualization strategy meets the company's OSE requirements.
Which GPO setting should you recommend?
A.
B.
C.
D.
Disable Administrative Templates\Windows Components\Internet Explorer\Disable add-on performance notifications.
Disable Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings.
Enable Administrative Templates\Windows Components\Internet Explorer\Disable add-on performance notifications.
Enable Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 354
You need to recommend a Microsoft Enterprise Desktop Virtualization (MED-V) image update strategy to meet company requirements. What should you
recommend?
A.
B.
C.
D.
Windows Intune
Windows Update
ConfigMgr
Windows Deployment Services (WDS)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/hh463536.aspx Creating and Deploying MED-V Workspace Packages with System Center Configuration Manager
QUESTION 355
You are planning the delivery of the ERP add-on to the remote users. You need to ensure that the ERP add-on meets company requirements and functions for all
remote users. Which product should you recommend?
A. MED-V
B. Remote Desktop RemoteApp
C. System Center Virtual Machine Manager Self Service Portal 2.0
D. Windows XP Mode
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 356
You deploy Windows 7 Enterprise in a VDI pool resource group. You need to ensure that the virtualization strategy meets the companys OSE requirements. Which
GPO setting should you recommend?
A.
B.
C.
D.
Disable Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings
Enable Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings
Enable Administrative Templates\Windows Components\Internet Explorer\Disable add-on performance notifications
Disable Administrative Templates\Windows Components\Internet Explorer\Disable add-on performance notifications
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 357
You need to ensure that the companys remote computers receive Windows updates at the same time as the internal computers. What should you do?
A.
B.
C.
D.
Deploy DirectAccess
Implement System Center Operations Manager (OpsMgr)
Install the Windows Deployment Services (WDS) role
Install BranchCache in distributed mode
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Remote computers use Direct Access to connect to internal WSUS server to update
QUESTION 358
You need to manage Windows 7 and Microsoft Office 2010 license keys for the VDI pool automatically. What should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
G.
H.
I.
Install the Remote Desktop Licensing role service.
Install a ConfigMgr primary site server.
Install a MAK proxy server.
Install the Office 2010 KMS Host License Pack.
Activate the KMS host with the Office 2010 KMS key.
Install Volume Activation Management Tool 2.0.
Install a server core installation of Windows Server 2008 R2 Standard and add the AD DS role.
Activate the server with a MAK key.
Activate the server with a KMS key.
Correct Answer: DEGI
Section: (none)
Explanation
Explanation/Reference:
QUESTION 359
You are planning the deployment of a new engineering application in the Chicago office. You need to meet company requirements for application deployment. What
should you recommend?
A.
B.
C.
D.
MED-V
App-V
Remote Desktop Session Host
Remote Desktop RemoteApp
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 360
B-3rd
You run Sysprep on a base image for the company's VDI pool. You plan to use Windows Deployment Services (WDS) for the deployment.
You need to recommend the Sysprep parameters to ensure that the base image is ready for deployment while meeting the company requirements.
Which parameters should you recommend? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
G.
/quiet
/shutdown
/oobe
/generalize
/quit
/audit
/ unattendiunattend.xml
Correct Answer: BDG
Section: (none)
Explanation
Explanation/Reference:
QUESTION 361
You are planning to deliver VDI by using the companys virtualization infrastructure. You need to ensure that VDI users are always reconnected to the same VDI
session.
What should you recommend?
A.
B.
C.
D.
Deploy the App-V desktop client.
Add the VmHostAgent role service.
Deploy the App-V Sequencer.
Install Windows Server 2008 R2 Datacenter with the Hyper-V role.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 362
A- 2nd
Users with newly deployed Windows 7 computers see a security prompt when they attempt to upload documents to the company's intranet site.
You need to suppress the prompt without creating a security risk for the company.
What should you do? (Choose all that apply).
A.
B.
C.
D.
E.
F.
Modify the GPO to set https://intranet.company.com with a value of 1 in the Site to Zone Assignment List.
Modify the default Windows 7 image to add the Internet Explorer Enhanced Security Configuration component.
Modify the default Windows 7 image to change the default Internet Explorer security level to Medium Low.
Modify the default Windows 7 image to disable the Internet Explorer Automatically Detect Intranet Network setting.
Create a GPO and link it to the root of the domain.
Modify the GPO to set the web server's NEtBIOS name with a value of 2 in the Site to Zone Assignment List.
Correct Answer: AF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 363
A-2nd
You are designing an implementation of BitLocker. You create a GPO with BitLocker settings that conform to company requirements.
You need to design an implementation strategy that supports the company requirements.
What should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
Link the GPO to the Munich-Computers OU. Use a security filter to apply the GPO to all Munich desktop computers.
Block the Munich-Computers OU from inheriting policies.
Link the GPO to the Madrid-Computers OU. Use a security filter to apply the GPO to all Madrid desktop computers.
Link the GPO to the Munich-Users OU.
Create and use a WMI filter that targets all portable computers with the GPO. Link the WMI filter to the GPO
Link the GPO to the root of the AD DS domain.
Correct Answer: BCEF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 364
B-1st
You use the Microsoft Deployment Toolkit (MDT) 2010 to create a Windows 7 test image. You deploy the image by using a USB flash drive. The Windows 7
deployment includes a custom task sequence to install a new finance application from the deployment share.
You need to deploy the image in the Munich office by using Zero Touch Installation.
What should you do?
A. Install System Center Configuration Manager (ConfigMgr) 2007 in the Munich office.
Configure a deployment point and configure the network for PXE. Recapture the MDT image and create a task sequence for the finance application.
B. Install System Center Configuration Manager (ConfigMgr) 2007 in the Carlsbad office.
Configure a deployment point and configure the network for PXE. Recapture the MDT image with the finance application installed.
C. Install a new deployment share in the Munich office. Create a Windows PE boot disk with network drivers. Recapture the MDT image and create a task
sequence for the finance application. Create a custom script that can map a drive to the deployment share and start Setup.
D. Install a new deployment share in the Munich office. Configure a deployment point and configure the network for PXE. Recapture the MDT image and create a
task sequence for the finance application.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 365
B-1st
A user from the Finance department is testing applications in Windows 7 with Internet Explorer
9. The company's finance application accesses a vendor web page that does not function correctly in Windows 7. When the user enables Internet Explorer
Compatibility Mode for the vendor web page, it works correctly.
You need to support the company's future software deployments.
What should you recommend? (Choose all that apply.)
A. Package the new purchasing application and publish it by using a Group Policy object (GPO) that deploys to users of the new application.
B. Package the new purchasing application and assign it by using a Group Policy object (GPO) that deploys to all Windows XP computers in the Finance
C.
D.
E.
F.
department.
Use a Group Policy object (GPO) to add the vendor website to the Trusted Sites list on all computers in the Finance department.
Use a Group Policy object (GPO) to add the vendor website to the local intranet zone for all Windows 7 computers.
Use a Group Policy object (GPO) to add the vendor website to the compatibility view for all Windows XP computers in offices that use the old purchasing
application.
Use a Group Policy object (GPO) to add the vendor website to the compatibility view for all Windows 7 computers.
Correct Answer: AF
Section: (none)
Explanation
Explanation/Reference:
Topic 3, Scenario B
Background
You are the desktop architect for a company with 10,000 client computers. Client computers are either portable or desktop computers. All client computers run the
64-bit version of Windows 7 Enterprise.
Your network consists of a main office and four regional offices. Your network has an Active Directory Domain Services (AD DS) in a single-domain, single-forest
model. The forest and domain functional levels are set to Windows Server 2008 R2. There are four domain controllers in the main office and two additional domain
controllers in each regional office.
All servers run Windows Servers 2008 R2.
The regional offices are listed in the following table with users and WAN connection speeds.
Users in the New York office will have a Customer Relationship Management (CRM) application that is CPU-intensive and only runs on windows 2000 Professional.
The Toronto office uses a network-intensive application. All users in the Toronto office use a legacy CRM application that runs on Windows XP only.
The existing client computers are managed with Microsoft System Center Configuration Manager (ConfigMgr) 2007 R3.
Business Requirements
The following business requirements must be maintained or exceeded.
Software Asset Management
The company Software Asset Management (SAM) team has a policy that mandates that after operating systems are deployed, the operating system environment
(OSE) must be activated automatically before any additional updates or software are installed in the OSE. The Paris development group has a Key Management
Server (KMS) in an isolated test network. All engineering applications are required to maintain compliance with the license agreements of the application vendors.
Technology Requirements
You need to ensure that users can always receive operating system and application updates on the internal network and when away from the main office or branch
offices.
The mobile staff uses portable computers.
In the next remote update of the client computers, you need to deploy an Enterprise Resource Planning (ERP) add-on to Microsoft Internet Explorer. This add-on
must support a partner application and integrate with the remote users. The ERP Internet Explorer add-on does not support the 64-bit version of Windows 7.
Virtualization infrastructure
You use Microsoft Application Virtualization (App-V) to deliver applications to computers. You use Microsoft Hyper-V Server 2008 R2 to deliver VDI desktops in a
pool. All client operating systems deployed in the VDI pool must be automatically joined to the domain during the deployment process.
New Functionality
The fewest number of servers should be added to the environment to meet the technical goals. A new version of an existing engineering application must be
deployed to the users. The new application requires a dedicated graphics processing unit (GPU) with 2 GB of memory.
Technical Requirements
The following technical requirements must be maintained or exceeded.
Infrastructure Requirements
All applications and updates are required to be deployed with the same central management tool. Detailed reporting for compliance audits are required to be
available for all application and update deployments.
Application Compatibility
All current applications must be supported on Windows 7.
You are licensed for the latest version of the Microsoft Desktop and Optimization Pack (MDOP).
Operating System Environment (OSE) Requirements
·
You need to ensure that Internet Explorer 9 is not automatically installed on any of the computers in the Toronto office.
·
You need to ensure that the Internet Explorer Initial Wizard is not displayed on any Virtual Desktop Infrastructure (VDI) computers.
Security
All remote access must be logged and auditable. All VDI desktops computers must not send Customer Experience Improvement Program (CEIP) for Internet
Explorer or windows Live Messenger.
QUESTION 366
You are planning the deployment of the CRM application to the New York office. You need to recommend a deployment method to maximize the performance of the
application.
What should you recommend?
A.
B.
C.
D.
MED-V
Unified Access Gateway
Remote Desktop Connection Broker
App-V
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 367
You are replacing the desktop computers in the Chicago office.
You need to automate the migration of user profile data to the new computers. What should you recommend? (Choose all that apply.)
A.
B.
C.
D.
E.
state migration point
Windows Client Operating System Management Pack
Background Intelligent Transfer Server
Windows Easy Transfer
ConfigMgr custom task sequence
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 368
You have an AD DS security group named Toronto Users and another named Toronto Computers.
You are planning the deployment of a new browser by using Group Policy. You need to ensure that the computers in each office comply with company
requirements.
What should you recommend? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
G.
H.
Download the Internet Explorer 9 Administrative Kit.
Deploy the Internet Explorer 9 Blocker to the Toronto Users group.
Add all Toronto computers to the Toronto Computers security group.
Deploy the Internet Explorer 9 Admin Kit to the Toronto Users group.
Add all Toronto users to the Toronto Users security group.
Download the Internet Explorer 9 Blocker Toolkit.
Deploy the Internet Explorer 9 Admin Kit to the Toronto Computers group.
Deploy the Internet Explorer 9 Blocker to the Toronto Computers group.
Correct Answer: CFH
Section: (none)
Explanation
Explanation/Reference:
QUESTION 369
You need to recommend a Microsoft Enterprise Desktop Visualization (MED-V) image update strategy to meet company requirements.
What should you recommend?
A.
B.
C.
D.
windows Update
Windows Intune
ConfigMgr
Windows Deployment Services (WDS)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 370
You need to ensure that the company's remote computers receive Windows updates at the same time as the internal computers.
What should you do?
A.
B.
C.
D.
Implement System Center Operations Manager (OpsMgr)
Install the Windows Deployment Services (WDS) role.
Install BranchCache in distnbuted mode.
Deploy DtrectAccess.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 371
A company has client computers that run Windows 8.1. Each computer has two hard drives.
You need to create a dynamic volume on each computer that maximizes write performance.
Which kind of dynamic volume should you create?
A.
B.
C.
D.
Striped volume
RAID 5 volume
Spanned volume
Mirrored volume
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc737048%28v=ws.10%29.aspx What Are Dynamic Disks and Volumes?
..
Types of Dynamic Volumes
A dynamic volume is a volume that is created on a dynamic disk. Dynamic volume types include simple, spanned, and striped volumes.
Striped Volumes
Striped volumes improve disk input/output (I/O) performance by distributing I/O requests across disks. Striped volumes are composed of stripes of data of equal
size written across each disk in the volume. They are created from equally sized, unallocated areas on two or more disks. Striped volumes cannot be extended or
mirrored and do not offer fault tolerance. If one of the disks containing a striped volume fails, the entire volume fails, and all data on the striped volume becomes
inacces- sible. The reliability for the striped volume is less than the least reliable disk in the set.
Further Information:
RAID-5 Volumes
A RAID-5 volume is a fault-tolerant volume that stripes data and parity across three or more disks. Parity is a calculated value that is used to reconstruct data if one
disk fails. RAID-5 volumes are typically created by the user who requires fault-tolerance and who has at least three disks in their computer. If one of the disks in the
RAID-5 volume fails, the data on the remaining disks, along with the parity information, can be used to recover the lost data. RAID-5 volumes are well-suited to
storing data that will need to be read frequently but written to less frequently. Database applications that read randomly work well with the built-in load balancing of a
RAID-5 volume.
Spanned Volumes
Spanned volumes combine areas of unallocated space from multiple disks into one logical volume. The areas of unallocated space can be different sizes. Spanned
volumes require two disks, and you can use up to 32 disks.
Mirrored Volumes
A mirrored volume is a fault-tolerant volume that provides a copy of a volume on another disk. Mirrored volumes provide data redundancy by duplicating the
information contained on the volume. The two disks that make up a mirrored volume are known as mirrors. Each mirror is always located on a different disk. If one
of the disks fails, the data on the failed disk becomes unavailable, but the system continues to operate by using the unaffected disk.
Mirrored volumes are typically created by the user who requires fault-tolerance and who has two disks in their computer. If one disk fails, the user always has a copy
of their data on the second disk. Mirrored volumes provide better write performance than RAID-5 volumes.
QUESTION 372
A company has client computers that run Windows 8.1.
The company implements the following security requirements:
All client computers must use two-factor authentication.
At least one authentication method must include exactly
four characters or gestures.
You need to choose authentication methods that comply with the security requirements.
Which two authentication methods should you choose? (Each correct answer presents part of the solution. Choose two.)
A.
B.
C.
D.
PIN
Biometric authentication
Picture password
Microsoft account
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Something the user knows: PIN (4 digits)
One might be tempted to think the photo for the picture password is something the User has.
But it is something the User knows, too:
He knows how to draw the gestures (maximum 3 gestures supported with picture password), and it is no physical object (like a token, smart card ...)
The MS Account is too something the user knows.
So the answer must be Biometric authentication.
Two-factor authentication requires the use of two of the three authentication factors:
Something the user knows (e.g., password, PIN);
Something the user has (physical Object) (e.g., ATM card, smart card); and Something the user is (e.g., biometric characteristic, such as a fingerprint). The factors
are identified in the standards and regulations for access to U.S. Federal Government systems.
http://en.wikipedia.org/wiki/Multi-factor_authentication
Multi-factor authentication
..
Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S.
Federal Government systems. These factors are:
Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); and Something only the
user is (e.g., biometric characteristic, such as a fingerprint).
1. Something the user knows: PIN
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Sign in with PIN code (4-digit code) is not possible for a domain user, it is not even visible in PC Settings -> Users (if machine is not domain joined you see it). To
enable it for even domain joined computer/users you can enable the policy Turn on PIN sign-in and it becomes visible.
2. Something only the user is: Biometric authentication
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Biometric in Windows 8 is built on Windows Biometric Framework and relies on Windows Biometric service that is set to start up manual by default.
Further information:
Something the user knows: Picture password
Problem: limited to 3 gestures
Something the user knows: Microsoft account
Problem: not limited to 4 characters
QUESTION 373
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
A local printer is shared from a client computer. The client computer user is a member of the Sales AD security group.
You need to ensure that members of the Sales security group can print to the shared printer and modify only their own print jobs.
Which permission should you grant to the Sales group?
A.
B.
C.
D.
E.
Manage queue
Print
Manage documents
Manage this printer
Manage spooler
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx Group types
There are two types of groups in Active Directory: distribution groups and security groups. You can use distribution groups to create e-mail distribution lists and
security groups to assign permissions to shared resources.
Security groups
Used with care, security groups provide an efficient way to assign access to resources on your network.
Using security groups, you can:
Assign user rights to security groups in Active Directory
Assign permissions to security groups on resources
http://my.safaribooksonline.com/book/operating-systems/9780133118025/sharing-printers/ch21lev2sec24 Setting Printer Permissions
If you have a workgroup network and have disabled Password Protected Sharing, or if you have set up a homegroup, you don't need to worry about setting
permissions for printers: anyone can use your shared printer. If you're on a domain network or have chosen to use detailed user-level permissions on your
workgroup network, you can control access to your shared printers with security attributes that can be assigned to users or groups, as shown in Figure 21.9 and
described next:
The Security tab lets you assign printer-management permissions for users, groups, and the creator of each print job.
QUESTION 374
Your computer runs Windows 8.1 and is connected to an Active Directory Domain Services (AD DS) domain.
You create a folder and share the folder with everyone in your organization.
You need to modify the NTFS permissions of the folder to meet the following criteria:
Users from the Supervisors AD security group must be able to open files, but not modify them.
Users from the Marketing AD security group must be able to create, modify, and delete files.
Users from both groups must not be able to delete the folder.
Which permissions should you set?
A. Assign the Supervisors group the Read and Write permissions. Assign the Marketing group the Modify permission and the Delete Subfolders and Files special
permission.
B. Assign the Supervisors group the Read and Write permissions. Assign the Marketing group the Full Control permission.
C. Assign the supervisors group the Read permission. Assign the Marketing group the Read and Write permissions and the Delete Subfolders and Files special
permission.
D. Assign the Supervisors group the Read permission. Assign the Marketing group the Read and Write permissions and the Delete special permission.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/bb727008.aspx
File and Folder Permissions
On NTFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.
File and Folder Permissions:
Special Permissions for Files:
Special Permissions for Folders:
QUESTION 375
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows Vista and are members of the domain. A Group Policy
object (GPO) configuring a software restriction policy is implemented in the domain to block a specific application.
You upgrade a computer to Windows 8.1 and implement a GPO that configures an AppLocker rule in the domain. The blocked application runs on the Windows 8.1
computer but not on the Windows Vista computers.
You need to ensure that the application is blocked from running on all computers and the AppLocker rule is applied to the computers in the domain.
What should you do?
A. Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.
B. Run the Get-AppLockerPolicy Windows PowerShell cmdlet.
C. Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
D. Configure the software restriction policy as a local policy on the Windows 8.1 computer.
E. Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/library/hh994614
Use AppLocker and Software Restriction Policies in the Same Domain
AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier.
You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2,
Windows 7 and later. It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running
Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP
policies are ignored.
http://technet.microsoft.com/en-us/library/ee791851%28v=ws.10%29.aspx Both SRP and AppLocker use Group Policy for domain management. However, when
SRP policies and AppLocker policies exist in the same domain and applied through Group Policy, AppLocker policies will take precedence over SRP policies on
computers running Windows Server 2012, Windows Server 2008 R2, Windows 8 or Windows 7.
As an example of how both types of policy would affect the bank's "Teller software" application, consider the following scenario where the application is deployed on
different Windows desktop operating systems and managed by the Tellers GPO.
Further Information:
http://technet.microsoft.com/en-us/library/hh847214.aspx
Get-AppLockerPolicy
The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified Group Policy Object (GPO), or the effective
policy on the computer. By default, the output is an AppLockerPolicy object. If the XML parameter is used, then the output will be the AppLocker policy as an XML-
formatted string.
technet.microsoft.com/en-us/library/hh849812.aspx
Set-ExecutionPolicy
The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows
PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.
QUESTION 376
A company has client computers that run Windows 8.1. Users store data on company-issued USB flash drives.
You establish that users are able to store data on personally owned USB flash drives.
http://www.gratisexam.com/
You need to ensure that users can save data on company flash drives but not on personal flash drives.
What should you do?
A.
B.
C.
D.
Disable driver signature enforcement.
Run Device Manager as an administrator.
In the local Group Policy, modify the device installation restrictions.
In the system properties for hardware, modify the device installation settings.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
You could prevent installation of mass storage devices but use the "Allow administrators to override" setting to ensure an administrator could get the flash drive
installed.
Further information:
http://msdn.microsoft.com/en-us/library/bb530324.aspx
Step-By-Step Guide to Controlling Device Installation Using Group Policy
Group Policy Settings for Device Installation
To enable control over device installation, Windows Vista and Windows Server 2008 introduce several policy settings. You can configure these policy settings
individually on a single computer, or you can apply them to a large number of computers through the use of Group Policy in an Active Directory domain. Whether
you want to apply the settings to a stand-alone computer or to many computers in an Active Di- rectory domain, you use the Group Policy Object Editor to configure
and apply the policy settings.
The following is a brief description of the DMI policy settings that are used in this guide. Prevent installation of devices not described by other policy settings. This
policy setting controls the installation of devices that are not specifically described by any other policy setting. If you enable this policy setting, users cannot install
or update the driver for devices unless they are described by either the Allow installation of devices that match these device IDs policy setting or the Allow
installation of devices for these device classes policy setting. If you disable or do not configure this policy setting, users can install and update the driver for any
device that is not described by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device
classes policy setting, or the Prevent installation of removable devices policy setting.
...
Allow installation of devices that match any of these device IDs. This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs that describe
devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is
enabled and does not take precedence over any policy setting that would prevent users from installing a device. If you enable this policy setting, users can install
and update any device with a hardware ID or compatible ID that matches an ID in this list if that installation has not been specifically prevented by the Prevent
installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation
of removable devices policy setting. If another policy setting prevents users from installing a device, users cannot install it even if the device is also described by a
value in this policy setting. If you disable or do not configure this policy setting and no other policy describes the device, the Prevent installation of devices not
described by other policy settings policy setting determines whether users can install the device.
QUESTION 377
You manage computers that run Windows 8.1.
You plan to install a desktop app named MarketingApp on one of the client computers.
You need to display a progress bar to the user while installing the app.
Which command should you run?
A.
B.
C.
D.
msiexec /i marketingapp.msi Jqn
msiexec /i marketingapp.msi /qb
msiexec /x marketingapp.msi /qb
msiexec /x marketingapp.msi /qn
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc759262(v=ws.10).aspx /i installs or configures a product
/qb displays a basic user interface
/qn Displays no user interface.
/x Uninstalls a product.
QUESTION 378
A company has 10 client computers that run Windows 8.1. You are responsible for technical support. You purchase a support tool from the Windows Store while
logged in with your Microsoft account.
You install the support tool on several client computers.
Three months later, you attempt to install the support tool on another client computer. The installation fails.
You need to ensure that you can install the support tool on the client computer.
What should you do?
A. Log in with your Microsoft account and remove a computer from the Windows Store device list.
B. On the computer on which you want to install the tool, synchronize the Windows Store application licenses.
C. Disassociate your Microsoft account from the computer on which you want to install the tool.
Then reassociate your Microsoft account with the computer.
D. Reset your Microsoft account password.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
You could prevent installation of mass storage devices but use the "Allow administrators to override" setting to ensure an administrator could get the flash drive
installed.
http://windows.microsoft.com/en-us/windows-8/windows-store-install-apps-multiple-pcs You can remove a PC from your account when you're signed in to the Store
on any PC. After you've removed a PC from your account, you won't be able to use the apps that were installed from the Store on that PC.
Further information:
http://windows.microsoft.com/en-us/windows-8/what-troubleshoot-problems-app Troubleshoot problems with an app
Sync app licenses
If a license for an app is out of sync with the license installed on your PC, the app might stop working.
QUESTION 379
You update the video card driver on a computer that runs Windows 8.1.
You can no longer configure the display settings to extend the display to a projector.
You need to restore the display options as quickly as possible and retain all user data.
What should you do?
A.
B.
C.
D.
Roll back the video card driver to the previous version.
Run the DisplaySwitch/extend command.
Run the sic /scannow command.
Start the computer from the Windows 8.1 installation media and perform a system image recovery.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Rolling back the driver is the simplest and fastest solution.
Example:
Further Information:
The DisplaySwitch /extend command might not work is the driver is broken. The sfc /scannow command checks system files for consistency.
And a system image recovery will affect the user data.
QUESTION 380
A company has an Active Directory Domain Services (AD DS) domain with one physical domain controller. All client computers run Windows 8.1.
A client computer hosts a Windows 8.1 virtual machine (VM) test environment. The VMs are connected to a private virtual switch that is configured as shown in the
Virtual Switch Manager exhibit. (Click the Exhibit button.)
The VMS are unable to connect to the domain controller. You have the following requirements:
Configure the test environment to allow VMs to communicate with the domain controller.
Ensure that the VMs can communicate with other VMS fl the test environment when the domain controller is unavailable.
You need to meet the requirements.
What should you do first?
A.
B.
C.
D.
Create a new virtual switch with an Internal Network connection type.
Create a new virtual switch with a Private Network connection type.
Create a new virtual switch with an External Network connection type.
Change the connection type of the private virtual switch to Internal only.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-2-configure-hardware-and- applications-16/
Virtual switches/ Hyper-V VLAN you can create 3 different types of virtual switches depending the needs of your virtual machines and one single machine can use
multiple virtual NICs that is member of different Virtual Switches.
External This virtual switch binds to the physical network adapter and create a new adapter you can 1.
see in Control Panel\Network and Internet\Network Connections so if a virtual machine needs contact outside the host machine this one is a must.
Internal This virtual switch can be used to connect all virtual machines and the host machine but can- 2.
not go outside that.
Private This virtual switch can only be used by the virtual host 3.
Further information:
http://technet.microsoft.com/en-us/library/cc816585%28v=ws.10%29.aspx Configuring Virtual Networks
..
Private will not allow communication with the host machine. External will allow communication with the host machine but also allow access to other machines on the
host machine's network.
QUESTION 381
A company has lab computers that run Windows 8.1. On all lab computers, Internet Explorer has the Display intranet sites in Compatibility View option enabled and
the Download updated compatibility lists from Microsoft option disabled. All lab computers access only internal corporate websites.
A corporate website was designed for a previous version of Internet Explorer. When viewed on the lab computers, menus and images on the website are displayed
out of place.
You need to ensure that all corporate websites display correctly on the lab computers.
What should you do?
A.
B.
C.
D.
Enable the Display all websites in Compatibility View option.
Manually add the corporate website to the compatibility view settings.
Manually download an updated compatibility list from Microsoft.
Disable the Display intranet sites in Compatibility View option.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Fix site display problems with Compatibility View
Sometimes websites don't look like you expect them toimages might not appear, menus might be out of place, and text could be jumbled together. This might be
caused by a compatibility problem between Internet Explorer and the site you're on. Sometimes this can be fixed by adding the site to your Compatibility View list.
QUESTION 382
You administer Windows 8.1 Pro computers in your company network. The computers are configured to allow remote connections. You attempt to create a Remote
Desktop Connection to a computer named Computer1. You receive the following message: ''Remote Desktop can't connect to the remote computer."
You are able to ping Computer1. You discover that Remote Desktop Firewall rules are not present on Computer1.
You need to connect to Computer1 by using Remote Desktop.
Which PowerShell commands should you run on Computer1?
A.
B.
C.
D.
New-NetFirewallRule -DisplayNameRdpTCPin -localPort 3389 -Protocol TCP
Set-NetFirewallRule -Name RemoteSvcAdmin-In-TCP -Enabled True
New-NetFirewallRule -DisplayNameRdpTCPout -localPort 3389 -Protocol TCP -Direction Out -Action Allow
Set-NetFirewallRule -Name RemoteFwAdmin-In-TCP -Enabled True
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj554908.aspx
New-NetFirewallRule
Creates a new inbound or outbound firewall rule and adds the rule to the target computer.
Syntax
New-NetFirewallRule -DisplayName <String> [-Action <Action> ] [-AsJob] [-Authentication <Authentica- tion> ] [-CimSession <CimSession[]> ] [-Description
<String> ] [-Direction <Direction> ] [-DynamicTarget <DynamicTransport> ] [-EdgeTraversalPolicy <EdgeTraversal> ] [-Enabled <Enabled> ] [-Encryption <Encryption> ] [-GPOSession <String> ] [-Group <String> ] [-IcmpType <String[]> ] [-InterfaceAlias <Wildcard- Pattern[]> ] [-InterfaceType <InterfaceType> ] [LocalAddress <String[]> ] [-LocalOnlyMapping <Boolean> ] [-LocalPort <String[]> ] [-LocalUser <String> ] [-LooseSourceMapping <Boolean> ] [-Name <String> ] [OverrideBlockRules <Boolean> ] [-Owner <String> ] [-Package <String> ] [-Platform <String[]> ] [-PolicyStore <String> ] [-Profile <Profile> ] [-Program <String> ] [Protocol <String> ] [-RemoteAddress <String[]> ] [-RemoteMachine <String> ] [-RemotePort <String[]> ] [-RemoteUser <String> ] [-Service <String> ] [-ThrottleLimit
<Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
The New-NetFirewallRule cmdlet creates an inbound or outbound firewall rule and adds the rule to the target computer.
http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
Remote Desktop Protocol
By default, the server listens on TCP port 3389 and UDP port 3389.
QUESTION 383
A client computer runs Windows 8.1 and has a 1 TB hard disk drive. You install several third- party desktop apps on the computer. The hard disk drive has very little
available space.
After you install an app update, the computer becomes unresponsive.
You have the following requirements:
Return the computer and applications to an operational state.
Free additional hard disk space.
You need to meet the requirements by using the least amount of administrative effort.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
Run the Remove everything and install Windows feature.
Configure the maximum disk space usage for System Restore to 1%.
Configure the maximum disk space usage for System Restore to 5%.
Run the Refresh your PC without affecting your files feature.
Perform a system restore on the client computer.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
The default value for System Restore is 5%. In order to free up some space, we need to lower it, in this case to 1%.
http://windows.microsoft.com/en-us/windows-8/restore-refresh-reset-pc How to refresh, reset, or restore your PC
If you're having problems with your PC, you can try to refresh, reset, or restore it. Refreshing your PC reinstalls Windows and keeps your personal files and
settings. It also keeps the apps that came with your PC and the apps you installed from the Windows Store. Resetting your PC reinstalls Windows but deletes your
files, settings, and apps -- except for the apps that came with your PC. Restoring your PC is a way to undo recent system changes you've made.
QUESTION 384
A company has a client computer that runs Windows 8.1 with secure boot enabled. You install a third-party adapter with an Option ROM in the computer.
When you start the computer, it starts in the Windows Recovery Environment (Windows RE).
You need to ensure that the computer starts normally.
What should you do?
A.
B.
C.
D.
Install a Trusted Platform Module (TPM) chip.
Start the computer in Safe Mode. Then update the adapter drivers.
Replace the third-party adapter with an adapter that is signed by a trusted Certificate Authority (CA).
Create a self-signed certificate. Associate the certificate with the third-party adapter.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/hh824987.aspx
Secure Boot Overview
Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC
manufacturer.
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the
signatures are good, the PC boots, and the firmware gives control to the operating system.
Frequently asked questions:
Q: What happens if my new hardware isn't trusted?
A:
Your PC may not be able to boot. There are two kinds of problems that can occur:
The firmware may not trust the operating system, option ROM, driver, or app because it is not trusted by the Secure Boot database.
Some hardware requires kernel-mode drivers that must be signed. Note: many older 32-bit (x86) drivers are not signed, because kernel-mode driver signing is a
recent requirement for Secure Boot.
Q: How can I add hardware or run software or operating systems that haven't been trusted by my manufacturer?
A:
You can check for software updates from Microsoft and/or the PC manufacturer. You can contact your manufacturer to request new hardware or software to be
added to the Secure Boot database.
For most PCs, you can disable Secure Boot through the PC's BIOS.
Q: How do I edit my PC's Secure Boot database?
A: This can only be done by the PC manufacturer.
QUESTION 385
A company has an Active Directory Domain Services (AD DS) domain. The company has 100 client computers and tablets that run Windows 8.1. Each user has a
unique local user account on each device he or she uses.
The company wants to simplify the logon process for atl users.
You have the following requirements:
Reduce the number of unique user accounts for each user.
Unify the initial Windows 8.1 theme across all Windows 8.1
devices.
Ensure that Windows Store apps maintain the last used state across all Windows 8.1 devices.
You need to configure an authentication method that meets the requirements.
Which authentication method should you configure?
A.
B.
C.
D.
Pin
Microsoft account
Active Directory user account
Picture password
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
http://windows.about.com/od/windowsforbeginners/fl/How-to-Synchronize-Account-Data-and-More-with- Windows-8-and-81.htm
How to Synchronize Account Data and More with Windows 8 and 8.1
While Windows 8 has a lot of cool features to entice users, arguable the coolest is Account sync. For those who choose to log in to their Windows 8 devices with a
Microsoft account, Windows 8 can synchronize a ton of information from one device to the next. You can choose to sync everything from basic settings to
themes and wallpapers. Windows 8.1 users can even sync modern applications between accounts.
http://windows.microsoft.com/en-us/windows-8/connect-microsoft-domain-account Connect your Microsoft account to your domain account
You can connect your Microsoft account to your domain account and sync your settings and preferences between them. For example, if you use a domain account
in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other
Microsoft account settings that you see on your home PC. You'll also be able to use Microsoft account services from your domain PC without signing in to them
individually.
QUESTION 386
You administer Windows 7 client computers in your company network. The computers are members of an Active Directory Domain Services (AD DS) domain and
have 16-bit applications installed.
You plan to upgrade all of the computers from Windows 7 to Windows 8.1.
You need to ensure that the 16-bit applications will continue to run on Windows 8.1.
What are two version of Windows 8.1 that you could use to achieve this goal? (Each correct answer presents a complete of the solution. Choose two.)
A.
B.
C.
D.
E.
Windows 8.1 Pro (64-bit)
Windows 8.1 Enterprise (64-bit)
Windows 8.1 Pro (32-bit)
Windows RT
Windows 8.1 Enterprise (32-bit)
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
http://www.neowin.net/news/microsoft-windows-8-32-bit-can-still-run-16-bit-apps Microsoft: Windows 8 32-bit can still run 16-bit apps
In response to a comment from a user, Microsoft has revealed in a new post on the Building Windows 8 Twitter page that people interested in running much older
software can still do so on the 32-bit version of Windows 8. Microsoft states: " ... you can run 16 bit apps on 32 bit Windows 8. 64 bit doesn't include the subsystem
at all for a variety of reasons."
QUESTION 387
You use a computer that has Windows 8.1 Pro installed.
Your personal files are stored in a storage pool that is distributed across multiple USB drives.
You need to configure a daily backup solution that meets the following requirements:
Automatically backs up all of your personal files that are located in the storage pool.
Automatically backs up operating system files.
Ensures that you can restore any file.
What should you do?
A. Create a recovery drive.
B. Turn on File History.
C. Configure Windows 7 File Recovery.
D. Configure system protection.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 388
A computer that runs Windows 8.1 is configured with a 2 TB storage pool. The storage pool currently shows 1 TB of available space.
You try to save 100 MB of files to the storage drive. An error message states that the drive is full.
You need to make an additional 1 TB of space available in the storage pool.
What should you do?
A.
B.
C.
D.
Connect a 1 TB drive to the computer and add the new drive to the storage pool.
Connect a 1 TB drive to the computer and assign a drive letter to the new drive.
Set the resiliency type of the storage pool to Parity.
Set the logical size of the storage pool to 2 TB.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Ref: http://blogs.msdn.com/b/b8/archive/2012/01/05/virtualizing-storage-for-scale-resiliency- and-efficiency.aspx
QUESTION 389
You are troubleshooting a computer that runs Windows 8.1. The computer is not joined to a domain.
You are unable to change any of the advanced Internet options, which are shown in the Advanced Internet Options exhibit. (Click the Exhibit button.)
You need to ensure that you can change the advanced Internet options.
Which tool should you use?
A.
B.
C.
D.
Credential Manager
Authorization Manager
Group Policy Object Editor
Ease of Access Center
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
http://technet.microsoft.com/en-us/library/cc731745.aspx
Open the Local Group Policy Editor
To open the Local Group Policy Editor from the command line Click Start , type gpedit.msc in the Start Search box, and then press ENTER .
http://technet.microsoft.com/en-us/library/gg699401.aspx
Group Policies in Internet Explorer 9
Group Policy provides a secure way to control Microsoft® Windows® Internet Explorer® 9 configurations.
QUESTION 390
You use a Windows 8.1 computer. You pin some of your favorite websites to the Start screen.
When you click a pinned website, the site opens in Internet Explorer.
You need to ensure that the pinned websites open in Internet Explorer for the desktop.
What should you do?
A.
B.
C.
D.
In Internet Options, set Choose how you open links to Always in Internet Explorer on the desktop.
In Internet Options, select Open Internet Explorer tiles on the desktop.
In Internet Options, select Enable flip ahead.
In Internet Options, set Choose how you open links to Let Internet Explorer decide.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.msdn.com/b/ie/archive/2012/03/26/launch-options-for-internet-explorer-10-on-windows-8.aspx Launch Options for Internet Explorer 10 on Windows 8
Opening Internet Explorer from the Start Screen
In addition to controlling how Windows opens links, the Browser Launch Settings also provide users with options on how Internet Explorer application tiles launch
from the Start screen. Internet Explorer's application tile is the default launching point for the browser on the Start screen. You create pinned site tiles when you pin
sites to the Start screen. The setting "Open Internet Explorer tiles on the desktop" controls what happens when you click the Internet Explorer or pinned site tile.
QUESTION 391
You administer Windows 8.1 Enterprise client computers in your company network.
You change settings on a reference computer by using the Windows Firewall with Advanced Security tool. You want to apply the same settings to other computers.
You need to save the windows Firewall with Advanced Security configuration settings from the reference computer. You also need to be able to import the
configuration settings into a Group Policy object later.
What should you do?
A.
B.
C.
D.
Open Local Group Policy Editor, select the Local Policies node, and then select the Export List action.
Open Local Group Policy Editor, select the Security Settings node, and then select the Export List action.
Run the netshadvfirewall export c:\settings.wfw command.
Run the netshadvfirewall export c:\settings.xml command.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
* Netshadvfirewall is a command-line tool for Windows Firewall with Advanced Security that helps with the creation, administration, and monitoring of Windows
Firewall and IPsec settings and provides an alternative to console-based management. T
* Export subcommand
Exports the Windows Firewall with Advanced Security configuration in the current store to a file. This file can be used with the import command to restore the
Windows Firewall with Advanced Security service configuration to a store on the same or to a different computer.
Syntax
export [ Path ] FileName
Parameters
[ Path ] FileName
Required. Specifies, by name, the file where the Windows Firewall with Advanced Security configuration will be written. If the path, file name, or both contain
spaces, quotation marks must be used. If you do not specify Path then the command places the file in your current folder. The recommended file name extension is
.wfw.
Example
In the following example, the command exports the complete Windows Firewall with Advanced Security service configuration to the file C:\temp\wfas.wfw.
export c:\temp\wfas.wfw
Reference: Netsh Commands for Windows Firewall with Advanced Security
QUESTION 392
A company has Windows 8.1 client computers. A client computer named COMPUTER1 has a shared folder named Computer1 located in the user's Downloads
folder. Computer1 is shared only with employees in the Marketing department. All Marketing employees can connect to Computer1 from their client computers.
A Marketing employee is unable to connect to Computer1 from a legacy device that is not compatible with the Windows 8.1 default sharing settings. The device is
able to connect to resources on other client computers.
You need to configure COMPUTER1 to allow the device to connect to Computer1.
Which setting should you enable?
A.
B.
C.
D.
E.
Turn off network discovery
Use 128-bit encryption to help protect file sharing connections
Turn on sharing so anyone with network access can read and write files in the Public folders
Enable file sharing for devices that use 40- or 56-bit encryption
Turn off password protected sharing
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.eightforums.com/tutorials/9925-file-sharing-connections-encryption-change-settings-windows-8-a.html How to Change File Sharing Connections
Encryption Settings in Windows 8 and 8.1
Windows 8 uses 128-bit encryption to help protect file sharing connections. Some devices don't support 128-bit encryption and must use 40- or 56-bit encryption.
QUESTION 393
You administer Windows 8.1 computers in your company network.
Music files with the MP3 extension are opening in the Music Windows Store app.
You need to ensure that MP3 files always open in the Windows Media Player desktop application.
What should you do?
A. From Control Panel, open Default Programs, open Set your default programs, and then in associations for Music, clear the .mp3 selection.
B. From Windows Media Player, select Options, and then on the Player tab, select the Add local media files to library when played option.
C. Right-click an MP3 file, select Open With, choose default program, and then select Windows Media Player with the use this app for all .MP3 files option
selected.
D. From Control Panel, open Default Programs, open Change AutoPlay setting, and then select the Play (Windows Media Player) setting for Music.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The default program for mp3 files is the Music metro app. You can even notice the icon for the mp3 file:
But you can change the default file association:
And notice at once the different file icon:
Further Information:
http://anewdomain.net/2013/07/29/how-to-change-file-associations-in-windows-8-open-files-dirct-from-desktop- easy/
How to Change File Associations in Windows 8.1, Open Files From the Desktop
http://blogs.technet.com/b/mniehaus/archive/2014/01/10/configuring-file-associations-in-windows-8-1.aspx Configuring file associations in Windows 8.1
QUESTION 394
A Windows 8.1 computer hosts multiple virtual machines. The computer contains one hard drive with two partitions.
You need to configure a new virtual machine to use the second physical partition of the host computer as the primary boot device.
What kind of virtual hard disk should you use?
A.
B.
C.
D.
Pass-through
Fixed-size
Differencing
Dynamic
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windowsitpro.com/virtualization/hyper-v-disk-configuration-options Hyper-V Disk Configuration Options
..
VHDs: Fixed, Dynamic, Differencing
By default, new VMs are created with an attached VHD. These disks represent Microsoft's open format for virtual disks, and they have some very useful benefits.
..
Another important consideration with Hyper-V disks is managing storage capacity. Hyper-V has three options for creating new VHDs: fixed size, dynamically
expanding, and differencing. As you can probably guess, fixed-size VHDs provision the entire disk size as the disk is created. Dynamically expanding disks
consume only as much space as is actually used by data on the disk.
..
Differencing VHDs let you link multiple VHDs to one another.
..
Pass-Through Disks
Yet another type of disk, called a pass-through disk, isn't a VHD at all. These disks are created by attach- ing a disk volume to a Hyper-V host, typically through
either an iSCSI or Fibre Channel connection. After the disk volume is attached to the Hyper-V host, the disk is then passed through to an awaiting VM-- hence the
name.
Further Information:
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx Configuring Pass-through Disks in Hyper-V
QUESTION 395
You attach an external drive to a Windows 8.1 computer.
You need to ensure that scheduled defragmentation does not run on the external drive.
What should you do?
A.
B.
C.
D.
Disable write caching on the external drive.
Run the defrag command and configure the schedule settings.
Run the diskpart command and select the external drive.
Configure the Optimize Drives setting to exclude the external drive.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://www.eightforums.com/tutorials/8616-optimize-drives-schedule-change-windows-8-a.html How to Change "Optimize Drives" Schedule Settings in Windows 8
and 8.1
Optimize Drives, previously called Disk Defragmenter, helps to optimize the different types of drives that PCs use today. No matter which type of drive your PC
uses, Windows automatically chooses the optimization that's right for your drive.
By default, Optimize Drives runs automatically on a weekly schedule during the time you have set for automatic maintenance. But you can also optimize drives on
your PC manually.
..
3. To Turn Off Scheduled Optimization of All Drives in Windows 8
A) Under Scheduled optimization, click/tap on the Change Settings button. (see screenshot below)
B) If prompted by UAC, then click/tap on Yes.
C) Uncheck the Run on a schedule box, and click/tap on OK. (see screenshot below)
QUESTION 396
You administer Windows RT tablets in your company network. All users in the company have Microsoft Exchange Server 2010 mailboxes and access them by
using Outlook Web Access or Outlook 2010. All tablets are registered on the Microsoft Exchange server as mobile devices.
A user informs you that he has lost his tablet. The user is able to connect to the company network from his home computer.
You need to delete Microsoft Exchange information from the lost tablet.
Which application should you use?
A.
B.
C.
D.
Outlook 2010
Outlook Web Access
Active Directory Users and Computers
Routing and Remote Access Server
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://office.microsoft.com/en-us/outlook-help/delete-all-information-from-your-lost-phone-or-tablet- HA102834573.aspx
Delete all information from your lost phone or tablet
If you use your phone or tablet to access your mailbox, your phone or tablet likely stores a lot of sensitive information, such as personal identification or confidential
communications.
If you lose your phone, you should immediately remove all information from the phone. You can do that from your mailbox by using a process called remote device
wipe.
Important
You can only clear the data from a device if it was set up to use Exchange ActiveSync. If you're not sure whether your phone was set up to use Exchange
ActiveSync, you can simply try the procedure below and find out. For more information, see "What else do I need to know?" later in this topic.
Remove all data from your phone or tablet
Sign in to your account using Outlook Web App. For help signing in to your account, see Sign in to 1.
Outlook Web App.
In Outlook Web App, on the toolbar, click Settings GearIcon > Options < phone < mobile devices.
2.
Select the phone or tablet that you want to wipe.
3.
Click Wipe Device.
4.
Click OK.
5.
Click Remove Phone from List.
6.
Further Information:
http://oxfordsbsguy.com/2014/05/19/how-to-remote-wipe-a-mobile-phone-using-outlook-web-access/ How to remote wipe a mobile phone using Outlook Web
Access
In this post I walk through how to remote wipe your mobile phone using Microsoft Outlook Web Access. This can be useful if you have lost your phone or it had it
stolen, or if you have just replaced it with a new one.
..
Highlight the device you want to wipe (it is quite possible you have a number of devices here if you have had several company phones). You can check the last sync
date, or highlight the phone and click the De- tails button for further information on the phone. Next click Wipe Device.
Click Yes at the "Are you sure you want to wipe your device?" prompt.
Once your phone is wiped you can highlight it and click the Delete button, to remove it from your account.
QUESTION 397
Two Windows 8.1 computers named COMPUTER1 and COMPUTER2.
You connect from COMPUTER1 to COMPUTER2 by using Remote Desktop. You are unable to copy any files between COMPUTER1 and COMPUTER2 during the
Remote Desktop session.
You need to ensure that you can copy files between the computers during the Remote Desktop session.
What should you do?
A.
B.
C.
D.
On COMPUTER1, open Remote Desktop Connection and configure the Local devices and resources settings.
On COMPUTER2, add COMPUTER1 to the trusted hosts in Windows Remote Management (WinRM).
On COMPUTER2, open Remote Desktop Connection and configure the Local devices and resources settings.
On COMPUTER1, add COMPUTER2 to the trusted hosts in Windows Remote Management (WinRM).
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://technet.microsoft.com/en-us/library/cc770631.aspx
Make Local Devices and Resources Available in a Remote Session
Remote Desktop Services provides users the ability to access their local devices and resources in remote sessions. Users can access resources such as local
drives, printers, the Clipboard, and supported Plug and Play devices. This is usually referred to as redirection.
http://windows.microsoft.com/en-us/windows7/how-can-i-use-my-devices-and-resources-in-a-remote-desktop- session
How can I use my devices and resources in a Remote Desktop session?
Redirecting a device on your computer makes it available for use in a Remote Desktop session. If you have a recent version of Remote Desktop, you can redirect
most devices, including printers, smart cards, serial ports, drives, Plug and Play devices, media players based on the Media Transfer Protocol (MTP), and digital
cameras based on the Picture Transfer Protocol (PTP). Some USB devices can be redirected, and you can also redirect your Clipboard.
Further Information:
http://www.technicaloverload.com/access-local-drives-over-remote-desktop-connection/ Access Local Drives over Remote Desktop Connection
It's possible to access your local drives over a Remote Desktop Connection by enabling a setting which is disabled by default. First open the RDC client and click
the Show Options button at the bottom. Go to the Local Resources tab and then the More... button in the Local devices and resources section:
In the local devices and resources window, expand the Drives tree and select the local drives you would like to have access to.
Now you can open a connection and access the drive like any other. Below is a screenshot of a local drive labeled C on `Computer Name' in Windows Explorer.
QUESTION 398
You administer Windows 8.1 Pro computers in your company network. All computers are members of an Active Directory Domain Services (AD DS) domain.
A server named Server1 runs Windows Server 2012 and has an IP address of 10.10.10.20. Server1 is configured to use port 10987 for Remote Desktop
connections.
From your Windows 8.1 computer, you need to create a Remote Desktop connection to Server1.
What should you do?
A.
B.
C.
D.
From the General tab of your Remote Desktop connection, enter 10.10.10.20 port: 10987.
Create a new Remote Desktop connection, and then set the Local Computer policy to Disable drives redirection for Remote Desktop Services.
From the Advanced tab of your Remote Desktop connection, configure the port of Server1 in the server authentication field.
Run mstsc.exe /v:10.10.10.20:10987.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows/command-line-parameters-remote-desktop- connection#1TC=windows-7
Use command line parameters with Remote Desktop Connection
Syntax
mstsc [<connection file>] [/v:<server[:port]>] [/admin] [/f[ullscreen]] [/w:<width>] [/h:<height>] [/public] | [/span] [/edit "connection file"] [/migrate] [/?]
Command line parameters for Remote Desktop Connection
/v:<server[:port]>
Specifies the remote computer that you want to connect to.
....
QUESTION 399
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain. All client computers are
shared. Employees can log on to any client computer by using individual accounts.
The company implements a new security policy.
You have the following requirements:
Ensure that each employee can log on to all computers by using his or her account.
Ensure that employees can reset their credentials from any client computer.
You need to choose authentication methods that meet the requirements.
Which two authentication methods meet the requirements? (Each correct answer presents a complete solution. Choose two.)
A.
B.
C.
D.
E.
Active Directory user account
Local user account
Microsoft account
Pin
Picture password
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
http://windows.microsoft.com/en-us/windows-8/connect-microsoft-domain-account Connect your Microsoft account to your domain account
You can connect your Microsoft account to your domain account and sync your settings and preferences between them. For example, if you use a domain account
in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other
Microsoft account settings that you see on your home PC. You'll also be able to use Microsoft account services from your domain PC without signing in to them
individually.
QUESTION 400
A company has Windows 8.1 client computers.
A user stores files in multiple locations.
You need to determine which of the locations will be included in File History.
Which three of the following file locations are included in File History? (Each correct answer presents part of the solution. Choose three.)
A.
B.
C.
D.
%appdata%
Public Documents and Public Pictures
My Documents and My Pictures
Contacts, Desktop, and Favorites
E. C:\Program Files
F. All user profile folders
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
http://blogs.msdn.com/b/b8/archive/2012/07/10/protecting-user-files-with-file-history.aspx Protecting user files with File History
File History is a backup application that continuously protects your personal files stored in Libraries, Desk- top, Favorites, and Contacts folders. It periodically (by
default every hour) scans the file system for changes and copies changed files to another location. Every time any of your personal files has changed, its copy will
be stored on a dedicated, external storage device selected by you. Over time, File History builds a complete history of changes made to any personal file.
It's a feature introduced in Windows 8 that offers a new way to protect files for consumers. It supersedes the existing Windows Backup and Restore features of
Windows 7.
File History only saves copies of files that are in your libraries, contacts, favorites, and on your desktop. If you have folders elsewhere that you want backed up, you
can add them to one of your existing libraries or create a new library.
http://www.dummies.com/how-to/content/back-up-your-computer-with-windows-8-file-history.html Back Up Your Computer with Windows 8 File History
..
File History backs up everything in your libraries: Documents, Music, Pictures, and Videos, as well as the Public folders. That's natural because that's where you
store your files.
...
Further Information:
Default settings:
QUESTION 401
You use a Window 8.1 tablet. The tablet receives Windows Update updates automatically from the Internet. The tablet has Wi-Fi and is connected to a 3G mobile
broadband Wi-Fi hot spot.
You need to minimize data usage while connected to this hot spot.
What should you do?
A. Edit the Inbound Rule of Windows Firewall, and then disable Internet Control Message Protocol (ICMP) traffic.
B.
C.
D.
E.
Configure the broadband connection as a metered network.
Configure the interface metric of IP settings for Wi-Fi connection as 1.
Turn on Airplane Mode.
Disable File and Print Sharing for mobile broadband connections.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://windows.microsoft.com/en-us/windows-8/metered-internet-connections-frequently-asked-questions Metered Internet connections: FAQ
..
If you have a metered Internet connection, setting your network connection to metered in Windows can help you reduce the amount of data you send and receive.
..
Note: Ethernet network connections can't be set to metered.
..
How does setting my network connection to metered affect my PC?
Any app that relies on an Internet connection to update or display info might be limited in the amount of data it can download or display. You might notice these and
other effects:
Windows Update will only download priority updates.
Apps downloading from the Windows Store might be paused.
Start screen tiles might stop updating.
Offline files might not sync automatically.
QUESTION 402
A company has Windows 8.1 client computers.
You are designing a remote management solution. IIS is installed on some remote computers and configured to use port 80 and port 443.
You have the following requirements:
Ensure that you can perform most of the same tasks through the remote management solution that you can while working directly on the remote computer.
Ensure that the solution can operate on port 80 and on port 443.
You need to choose the remote management tool to meet the requirements.
Which remote management tool should you choose?
A. Windows Remote Shell (WinRS)
B. Remote Desktop Connection (RDC)
C. Network Shell (netsh)
D. Windows Management Instrumentation (WMI)
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.technet.com/b/jonjor/archive/2009/01/09/winrm-windows-remote-management-troubleshooting.aspx WinRM (Windows Remote Management)
Troubleshooting
What is WinRM?
New in Windows Vista, Windows Server 2003 R2, Windows Server 2008 (and Server 2008 Core) are WinRM & WinRS. Windows Remote Management (known as
WinRM) is a handy new remote management service. WinRM is the "server" component of this remote management application and WinRS (Windows Remote
Shell) is the "client" for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, I should note that BOTH
computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system. While WinRM listens on port 80
by default, it doesn't mean traffic is unencrypted. Traffic by default is only accepted by WinRM when it is encrypted using the Negotiate or Kerberos SSP. WinRM
uses HTTP (TCP
80) or HTTPS (TCP 443). WinRM also includes helper code that lets the WinRM listener to share port 80 with IIS or any other application that may need to use that
port.
What is WinRS?
Remote Shell, (WinRS) is used to execute a program on a remote host.
QUESTION 403
When a user attempts to connect to a server named Server1 by using Remote Desktop Connection (RDC), he receives the following error message.
You need to assign the least amount of privilege to the user to ensure that he can connect to Server1 by using RDC.
To which group should you add the user?
A.
B.
C.
D.
Add the user to the Power Users group on Server1.
Add the user to the Remote Desktop Users group on Server1.
Add the user to the domain Windows Authorization Access group.
Add the user to the domain Remote Desktop Users group
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 404
A company has an Active Directory Domain Services (AD DS) forest with a single domain.
Domain controllers are located in the companys offices in New York and Boston. You deploy a group policy at the domain level that includes security filtering. You
discover that Group Policy object (GPO) settings are being applied to computers in the New York office, but not to computers in the Boston office.
You suspect there might be replication problems with the policies. What should you do?
A.
B.
C.
D.
Run a Group Policy Results report against computers in the Boston office.
Run a Group Policy Modeling report against computers in the Boston office.
Use the GpoTool.exe command-line tool.
Use the RepAdmin.exe command-line tool.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 405
Your companys network has client computers that run Windows 7.
A software vendor releases version 2 of an application that your company uses. Your company currently uses version 1. Version 1 and version 2 are not compatible.
You plan to deploy version 2 of the application.
You have the following requirements:
Users must be able to run both versions of the application on their computers.
Version 2 must be available when a client computer is not connected to the network.
You need to plan a software deployment process that meets the requirements. What should you do? (Choose all that apply.)
A.
B.
C.
D.
Deploy version 2 of the application by using Microsoft Application Virtualization (App-V).
Deploy version 2 of the application by using Microsoft Enterprise Desktop (MED-V).
Deploy version 2 of the application as a Remote Desktop Services RemoteApp.
Deploy version 2 of the application by using a Microsoft System Center Configuration Manager package.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Microsoft Application Virtualization (MS App-V) platform allows applications to be deployed in real-time to any client from a virtual application server. It removes the
need for local installation of the applications. Instead, only the App-v client needs to be installed on the client machines. All application data is permanently stored on
the virtual application server. Whichever software is needed is either streamed or locally cached from the application server on demand and run locally. The App-V
stack sandboxes the execution environment so that the application does not make changes to the client itself (OS File System and/or Registry). App-V applications
are also sandboxed from each other, so that different versions of the same application can be run under App-V concurrently.
http://en.wikipedia.org/wiki/Microsoft_App-V
QUESTION 406
A company uses Microsoft Deployment Toolkit (MDT) 2010 to deploy Windows 7 Enterprise and Microsoft Office 2010. The company is replacing existing
computers with new 64-bit computers.
You have the following requirements:
You need to include Office 2010 with the deployment.
You need to automate the deployment where possible.
Some employees have accessibility requirements that require specialized hardware.
The hardware must continue to be used after the deployment.
The specialized hardware is compatible with Windows 7 but only 32-bit drivers are available from the manufacturer.
You need to create an image that meets these requirements.
What should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
G.
H.
Import the Windows 7 Enterprise x86 source files.
From the MDT deployment workbench, select the Custom Task Sequence template.
Use a reference computer and capture a WIM image.
From the MDT deployment workbench, select the Sysprep and Capture template.
Import the necessary OEM drivers.
Import the 32-bit version of Office 2010.
Import the 64-bit version of Office 2010.
Import the Windows 7 Enterprise x64 source files.
Correct Answer: ABEF
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints:
The specialized hardware is compatible with Windows 7 but only 32-bit drivers are available from the manufacturer.
QUESTION 407
Your company's network includes a main office and several branch offices. The branch offices are connected to the main office by high-latency links. All client
computers run Windows 7 Enterprise, and all servers run Windows Server 2008 R2. Servers are located in each of the branch offices.
Client computers in the branch offices frequently access a specific group of files on a file server named Server1. These access requests consume significant
amounts of bandwidth and reduce the speed of higher-priority traffic.
You need to reduce the bandwidth that is consumed by requests for frequently accessed files.
What should you do?
A. Configure BranchCache in Hosted Cache mode on client computers in the main office and the branch offices.
B. Configure BranchCache in Distributed Cache mode on client computers in the main office and the branch offices.
C. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Distributed Cache mode on a server computer in only the
branch offices.
D. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Hosted Cache mode on a server computer in only the branch
offices.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
BranchCacheTM is designed to reduce WAN link utilization and improve application responsiveness for branch office workers who access content from servers in
remote locations. Branch office client computers use a locally maintained cache of data to reduce traffic over a WAN link. The cache can be distributed across
client computers (Distributed Cache mode) or can be housed on a server in the branch (Hosted Cache mode).
Distributed Cache mode
If client computers are configured to use Distributed Cache mode, the cached content is distributed among client computers on the branch office network. No
infrastructure or services are required in the branch office beyond client computers running Windows 7.
Hosted Cache mode
In hosted cache mode, cached content is maintained on a computer running Windows Server 2008 R2 on the branch office network.
hints: no server are located in the branch office.
http://technet.microsoft.com/en-us/library/dd637832(v=ws.10).aspx
QUESTION 408
A Windows Server 2008 R2 server named SERVER01 has the Windows Deployment Services (WDS) role installed. SERVER02 is running DHCP services. You
prestage computer objects in Active Directory. You plan to use WDS to deploy Windows 7 to the prestaged computers. When you try to deploy an image by using
PXE, the process fails. You need to ensure that SERVER01 responds to prestaged client computers only. From WDS, what should you do? (Choose all that apply.)
A.
B.
C.
D.
E.
F.
On the DHCP tab, select Configure DHCP option 60 to indicate that this server is also a PXE server.
On the Advanced tab, select Authorize this Windows Deployment Services server in DHCP.
On the PXE Response tab, select Respond to all client computers (known and unknown).
On the DHCP tab, select Do not listen on Port 67.
On the PXE Response tab, select Respond only to known client computers.
On the Advanced tab, select Do not authorize this Windows Deployment Services server in DHCP.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Explanation:
hints: prestaged computers = known client computers
QUESTION 409
Your companys network has client computers that run Windows 7. From a computer named Computer1, a user attempts to log on to the domain and receives the
following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that
account is incorrect. You need to ensure that the user can log on to the domain from Computer1. What should you do?
A.
B.
C.
D.
Reset the password of the user account.
Move the computer account for Computer1 to the Computers container.
Run netdomcomputername computer1.
Remove Computer1 from the domain and rejoin Computer1 to the domain.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Re-create the computer account, join a workgroup, and then rejoin the domain.
Refer to http://support.microsoft.com/kb/810497
QUESTION 410
Your company has a single Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. All client computers run Windows 7. All
client computer accounts are located in the Computers container in the contoso.com domain.
You discover that multiple client computers were automatically shut down because the security log was full.
You need to ensure that client computers are not shut down when the security log becomes full.
What should you do?
A.
B.
C.
D.
Increase the maximum log size.
Configure an Event Viewer subscription.
Modify the event log policy settings in the Default Domain Controllers Policy Group Policy object (GPO).
Modify the event log policy settings in the Default Domain Policy Group Policy object (GPO).
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Why not Default Domain Controllers Policy Group Policy object?? Default Domain Controllers Policy Group Policy object is set policy to manage domain controller
(domain server)
Default Domain Policy Group Policy object is set of policy to manage client
QUESTION 411
Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com.
You deploy a new Group Policy object (GPO) named NY Computers GPO as part of the organizational unit (OU) and GPO design shown in the following diagram.
The NY Computers GPO contains computer configuration settings and user configuration settings.
User configuration settings are not being applied to users who log on to client computers in the NY Computers OU.
You need to ensure that user configuration settings are being applied.
What should you do?
A.
B.
C.
D.
Enable user configuration settings in the Default Domain Policy GPO.
Enable loopback processing in the NY Computers GPO.
Enable user configuration settings in the NY Computers GPO.
Enable loopback processing in the Default Domain Policy GPO.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92
QUESTION 412
Your company has an internal Web application that uses a self-signed SSL certificate. The company has an internal certification authority (CA) with auto enrollment.
When users attempt to start the Web application, Internet Explorer displays an error message that recommends closing the Web page rather than continuing to the
application. You need to ensure that Internet Explorer does not display the error message.
What should you do?
A.
B.
C.
D.
Install the Web applications certificate into the computer store on each client computer.
Purchase a commercial certificate and install it on the internal CA.
Issue a certificate from the internal CA and install it on the application server.
Install the Web applications certificate into the personal store on each client computer. Add the applications URL to the Trusted Sites zone in Internet Explorer.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 413
You are planning to upgrade Microsoft Internet Explorer. You must create a report that identifies which computers are successfully upgraded. You need to design a
deployment method that meets this requirement. What should you use? (Choose all that apply.)
A.
B.
C.
D.
E.
Microsoft System Center Essentials
Windows Intune
Microsoft System Center Configuration Manager
Internet Explorer Administration Kit (IEAK) and Group Policy
Windows Server Update Services (WSUS)
Correct Answer: ABDE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 414
You are using Windows Deployment Services (WDS) to deploy new images of Windows 7 to 64-bit computers.
Technicians receive the error message shown in the exhibit when they attempt to boot by using PXE.
You need to ensure that the technicians can boot the client computers by using PXE.
What should you do? (Choose all that apply.)
A.
B.
C.
D.
Run the bcdedit /set {ntldr} description "Windows 7 32-bit" command.
Add a 64-bit boot image to the WDS server.
Add a 64-bit install image to the WDS server.
Add a 32-bit boot image to the WDS server.
E. Run the bcdedit /set {ntldr} description "Windows 7 64-bit" command.
F. Add a 32-bit install image to the WDS server.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 415
You are planning a deployment of Windows 7 on multiple client computers.
You need to recommend a Windows 7 deployment solution that meets the following requirements:
Must support the deployment of WIM or VHD
Must support deployment by using multicast
What should you include in the recommendations?
A.
B.
C.
D.
System Center Configuration Manager 2010
Microsoft Deployment Toolkit (MDT)
Deployment Image Servicing and Management (DISM)
Windows Deployment Services
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 416
You are planning a Windows 7 deployment infrastructure for a new company.
You have the following requirements:
Three domains
10,000 client computers
No user interaction
You need to recommend a deployment infrastructure.
What should you recommend?
A.
B.
C.
D.
Deploy Microsoft System Center Configuration Manager 2007 R2. Design a zero-touch installation.
Deploy Microsoft System Center Virtual Machine Manager. Design a lite-touch installation.
Deploy Microsoft System Center Operations Manager 2007 R2. Design a lite-touch installation.
Deploy Microsoft Deployment Toolkit (MDT) 2010. Design a zero-touch installation.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Hints:
no user interaction = zero touch
QUESTION 417
Your network contains an Active Directory domain.
You plan to deploy Windows 7 by using zero-touch installation. You need to test the zero-touch installation on a computer named computer1.
You create a computer account for Computer1.
What should you do next?
A.
B.
C.
D.
Create a computer collection that contains the computer account for computer1.
Create a distribution group that contains the computer account for computer1.
Create a child domain and move the computer account for computer1 to the child domain.
Create a security group that contains the computer account for computer1.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Original answer is B but some ppl believe is A. so i put it as A ------------------------------------------------------------------------------------- CheddaBob from United States Apr 18 2012, 8:40 PM Report Spam @looller
Answer is A. I took the test late December. I used a different dump that had the correct answer. -------------------------------------------------------------------------------------looller from United States - Apr 17 2012, 9:42 PM Report Spam I think the answer is "A" here? anyone agree? answer given is B
QUESTION 418
A company has client computers that run Windows 8.1.
Users can run applications that have been downloaded from the Internet only with administrator approval.
You need to ensure that users can run downloaded applications without administrator approval.
What should you do?
A.
B.
C.
D.
Set the Internet zone privacy level to Low.
Set the Internet zone security level to Medium.
Set the User Account Control (UAC) settings to Never notify.
Turn off Windows SmartScreen.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://www.howtogeek.com/75356/how-to-turn-off-or-disable-the-smartscreen-filter-in-windows-8/
Further Information:
The Privacy Level has no relation to running downloaded applications:
The Security Level is no much help either:
And the UAC does not distinguish if an application is downloaded or not. For more details about UAC levels see this article:
http://www.eightforums.com/tutorials/5509-user-account-control-uac-change-settings-windows-8-a.html How to Change User Account Control (UAC) Settings in
Windows 8 and 8.1
QUESTION 419
You are configuring two client computers that run Windows 8.1: A desktop computer named COMPUTER1 and a portable computer named COMPUTER2.
You have the following requirements:
Store all personal data in a folder named Data on
COMPUTER1.
Ensure that you can access all personal data from
COMPUTER2, even when a network connection is
unavailable.
Synchronize personal data between the computers
twice a day.
You need to configure the computers to meet the requirements.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
E.
In Sync Center. configure a schedule for offline files.
From COMPUTER1, connect to COMPUTER2 and configure the Data folder to always be available offline.
From COMPUTER2, map a network driver to the Data folder on COMPUTER1.
In Sync Center, set up a new sync partnership.
From COMPUTER2, connect to COMPUTER1 and configure the Data folder to always be available offline
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
A: A sync partnership is a set of rules that tells Sync Center how and when to sync files or other information between two or more locations. A sync partnership
typically controls how files sync between your computer and mobile devices, network servers, or compatible programs.
D: To make files and folders available offline
To be able to work with a file offline, you first need to make it available offline.
Locate the network file or folder that you want to make available offline.
Right-click the file or folder, and then click Always Available Offline.
The Always Available Offline command
The next time you try to access this file or folder, you will be able to open it even if the network version is unavailable.
Reference: Working with network files when you are offline
Offline files and the Sync Center work pretty much the same in Windows 8 as they do in Windows 7.
http://www.7tutorials.com/use-network-folders-and-files-while-offline-sync-center-offline-files Use Network Files While Offline with Sync Center & Offline Files
http://www.7tutorials.com/how-sync-offline-files-network-folders-set-schedule How to Sync Offline Files & Network Folders on a Set Schedule
You can choose to schedule the sync at a specific time or when an event occurs.
If you select the first option - "At a scheduled time", you can set the exact day and time when the sync begins and how often it is repeated.
If you select the second option - "When an event occurs", you can set the events when the sync is performed.
QUESTION 420
A company has client computers that run Windows 8.1. You set up new virtual private network (VPN) connections on all client computers. The VPN connections
require the use of a smart card for authentication.
Users are unable to connect to the corporate network by using the VPN connections. The connection properties are configured as shown in the exhibit. (Click the
Exhibit button.)
You need to ensure that the client computers can connect to the corporate network.
What should you do?
A. Enable Challenge Handshake Authentication Protocol (CHAP).
B. Change the VPN type to IKEv2.
C. In the advanced settings, select Use preshared key for authentication.
D. Change the authentication setting to Use Extensible Authentication Protocol (EAP).
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
http://support.microsoft.com/kb/259880
Configuring a VPN to Use Extensible Authentication Protocol (EAP)
EAP can be used to provide an added layer of security to VPN technologies such as Point-to-Point Tun- neling Protocol (PPTP) and Layer 2 Tunneling Protocol
(L2TP). EAP enables this functionality through Certificate Authority (CA) and SmartCard technologies, which provide mutual authentication of the client and the
server.
http://technet.microsoft.com/en-us/library/cc739449%28v=ws.10%29.aspx Smart cards and remote access VPN connections
Smart cards and remote access VPN connections
The use of smart cards for user authentication is the strongest form of authentication in the Windows Server 2003 family. For remote access VPN connections, you
must use Extensible Authentication Proto- col (EAP) with the Smart card or other certificate (TLS) EAP type, also known as EAP-Transport Level Security (EAPTLS).
QUESTION 421
A company has client computers that run Windows 8.1. Finance department employees store files in the C:\Finance directory. File History is on.
A Finance department employee attempts to restore a file to a previous version by using File History. The file is not available to restore.
You need to establish why the file history is not available and ensure that it is available in the future.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A.
B.
C.
D.
Change the File History drive.
Review the File History backup log.
Move the file into a library.
Start the Volume Shadow Copy Service.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
B: Configuring Advanced Settings of Windows 8.1 File History To set some more detailed options, or to clean up File History, click Advanced settings. The Event
logs section includes the Open File History event logs to view recent events or errors command that opens File History backup log in Applications and Services
Logs section of Event Viewer.
C:
* File History automatically backs up files that are in your libraries, contacts, favorites, Microsoft SkyDrive and on your desktop.
* Do not expect File History to cover all your folders or whole drives - it backs up all your default and custom Libraries (including Public Folders), plus Contacts,
Desktop and Favorites folders. Your only way to include other folders is to create your own custom Libraries. http://blogs.windows.com/windows/b/extremewindows/
archive/2012/12/20/a-new-way-to-backup-file- history-in-windows-8.aspx
A New Way to Backup: File History in Windows 8
File History only backs up data in libraries, favorites, desktop, and contacts and must use a non-system drive for backup.
Since File History is already on we can assume the drive doesn't need to be changed. So we should review the log and move the file to a library.
QUESTION 422
You create a shim database and distribute it to each of a companys client computers through a script. You name the database Shim_Database and give it a
filename of shimdatabase.sdb. The database GUID is 18315260-2ecb-43af-945a-56810da33fb4.
The database must be registered on all client computers. The registration process must be invisible to the user.
You need to construct a command to register the shim database.
Which command should you use? To answer, drag the appropriate component from the list of command components to the correct location or locations in the work
area.
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 423
You upgrade all of a companys client computers from Microsoft Internet Explorer 8 to Internet Explorer 9.
After the upgrade, users are unable to download attachments from Microsoft Outlook Web App (OWA) or any other secure website. You verify the Group Policy
settings for Internet Explorer 9.
You need to ensure that all users can download attachments from OWA and other secure websites.
Which setting should you select? To answer, select the appropriate item in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
In IE9, this option does exactly what it says it does—resources received from HTTPS URLs are not placed in the Temporary Internet Files Cache and temporary
files are not created for these resources. This option is universal for HTTPS responses; their headers (e.g. Pragma, Cache-Control) are not consulted.
http://blogs.msdn.com/b/ieinternals/archive/2011/05/07/downloads-and-flash-fail-when-do-not-save-encryptedpages-to-disk-is-set.aspx
QUESTION 424
Your company has 1,000 client computers that run Windows 7. The company uses several custom line-of-business applications that are not compatible with
Windows 7.
You need to distribute a Microsoft Enterprise Desktop Visualization (MED-V) virtual machine (VM) image that includes the custom applications to all Windows 7
client computers.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 425
You are the desktop architect for an enterprise organization with client computers that run Windows 7.
You need to create a new Windows Firewall rule that will allow you to access the Disk Management snap-in of remote client computers.
Which predefined rule should you select? To answer, select the appropriate setting in the work area.
Hot Area:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
http://blogs.technet.com/b/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-management-ofa-workgroup-server-core-installation.aspx
http://www.gratisexam.com/

Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project