Topic 1, Manage identity
You support Windows 10 Enterprise computers that are members of an Active Directory domain. Your company policy defines the list of approved Windows Store apps that are allowed for download and installation.
You have created a new AppLocker Packaged Apps policy to help enforce the company policy.
You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.
What should you do?
- A . From Group Policy, enforce the new AppLocker policy in Audit Only mode.
- B . From Group Policy, run the Group Policy Results Wizard.
- C . From Group Policy, run the Group Policy Modeling Wizard.
- D . From PowerShell, run the Get-AppLockerPolicy CEffective command to retrieve the AppLocker effective policy.
A
Explanation:
You can test an AppLocker Packaged Apps policy by running it in audit mode.
After AppLocker rules are created within the rule collection, you can configure the enforcement setting to Enforce rules or Audit only.
When AppLocker policy enforcement is set to Enforce rules, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to Audit only, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
You support Windows 10 Enterprise computers.
Your company has started testing Application Virtualization (App-V) applications on several laptops. You discover that the App-V applications are available to users even when the laptops are offline.
You need to ensure that the App-V applications are available to users only when they are connected to the company network.
What should you do?
- A . Change user permissions to the App-V applications.
- B . Disable the Disconnected operation mode.
- C . Configure mandatory profiles for laptop users.
- D . Reset the App-V client FileSystem cache.
B
Explanation:
Disconnected operation mode is enabled by default and allows App-V applications to be available to users even when the laptops are offline. We need to disable Disconnected operation mode to prevent offline access.
The disconnected operation mode settings―accessible by right-clicking the Application Virtualization node, selecting Properties, and clicking the Connectivity tab―enables the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) to run applications that are stored in the file system cache of the client when the client is unable to connect to the Application Virtualization Management Server.
HOTSPOT
You have an image of Windows 10 Enterprise named Image1. Image1 has version number 1.0.0.0 of a custom, line-of-business universal app named App1.
You deploy Image1 to Computer1 for a user named User1.
You need to update App1 to version 1.0.0.1 on Computer1 for User1 only.
What command should you run? To answer, select the appropriate options in the answer area.
Explanation:
In this question, we need to update App1 to version1.0.0.1 onComputer1 “for User1 only”. The AddCAppxPackage cmdlet adds a signed app package (.appx) to a user account.
To update the application, we need to use the Cpath parameter to specify the path to the upgraded application.
DRAG DROP
You manage Microsoft Intune for a company named Contoso. You have an administrative computer named Computer1 that runs Windows 10 Enterprise. You need to add a Windows Store universal app named App1 to the Company Portal Apps list for all users.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Log into your computer using a domain account.
Run the Microsoft Intune Software Publisher wizard app.
Configure the deployment settings of the app.
Your network contains an Active Directory domain named contoso.com. The domain contains Windows 10 Enterprise client computers.
Your company has a subscription to Microsoft Office 365. Each user has a mailbox that is stored in Office 365 and a user account in the contoso.com domain. Each mailbox has two email addresses.
You need to add a third email address for each user.
What should you do?
- A . From Active Directory Users and Computers, modify the E-mail attribute for each user.
- B . From Microsoft Azure Active Directory Module for Windows PowerShell, run the SetCMailbox cmdlet.
- C . From Active Directory Domains and Trust, add a UPN suffix for each user.
- D . From the Office 365 portal, modify the Users settings of each user.
B
Explanation:
We can use the SetCMailbox cmdlet to modify the settings of existing mailboxes.
The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy addresses are typically set by email address policies.
However, you can use this parameter to configure other proxy addresses for the recipient.
To add or remove specify proxy addresses without affecting other existing values, use the following syntax:
@{Add="[<Type>]:<emailaddress1>","[<Type>]:<emailaddress2>"…; Remove="[<Type>]:<emailaddress2>","[<Type>]:<emailaddress2>"…}.
HOTSPOT
You manage a Microsoft Azure RemoteApp deployment. The deployment consists of a cloud collection named CloudCollection1 and a hybrid collection named HybridCollection1. Both collections reside in a subscription named Subscription1. Subscription1 contains two Active Directory instances named AzureAD1 and AzureAD2. AzureAD1 is the associated directory of Subcsription1.
AzureAD1 is synchronized to an on-premises Active Directory forest named constoso.com. Passwords are synchronized between AzureAD1 and the on-premises Active Directory.
You have the following user accounts:
You need to identify to which collections each user can be assigned access.
What should you identify? To answer, select the appropriate options in the answer area.
Explanation:
A Microsoft account can only access a cloud collection.
An Azure Active Directory (Azure AD) account can access a cloud collection and it can access a hybrid collection if directory synchronization with password sync is deployed.
An on-premise domain account that does not exist in any Azure Active Directory cannot access Azure cloud resources.
References: https://azure.microsoft.com/en-gb/documentation/articles/remoteapp-collections/
Your Windows 10 Enterprise work computer is a member of an Active Directory domain. You use your domain account to log on to the computer. You use your Microsoft account to log on to a home laptop.
You want to access Windows 10 Enterprise apps from your work computer by using your Microsoft account.
You need to ensure that you are able to access the Windows 10 Enterprise apps on your work computer by logging on only once.
What should you do?
- A . Add the Microsoft account as a user on your work computer.
- B . Enable Remote Assistance on your home laptop.
- C . Connect your Microsoft account to your domain account on your work computer.
- D . Install SkyDrive for Windows on both your home laptop and your work computer.
C
Explanation:
You can connect your Microsoft account to your domain account on your work computer. This will enable you to sign in to your work computer with your Microsoft account and access the same resources that you would access if you were logged in with your domain account.
When you connect your Microsoft account to your domain account, you can sync your settings and preferences between them. For example, if you use a domain account in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other Microsoft account settings that you see on your home PC.
Topic 2, Plan desktop and device deployment
You administer a Windows 10 Enterprise computer that runs Hyper-V. The computer hosts a virtual machine with multiple snapshots. The virtual machine uses one virtual CPU and 512 MB of RAM.
You discover that the virtual machine pauses automatically and displays the state as paused-critical.
You need to identify the component that is causing the error.
Which component should you identify?
- A . no virtual switch defined
- B . insufficient memory
- C . insufficient hard disk space
- D . insufficient number of virtual processors
C
Explanation:
In this question, the VM has “multiple snapshots” which would use up a lot of disk space. Virtual machines will go into the “Paused-Critical” state in Hyper-V if the free space on the drive that contains the snapshots goes below 200MB.
One thing that often trips people up is if they have their virtual hard disks configured on one drive C but have left their snapshot files stored on the system drive. Once a virtual machine snapshot has been takenC the base virtual hard disk stops expanding and the snapshot file stores new data that is written to the disk C so it is critical that there is enough space in the snapshot storage location.
You have a Windows 10 Enterprise computer named Computer1 that has the Hyper-V feature installed. Computer1 hosts a virtual machine named VM1. VM1 runs Windows 10 Enterprise. VM1 connects to a private virtual network switch.
From Computer1, you need to remotely execute Windows PowerShell cmdlets on VM1.
What should you do?
- A . Run the winrm.exe command and specify the Cs parameter.
- B . Run the Powershell.exe command and specify the CCommand parameter.
- C . Run the ReceiveCPSSession cmdlet and specify the CName parameter.
- D . Run the InvokeCCommand cmdlet and specify the CVMName parameter.
D
Explanation:
We can use Windows PowerShell Direct to run PowerShell cmdlets on a virtual machine from the Hyper-V host. Because Windows PowerShell Direct runs between the host and virtual machine, there is no need for a network connection or to enable remote management.
There are no network or firewall requirements or special configuration. It works regardless of your remote management configuration. To use it, you must run Windows 10 or Windows Server Technical Preview on the host and the virtual machine guest operating system.
To create a PowerShell Direct session, use one of the following commands:
You deploy several tablet PCs that run Windows 10 Enterprise.
You need to minimize power usage when the user presses the sleep button.
What should you do?
- A . In Power Options, configure the sleep button setting to Sleep.
- B . In Power Options, configure the sleep button setting to Hibernate.
- C . Configure the active power plan to set the system cooling policy to passive.
- D . Disable the C-State control in the computer’s BIOS.
B
Explanation:
We can minimize power usage on the tablet PCs by configuring them to use Hibernation mode. A computer in hibernation mode uses no power at all.
Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power, hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation uses the least amount of power. On a laptop, use hibernation when you know that you won’t use your laptop for an extended period and won’t have an opportunity to charge the battery during that time.
You are the desktop administrator for a small company.
Your workgroup environment consists of Windows 10 Enterprise computers. You want to prevent 10 help desk computers from sleeping.
However, you want the screens to shut off after a certain period of time if the computers are not being used.
You need to configure and apply a standard power configuration scheme for the 10 help desk computers on your network.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk computers. Set the power scheme to Active by using POWERCFG /S.
- B . Use POWERCFG /X on one help desk computer to modify the power scheme to meet the requirements. Export the power scheme by using POWERCFG /EXPORT.
- C . Use POWERCFG /S on one help desk computer to modify the power scheme to meet the requirements. Export the power scheme by using POWERCFG /EXPORT.
- D . Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk computers. Set the power scheme to Active by using POWERCFG /X.
A,B
Explanation:
You can use the Powercfg.exe tool to control power settings and configure computers to default to Hibernate or Standby modes.
In this question, we use POWERCFG /X on one help desk computer to modify the power scheme to meet our requirements. After configuring the required settings, we can export the power scheme settings to a file by using POWERCFG /EXPORT.
We can then import the power scheme from the file on each of the remaining help desk computers by using POWERCFG /IMPORT. After importing the power scheme on the remaining computers, we need to set the new power scheme to be the active power scheme by using POWERCFG /S.
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform Module (TPM) chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Enable the Require additional authentication at startup policy setting.
- B . Enable the Enforce drive encryption type on operating system drives policy setting.
- C . Enable the option to allow BitLocker without a compatible TPM.
- D . Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11.
A,C
Explanation:
We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The ‘Allow BitLocker without a compatible TPM’ option is a checkbox in the ‘Require additional authentication at startup’ group policy setting. To access the ‘Allow BitLocker without a compatible TPM’ checkbox, you need to first select Enabled on the ‘Require additional authentication at startup’ policy setting.
Employees are permitted to bring personally owned portable Windows 10 Enterprise computers to the office. They are permitted to install corporate applications by using the management infrastructure agent and access corporate email by using the Mail app.
An employee’s personally owned portable computer is stolen.
You need to protect the corporate applications and email messages on the computer.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Prevent the computer from connecting to the corporate wireless network.
- B . Change the user’s password.
- C . Disconnect the computer from the management infrastructure.
- D . Initiate a remote wipe.
B,D
Explanation:
The personally owned portable Windows10Enterprise computers being managed by the management infrastructure agent enables the use of remote wipe. By initiating a remote wipe, we can erase all company data including email from the stolen device.
Microsoft Intune provides selective wipe, full wipe, remote lock, and passcode reset capabilities. Because mobile devices can store sensitive corporate data and provide access to many corporate resources, you can issue a remote device wipe command from the Microsoft Intune administrator console to wipe a lost or stolen device.
Changing the user’s password should be the first step. If the stolen computer is accessed before the remote wipe happens, the malicious user could be able to access company resources if the laptop has saved passwords.
You are an IT consultant for small and mid-sized business.
One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards.
What should you do?
- A . Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
- B . Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
- C . Ensure that each laptop and tablet can read a physical smart card.
- D . Ensure that the laptops and tablets are running Windows 10 Enterprise edition.
A
Explanation:
A Trusted Platform Module (TPM) chip of version1.2 or greater is required to support Virtual Smart Cards.
Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
Topic 3, Plan and implement a Microsoft Intune device management solution
Your network contains an Active Directory domain named contoso.com. Contoso.com is synchronized to a Microsoft Azure Active Directory. You have a Microsoft Intune subscription.
Your company plans to implement a Bring Your Own Device (BYOD) policy. You will provide users with access to corporate data from their personal iOS devices.
You need to ensure that you can manage the personal iOS devices.
What should you do first?
- A . Install the Company Portal app from the Apple App Store.
- B . Create a device enrollment manager account.
- C . Set a DNS alias for the enrollment server address.
- D . Configure the Intune Service to Service Connector for Hosted Exchange.
- E . Enroll for an Apple Push Notification (APN) certificate.
E
Explanation:
An Apple Push Notification service (APNs) certificate must first be imported from Apple so that you can manage iOS devices. The certificate allows Intune to manage iOS devices and institutes an accredited and encrypted IP connection with the mobile device management authority services.
You manage Microsoft Intune for a company named Contoso. Intune client computers run Windows 10 Enterprise.
You notice that there are 25 mandatory updates listed in the Intune administration console.
You need to prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Which policy template should you use?
- A . Microsoft Intune Agent Settings
- B . Windows Configuration Policy
- C . Microsoft Intune Center Settings
- D . Windows Custom Policy (Windows 10 and Windows 10 Mobile)
A
Explanation:
To configure the Prompt user to restart Windows during Intune client agent mandatory updates update policy setting you have to configure the Microsoft Intune Agent Settings policy. Setting the Prompt user to restart Windows during Intune client agent mandatory updates setting to No would prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
DRAG DROP
You manage Microsoft Intune for a company named Contoso. You have 200 computers that run Windows 10. The computers are Intune clients.
You need to configure software updates for the clients.
Which policy template should you use to configure each software updates setting? To answer, drag the appropriate policy templates to the correct settings. Each policy template may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
You must make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices. The system settings that can be configured using this policy include the following:
To configure the Allow immediate installation of updates that do not interrupt Windows update policy setting you have to configure and deploy a Microsoft Intune Agent Settings policy.
You have an Active Directory domain named contoso.com that contains a deployment of Microsoft System Center 2012 Configuration Manager Service Pack 1 (SP1). You have a Microsoft Intune subscription that is synchronized to contoso.com by using the Microsoft Azure Active Directory Synchronization Tool (DirSync.)
You need to ensure that you can use Configuration Manager to manage the devices that are registered to your Microsoft Intune subscription.
Which two actions should you perform? Each correct answer presents a part of the solution.
- A . In Microsoft Intune, create a new device enrollment manager account.
- B . Install and configure Azure Active Directory Synchronization Services (AAD Sync.)
- C . In Microsoft Intune, configure an Exchange Connector.
- D . In Configuration Manager, configure the Microsoft Intune Connector role.
- E . In Configuration Manager, create the Microsoft Intune subscription.
D,E
Explanation:
To allow Configuration Manager to manage mobile devices in the same context as other devices, it requires you to create a Windows Intune subscription and synchronize user accounts from Active Directory to Microsoft Online. to achieve that, you are required to complete the following tasks:
References: http://blogs.technet.com/b/configmgrteam/archive/2013/03/20/configuring-configuration-manager-sp1-to-manage-mobile-devices-using-windows-intune.aspx
You have a Microsoft Intune subscription.
You have three security groups named Security1, Security2 and Security3. Security1 is the parent group of Security2. Security2 has 100 users.
You need to change the parent group of Security2 to be Security3.
What should you do first?
- A . Edit the properties of Security1.
- B . Edit the properties of Security2.
- C . Delete security2.
- D . Remove all users from Security2.
C
Explanation:
You cannot change the parent group of a security group in Microsoft Intune. You can only delete the group and recreate another group with the correct parent.
Deleting a group does not delete the users that belong to that group. Therefore, you do not need to remove the users from the group; you can just delete the group and recreate it.
Topic 4, Configure networking
HOTSPOT
You have a network that contains Window 10 Enterprise computers.
The network configuration of one of the computers is shown in the following output.
Use the drop-down menus to select the answer choice that completes each statement basedon the information presented in the output.
NOTE: Each correct selection is worth one point.
Explanation:
The exhibit below shows that the computer obtained its IPv4 address from a DHCP server. It also shows when the DHCP lease was obtained and when it will expire.
The IPv6 address shown below starts with ‘fe80’. This is an auto-configuration address, not an address obtained from a DHCP server.
The IP address of the Default Gateway is 10.1.1.1
A company has 100 client computers that run Windows 10 Enterprise.
A new company policy requires that all client computers have static IPv6 addresses.
You need to assign static IPv6 addresses to the client computers.
Which Network Shell (netsh) command should you run?
- A . add address
- B . set interface
- C . set global
- D . set address
A
Explanation:
The add address Network Shell (netsh) command adds an IPv6 address to a specified interface.
HOTSPOT
You are setting up a Windows 10 Enterprise computer.
The computer’s network connections are shown in the Network connections exhibit. (Click the Exhibit button.)
The computer’s network settings are shown in the Network Settings exhibit. (Click the Exhibit button.)
Advanced TCP/IP settings are shown in the Advanced TCP/IP Settings exhibit. (Click the Exhibit button.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
The computer has a physical network adapter.
When you enable Hyper-V on a computer, a virtual network adapter connected to a virtual switch is added.
Therefore, the computer is a Hyper-V host.
The computer has an IP address. The text in the image below shows that the network connection is not DHCP enabled. Therefore, this is a static IP address.
The computer is a Hyper-V host, not a Hyper-V virtual machine.
A company has 10 portable client computers that run Windows 10 Enterprise.
The portable client computers have the network connections described in the following table.
None of the computers can discover other computers or devices, regardless of which connection they use.
You need to configure the connections so that the computers can discover other computers or devices only while connected to the CorpWired or CorpWifi connections.
What should you do on the client computers?
- A . For the CorpWifi connection, select Yes, turn on sharing and connect to devices.
- B . Turn on network discovery for the Public profile.
- C . Change the CorpWired connection to public. Turn on network discovery for the Public profile. For the HotSpot connection, select No, don’t turn on sharing or connect to devices.
- D . For the CorpWired connection, select Yes, turn on sharing and connect to devices.
- E . Turn on network discovery for the Private profile.
C
Explanation:
Of the answers given, this is the only single answer that meets the requirements.
Network discovery is a network setting that affects whether your computer can see (find) other computers and devices on the network and whether other computers on the network can see your computer. By default, Windows Firewall blocks network discovery, but you can enable it.
When we change the CorpWired connection to public, all networks will be in the Public profile. Enabling network discovery for the Public profile will enable the computers to see other computers on each network (including HotSpot).
To prevent network discovery on the HotSpot network, we can select No, don’t turn on sharing or connect to devices for that network. This will disable Network discovery for the computer’s connection to the HotSpot network.
Topic 5, Configure storage
You have a computer named Computer1 that runs Windows 10 Enterprise. You add a 1 TB hard drive and create a new volume that has the drive letter D.
You need to limit the amount of space that each user can consume on D: to 200 GB. Members of the Administrators group should have no limit.
Which three actions should you perform? Each correct answer presents part of the solution.
- A . Run fsutil quota violations D:.
- B . Enable the Deny disk space to users exceeding quota limit setting.
- C . Enable the Enable Quota Management setting.
- D . Set a default quota limit.
- E . Run convert D: /FS:NTFS.
- F . Add a quota entry.
B,C,D
Explanation:
To limit the amount of space that each user can consume, you should enable the Enable Quota Management setting, and then enter the appropriate values in the Limit Disk Space To text box and the Set Warning Level To text box, and then select the Deny Disk Space To Users Exceeding Quota Limit check box to enforce identical quota limits for all users.
You purchase a new Windows 10 Enterprise desktop computer. You have four external USB hard drives.
You want to create a single volume by using the four USB drives. You want the volume to be expandable, portable and resilient in the event of failure of an individual USB hard drive.
You need to create the required volume.
What should you do?
- A . From Control Panel, create a new Storage Space across 4 USB hard drives. Set resiliency type to Three-way mirror.
- B . From Control Panel, create a new Storage Space across 4 USB hard drives. Set resiliency type to Parity.
- C . From Disk Management, create a new spanned volume.
- D . From Disk Management, create a new striped volume.
B
Explanation:
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Parity resiliency type allows Windows to store parity information with the data, thereby protecting you from a single drive failure.
DRAG DROP
You have a Windows 10 Enterprise computer. You have a 1-terabyte external hard drive.
You purchase a second 1-terabyte external hard drive.
You need to create a fault-tolerant volume that includes both external hard drives. You also need to ensure that additional external hard drives can be added to the volume.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. When creating the pool, any existing data on the disks will be lost. It is therefore important to back up the data if you do not want to lose it. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Two-way mirror resiliency type allows Windows to store two copies of your data, so that you won’t lose your data if one of your drives fails.
References: http://www.howtogeek.com/109380/how-to-use-windows-8s-storage-spaces-to-mirror-combine-drives/
HOTSPOT
You manage 50 computers that run Windows 10 Enterprise.
You have a Windows to Go workspace installed on a USB drive named USB1.
You need to configure USB1 to meet the following requirements:
In the table below, select the action that must be performed to achieve each requirement.
NOTE: Make only one selection in each column. Each correct selection is worth one point.
Explanation:
If you want to view the contents of the computer’s internal drives from File Explorer when you run Windows To Go from USB1, you have to launch an elevated command prompt, run disk part and then execute the List disk command. You now have to select the internal disk using the sel disk command, and then enter the online disk command.
Configuring the attributes volume option from DiskPart allows you to display, set, or clear the attributes of a volume.
You support Windows 10 Enterprise computers that are members of an Active Directory domain. Recently, several domain user accounts have been configured with super-mandatory user profiles.
A user reports that she has lost all of her personal data after a computer restart.
You need to configure the user’s computer to prevent possible user data loss in the future.
What should you do?
- A . Remove the .man extension from the user profile name.
- B . Configure FolderRedirection by using the domain group policy.
- C . Configure the user’s documents library to include folders from network shares.
- D . Add the .dat extension to the user profile name.
B
Explanation:
Folder Redirection allows administrators to redirect the path of a folder to a new location, which can be a folder on the local computer or a directory on a network file share. Users can then work with documents on a server as if the documents were based on a local drive, but are available to the user from any computer on the network. Folder Redirection can be found under Windows Settings in the console tree by editing domain-based Group Policy via the Group Policy Management Console (GPMC).
You have a client Windows 10 Enterprise computer. The computer is joined to an Active Directory domain. The computer does not have a Trusted Platform Module (TPM) chip installed.
You need to configure BitLocker Drive Encryption (BitLocker) on the operating system drive.
Which Group Policy object (GPO) setting should you configure?
- A . Allow access to BitLocker-protected fixed data drives from earlier version of Windows.
- B . Require additional authentication at startup.
- C . Allow network unlock at startup.
- D . Configure use of hardware-based encryption for operating system drives.
B
Explanation:
To make use of BitLocker on a drive without TPM, you should run the gpedit.msc command. You must then access the Require additional authentication at startup setting by navigating to Computer ConfigurationAdministrative TemplatesWindows ComponentsBit Locker Drive EncryptionOperating System Drives under Local Computer Policy. You can now enable the feature and tick the Allow BitLocker without a compatible TPMcheckbox.
You administer Windows 10 Enterprise desktop computers that are members of an Active Directory domain.
You want to create an archived copy of user profiles that are stored on the desktops. You create a standard domain user account to run a backup task.
You need to grant the backup task user account access to the user profiles.
What should you do?
- A . Add the backup task account to the Remote Management Users group on a domain controller.
- B . Add the backup task account to the Backup Operators group on every computer.
- C . Add the backup task account to the Backup Operators group on a domain controller.
- D . Set the backup task account as NTFS owner on all the profiles.
B
Explanation:
The Local Backup Operators group can back up and restore files on a computer, regardless of any permission that protect those files.
Topic 6, Manage data access and protection
HOTSPOT
You administer Windows 10 Enterprise computers in your company network, including a computer named Wst1. Wst1 is configured with multiple shared printer queues.
Wst1 indicates hardware errors. You decide to migrate the printer queues from Wst1 to a new computer named Client1.
You export the printers on Wst1 to a file. You need to import printers from the file to Client1.
From the Print Management console, which Print Management node should you select? To answer, select the appropriate node in the answer area.
Explanation:
We have exported the printers on Wst1 to a file. To import printers from the file to Client1, we use the Printer Migration Wizard.
Right-click Print Management, and then click Migrate Printers to open the Printer Migration Wizard. Select Import printer queues and printer drivers from a file, and select the export file. Then complete the wizard.
References: http://blogs.technet.com/b/canitpro/archive/2013/06/17/step-by-step-install-use-and-remove-windows-server-migration-tools.aspx
HOTSPOT
Your company upgrades a research and development department workstation to a Windows 10 Enterprise computer. Two of the workstation’s folders need to be encrypted. The folders are named C:ProtectedFiles and C:Backups.
You attempt to encrypt the folders.
The output is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement.
NOTE: Each correct selection is worth one point.
Explanation:
We can see from the image below that all files and the ProtectedFiles folder were encrypted successfully (There are no errors and there is an [OK] message for each action).
The image below shows that the folder was encrypted successfully (Setting the directory Backups to encrypt new files [OK]).
The file Backup.zip failed to encrypt because the file is read only. The other file, OldBackup.zip was encrypted successfully.
References: https://technet.microsoft.com/en-us/library/bb490878.aspx
DRAG DROP
You have a computer that runs Windows 10 Enterprise that contains the following folders:
You have a local user named User1. User1 has read and execute permission to Folder1.
You need to ensure that User1 can perform the following tasks:
– Create new files in Folder2.
– Edit all files in Folder3.
– Change the permissions of files in Folder5.
The solution must use the principle of least privilege.
Which permissions should you assign to User1 on each folder? To answer, drag the appropriate permissions to the correct folders. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
Advanced permissions are detailed permissions that are grouped together to create the standard permissions. The permissions in this question are standard permissions.
Folder2: To create new files in a folder, you need Write permission to the folder. The ‘Write’ standard permission includes the ‘Create files / write data’ advanced permission.
Folder3: To edit existing files in a folder, you need Modify permission.
Folder5: To change the permissions of files in a folder, you need the ‘Change Permissions’ advanced permission. The Change Permission advanced permission is in the ‘Full Control’ standard permission group. Therefore, the answer for Folder5 is Full Control.
References: http://windows.microsoft.com/en-gb/windows/before-applying-permissions-file-folder#1TC=windows-7
You have a Windows 10 Enterprise computer. The computer has a shared folder named C:Marketing. The shared folder is on an NTFS volume.
The current NTFS and share permissions are configured as follows.
UserA is a member of both the Everyone group and the Marketing group. UserA must access C:Marketing from across the network. You need to identify the effective permissions of UserA to the C:Marketing folder.
What permission should you identify?
- A . Full Control
- B . Read and Execute
- C . Read
- D . Modify
D
Explanation:
UserA is a member of both the Everyone group and the Marketing group and UserA must access C:Marketing from across the network.
When accessing a file locally, you combine the NTFS permissions granted to your account either directly or by way of group membership. The ‘least’ restrictive permission is then the permission that applies.
In this question, the NTFS permission is the least restrictive of Read/Execute and Modify… so Modify is the effective permission.
When accessing a folder or file across the network, you combine the effective NTFS permissions (Modify in this case) with the effective Share permissions granted to your account either directly or by way of group membership (Full Control in this case). The ‘most’ restrictive permission is then the permission that applies. Modify is more restrictive than Full Control so Modify is the effective permission.
Topic 7, Manage remote access
DRAG DROP
You have a desktop computer and a tablet that both run Windows 10 Enterprise.
The desktop computer is located at your workplace and is a member of an Active Directory domain. The network contains an Application Virtualization (App-V) infrastructure. Several App-V applications are deployed to all desktop computers.
The tablet is located at your home and is a member of a workgroup. Both locations have Internet connectivity.
You need to be able to access all applications that run on the desktop computer from you tablet.
Which actions should you perform on each computer? To answer, drag the appropriate action to the correct computer. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
You can connect to your work computer by using Remote Desktop. You first need to enable Remote Desktop on the work computer. You then run the Remote Desktop Client on the home computer to connect to the work computer.
With Remote Desktop Connection, you can connect to a computer running Windows from another computer running Windows that’s connected to the same network or to the Internet. For example, you can use all of your work computer’s programs, files, and network resources from your home computer, and it’s just like you’re sitting in front of your computer at work.
To connect to a remote computer, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect. For permission to connect, you must be on the list of users. Before you start a connection, it’s a good idea to look up the name of the computer you’re connecting to and to make sure Remote Desktop connections are allowed through its firewall.
A company has Windows 10 Enterprise client computers. Client computers are connected to a corporate private network. You deploy a Remote Desktop Gateway, DirectAccess, and a VPN server at the corporate main office.
Users are currently unable to connect from their home computers to their work computers by using Remote Desktop
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate network resource from their home computers.
What should you do?
- A . Configure a Virtual Private Network connection.
- B . Configure the local resource settings of the Remote Desktop connection.
- C . Configure a DirectAccess connection.
- D . Configure the Remote Desktop Gateway IP address in the advanced Remote Desktop Connection settings on each client.
D
Explanation:
The solution is to deploy Remote Desktop Gateway in the office. Remote users can then connect to their computers on the office network by using Remote Desktop client on their home computers configured with the IP address of the Remote DesktopGateway.
Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.
RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.
RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
You manage a network that includes Windows 10 Enterprise computers. All of the computers on the network are members of an Active Directory domain.
The company recently proposed a new security policy that prevents users from synchronizing applications settings, browsing history, favorites, and passwords from the computers with their Microsoft accounts.
You need to enforce these security policy requirements on the computers.
What should you do?
- A . On the Group Policy Object, configure the Accounts: Block Microsoft accounts Group Policy setting to Users can’t add Microsoft accounts.
- B . On the Group Policy Object, configure the Accounts: Block Microsoft accounts Group Policy setting to Users can’t add or log on with Microsoft accounts.
- C . From each computer, navigate to Change Sync Settings and set the Sync Your Settings options for Apps, Browser, and Passwords to Off.
- D . From each computer, navigate to Change Sync Settings and set the Sync Your Settings option to Off.
B
Explanation:
The computers are members of a domain so the users should be using domain user accounts. We need to block the use of Microsoft accounts.
We could use the Users can’t add Microsoft accounts setting which would mean that users will not be able to create new Microsoft accounts on a computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account.
Alternatively, we can also deny the ability to log on to a domain computer with a Microsoft account (and sync computer settings) by using the Users can’t add or log on with Microsoft accounts. This will ensure that the company policy is enforced.
Topic 8, Manage apps
DRAG DROP
You manage 50 computers that run Windows 10 Enterprise. You have a Microsoft Azure RemoteApp deployment. The deployment consists of a hybrid collection named Collection1.
All computers have the Hyper-V feature installed and have a virtual machine that runs Windows 7.
You plan to install applications named App1 and App2 and make them available to all users. App1 is a 32-bit application. App2 is a 64-bit application.
You need to identify the installation method for each application. The solution needs to minimize the number of installations.
Which deployment method should you identify for each application? To answer, drag the appropriate deployment methods to the correct applications. Each deployment method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Explanation:
Azure RemoteApp supports streaming 32-bit or 64-bit Windows-based applications. Therefore, we can minimize the number of installations by installing the applications on Azure and making them available as Azure RemoteApps. This would mean one installation for App1 and one installation for App2.
You plan to deploy a Microsoft Azure RemoteApp collection by using a custom template image. The image will contain Microsoft Office 365 ProPlus apps.
You need to ensure that multiple users can run Office 365 ProPlus from the custom template image simultaneously.
What should you include in the configuration file?
- A . <Property Name = “FORCEAPPSHUTDOWN” Value = “FALSE” />
- B . <Product ID = “0365ProPlusRetail” />
- C . <Property Name = “SharedComputerLicensing” Value = “1” />
- D . <Property Name = “AUTOACTIVATE” Value = “1” />
C
Explanation:
To make Microsoft Office 365 ProPlusapps available as RemoteApps, you need to enable Shared computer activation. You do this by including the following text in the configuration file:
<Property Name = “SharedComputerLicensing” Value= “1” />
Shared computer activation lets you to deploy Office 365 ProPlus to a computer in your organization that is accessed by multiple users. For example, several nurses at a hospital connect to the same remote server to use their applications or a group of workers share a computer at a factory.
The most common shared computer activation scenario is to deploy Office 365 ProPlus to shared computers by using Remote Desktop Services (RDS). By using RDS, multiple users can connect to the same remote computer at the same time. The users can each run Office 365 ProPlus programs, such as Word or Excel, at the same time on the remote computer.
HOTSPOT
You have a server that runs Windows Server 2012 R2 server named Server1. Server1 has Remote Desktop Services (RDS) installed. You create a session collection named Session1 and publish a RemoteApp in Session1.
Server1 has an application named App1. The executable for App1 is C:AppsApp1.exe.
You need to ensure that App1 is available as a RemoteApp in Session1.
What command should you run? To answer, select the appropriate options in the answer area.
Explanation:
We need to publish App1 as a RemoteApp. We do this with the NewCRDRemoteApp cmdlet.
The CCollectionName parameter allows us to specify the session as “Session1”. The display name for the App1 will be “App1”.
The CFilePath parameter allows us to specify the path to the executable for App1.
DRAG DROP
You plan to deploy a Microsoft Azure RemoteApp collection by using a custom template image. The image will contain Microsoft Word and Excel Office 365 ProPlus programs.
You need to install the Word and Excel programs. The solution must minimize the amount of Internet traffic used during installation.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
The first step is to download the Office Deployment Tool.
You then need to modify the configuration file. This will be used to specify the installation options for Word and Excel.
You then run Setup.exe from the Office Deployment Tool with the /download option to download the required software based on the options in the configuration file.
The final step is to install Word and Excel by running Setup.exe from the Office Deployment Tool with the /configure option to install the required software based on the options in the configuration file.
You are a system administrator for a department that has Windows 10 Enterprise computers in a domain configuration.
You deploy an application to all computers in the domain.
You need to use group policy to restrict certain groups from running the application.
What should you do?
- A . Set up DirectAccess.
- B . Configure AppLocker.
- C . Disable BitLocker.
- D . Run the User State Management Tool.
B
Explanation:
AppLocker is a feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that advances the functionality of the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs.
AppLocker rules can be applied to security groups. We can use a group policy to apply AppLocker rules to the security groups to prevent them from running the application.
You support desktop computers and tablets that run Windows 8 Enterprise. All of the computers are able to connect to your company network from the Internet by using DirectAccess.
Your company wants to deploy a new application to the tablets.
The deployment solution must meet the following requirements:
– The application is not accessible if a user is working offline
– The application is stored on an internal solid-state drive (SSD) on the tablets
– The application is isolated from other applications
– The application uses the least amount of disk space
You need to deploy the new application to the tablets.
What should you do?
- A . Deploy the application as an Application Virtualization (App-V) package. Install the App-V 4.6 client on the tablets.
- B . Deploy the application as a published application on the Remote Desktop server. Create a Remote Desktop connection on the tablets.
- C . Install the application on a local drive on the tablets.
- D . Install the application in a Windows To Go workspace.
- E . Install Hyper-V on tablets. Install the application on a virtual machine.
- F . Publish the application to Windows Store.
- G . Install the application within a separate Windows 8 installation in a virtual hard disk (VHD) file. Configure the tablets with dual boot.
- H . Install the application within a separate Windows 8 installation in a VHDX file. Configure tablets with dual boot.
B
Explanation:
Deploying the application as a published application on the Remote Desktop server will use no disk space on the tablets. Users will be able to access the application by using Remote Desktop Connections. This will also ensure that the application is isolated from other applications on the tablets.
We can use Remote Desktop Connection ‘redirection’ to ensure that the application is able to access files stored on an internal solid-state drive (SSD) on the tablets. Redirection enables access to local resources such as drives, printers etc. in a Remote Desktop Connection.
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is a member of an Active Directory domain named contoso.com.
You have a line-of-business universal app named App1. App1 is developed internally.
You need to ensure that you can run App1 on Computer1. The solution must meet the following requirements:
Minimize costs to deploy the app.
Minimize the attack surface on Computer1.
What should you do?
- A . Have App1 certified by the Windows Store.
- B . Sign App1 with a certificate issued by a third-party certificate authority.
- C . From the Update & Security setting on Computer1, enable the Sideload apps setting.
- D . Run the AddCAppxProvisionedPackage cmdlet.
C
Explanation:
To install the application, you need to ‘Sideload’ it. First you need to enable the Sideload apps setting.
LOBW indows Store apps that are not signed by the Windows Store can be sideloaded or added to a PC in the enterprise through scripts at runtime on a per-user basis. They can also be provisioned in an image by the enterprise so that the app is registered to each new user profile that’s created on the PC. The requirements to sideload the app per-user or in the image are the same, but the Windows PowerShell cmdlets you use to add, get, and remove the apps are different.
Before you can sideload LOB Windows Store apps that are not signed by the Windows Store, you will need to configure the PC.
Topic 9, Manage updates and recovery
You have a computer named Computer1 that runs Windows 10 Enterprise.
You plan to install the most recent updates to Computer1.
You need to ensure that you can revert to the current state of Computer1 in the event that the computer becomes unresponsive after the update.
What should you include in your solution?
- A . The Reset this PC option from the Recovery section of the Settings app
- B . The Sync your settings options from the Accounts section of the Settings app
- C . The Backup and Restore (Windows 7) control panel item
- D . The Refresh your PC option from the PC Settings
C
Explanation:
The question states that you need to ensure that you can revert to the current state of Computer1. The question does not specify what exactly the current state is in terms of software configuration but it would be safe to assume that Computer1 has Windows Store Apps installed, desktop applications installed and some previous Windows Updates installed.
The only way to recover the computer to its ‘current’ state is to perform a full backup of the computer before updating it. Then if the computer becomes unresponsive after the update, we can simply restore the backup to return the computer to its state at the time of the backup.
You administer a Windows 10 Enterprise computer. The computer has File History turned on, and system protection turned on for drive C.
You accidentally delete a folder named LibrariesCustomers by using the Shift+Delete keyboard shortcut.
You need to restore the most recent version of the folder to its original location.
Which approach should you use to restore the folder?
- A . Recycle Bin
- B . the latest restore point
- C . File History
- D . a manually selected restore point
C
Explanation:
File History is similar to Previous Versions in previous versions of Windows. It takes regular backups of your data and saves them to a separate disk volume or external drive. When File History is enabled, it backs up all the system libraries and your custom libraries by default.
To restore a deleted folder, you can browse to the parent folder or library and select Restore Previous Versions. The Previous Versions tab will list the previous versions that can be restored to its original location or restored to an alternative location.
HOTSPOT
You have a standalone computer that runs Windows 10 Enterprise. The computer is configured to automatically back up files by using File History. The user of the computer uses the OneDrive desktop app to sync files.
The Previous Versions settings from the local group policy of the computer are shown in the following graphic.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Explanation:
When a file is deleted from the local OneDrive folder with File Explorer, the deletion is replicated to Onedrive.com and the file is moved to the OneDrive recycle bin. The deleted file can therefore be recovered from the Recycle Binon Onedrive.com.
If a user deletes a file from a local drive by using File Explorer, the file cannot be restored. If the file is not in the OneDrive folder, it will not be a file that is synced to onedrive.com. We could use Previous Versions to restore the file but this is prevented by the Group Policy settings. The “Prevent restoring local previous versions” C Enabled group policy setting would prevent the previous version from being restored.
References: http://www.groovypost.com/howto/restore-deleted-files-local-onedrive-folder/
You have a Windows 10 Enterprise computer named Computer1. Computer1 has File History enabled.
You create a folder named Folder1 in the root of the C: drive.
You need to ensure that Folder1 is protected by File History.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
- A . From File Explorer, include Folder1 in an existing library.
- B . Modify the Advanced settings from the FileHistory Control Panel item.
- C . From the Settings app, modify the Backup options.
- D . From File Explorer, modify the system attribute of Folder1.
A,C
Explanation:
By default, File History backs up all libraries. We can therefore ensure that Folder1 is protected by File History by adding the folder to a library.
The second method of ensuring that Folder1 is protected by File History is to add the folder location to File History. You do this by modifying the Backup options, not the File History Control Panel item as you might expect. In the Settings app, select Update & Security then Backup. Under the Back up using File History heading, select the Add a drive option.
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is configured to receive Windows updates from the Internet.
If a user is logged on to Computer1, you need to prevent Computer1 from automatically restarting without the logged on user’s consent after the installation of the Windows updates.
What should you do?
- A . Enable the Defer upgrades setting.
- B . Edit the Automatic App Update scheduled task.
- C . Configure the Choose how updates are delivered setting.
- D . Configure the Choose how updates are installed setting.
D
Explanation:
In the Choose how updates are installed setting, you can use the drop-down menu to choose an option:
The Schedule a restart option will allow the user to choose when the computer is restarted. Of the answers given, this is the only way to prevent Computer1 from automatically restarting without the logged on user’s consent after the installation of the Windows updates.
HOTSPOT
You have a computer that runs Windows 10 Enterprise that has a local group policy as shown in the following graphic.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Explanation:
Windows Updates will be downloaded from Windows Server Update Services only. This is determined by the “Specify Intranet Microsoft Update Service Location” setting and the “Do not connect to any Windows Update Internet locations” setting both being ‘Enabled’.
In the “Specify Intranet Microsoft Update Service Location” setting, you can specify the name of the Windows Server Updates Services server.
If a user is logged into the computer and an update requires a restart, the computer will restart when the user signs out. This is determined by the “No auto-restart with logged on users for schedule automatic updates” setting being enabled. This group policy setting creates a registry key named NoAutoRebootWithLoggedOnUsers and sets the value of the key to 1 (enabled).
With this setting enabled, you should be aware that the computer should be restarted at the earliest opportunity in order to complete the installation of the Windows Updates.
You use a Windows 8.1 tablet. The tablet receives Windows Update updates automatically from the Internet. The tablet has Wi-Fi and is connected to a 3G mobile broadband Wi-Fi hot spot. You need to minimize data usage while connected to this hot spot.
What should you do?
- A . Turn on Airplane Mode.
- B . Disable File and Print Sharing for mobile broadband connections.
- C . Configure the interface metric of IP settings for Wi-Fi connection as1.
- D . Edit the Inbound Rule of Windows Firewall, and then disable Internet Control Message Protocol (ICMP) traffic.
- E . Configure the broadband connection as a metered network.
E
Explanation:
You can limit the bandwidth used by the broadband connection by configuring it as a metered network. A metered network is a network where data downloaded is ‘metered’(measured) and you are charged for the amount of data downloaded.
Setting a connection as metered prevents Windows from automatically using bandwidth in a number of ways including the following:
Disables automatic downloading of Windows updates: Windows won’t automatically download updates from Windows Update on metered Internet connections. You’ll get a “Download” button you can click whenever you want to install updates.
Disables automatic downloading of app updates: The Windows Store won’t automatically download updates for your installed “Store apps” on metered connections, either. Desktop apps like Chrome, Firefox, and others will continue updating themselves normally.
Tiles may not update: Microsoft says that the live tiles on your Start menu or Start screen “may” stop updating on a metered connection:
Topic 10, Mixed Questions
A company has client computers that run Windows 10.
The client computer systems frequently use IPSec tunnels to securely transmit data.
You need to configure the IPSec tunnels to use 256-bit encryption keys.
Which encryption type should you use?
- A . 3DES
- B . DES
- C . RSA
- D . AES
D
Explanation:
IPSec tunnels can be encrypted by 256-bit AES.
L2TP/IPsec allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or Asynchronous Transfer Mode (ATM).
The L2TP message is encrypted with one of the following protocols by using encryption keys generated from the IKE negotiation process: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms.
You administer a group of 10 client computers that run Windows 10. The client computers are members of a local workgroup. Employees log on to the client computers by using their Microsoft accounts.
The company plans to use Windows BitLocker Drive Encryption. You need to back up the BitLocker recovery key.
Which two options can you use? (Each correct answer presents a complete solution. Choose two.)
- A . Save the recovery key to a file on the BitLocker-encrypted drive.
- B . Save the recovery key in the Credential Store.
- C . Save the recovery key to OneDrive.
- D . Print the recovery key.
C,D
Explanation:
C: The Bitlocker recovery key is saved in your OneDrive account in the cloud.
D: The recovery key can be printed.
You are using sysprep to prepare a system for imaging.
You want to reset the security ID (SID) and clear the event logs.
Which option should you use?
- A . /generalize
- B . /oobe
- C . /audit
- D . /unattend
A
Explanation:
Generalize prepares the Windows installation to be imaged.
If this option is specified, all unique system information is removed from the Windows installation. The security ID (SID) resets, any system restore points are cleared, and event logs are deleted.
The next time the computer starts, the specialize configuration pass runs. A new security ID (SID)is created, and the clock for Windows activation resets, if the clock has not already been reset three times.
Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users’ settings in an Active Directory environment.
In other words, Group Policy in part controls what users can and can’t do on a computer system.
Which one of these policies requires a reboot?
- A . Turn off Windows Defender
- B . Turn off Autoplay for non-volume devices
- C . Disable Active Desktop
- D . Turn off Data Execution Prevention for Explorer
D
Explanation:
A reboot is REQUIRED when turning off Data Execution Prevention (DEP) for Explorer.
Which term is used to refer to installing apps directly to a device without going through the Windows Store?
- A . SQL Injection
- B . BranchCache
- C . DLL Hijack
- D . Sideloading
D
Explanation:
When you side load an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps, instead of installing the apps from Windows Store.
IPv6 has a vastly larger address space than IPv4. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT).
Do you know how many more bits there are in an IPv4 address compared to an IPv6 address?
- A . 4 times more
- B . 6 times more
- C . Twice as many
- D . 8 times more
A
Explanation:
IPv4 addresses are 32 bit, IPv6 addresses are 128 bit. Four times more bits are used for Ipv6 compared to Ipv4.
You are using sysprep to prepare a system for imaging.
You want to enable end users to customize their Windows operating system, create user accounts, name the computer, and other tasks.
Which sysprep setting should you use?
- A . /oobe
- B . /audit
- C . /generalize
- D . /unattend
A
Explanation:
The /oobe option restarts the computer into Windows Welcome mode. Windows Welcome enables end users to customize their Windows operating system, create user accounts, name the computer, and other tasks. Any settings in the oobe System configuration pass in an answer file are processed immediately before Windows Welcome starts.
You have set up a new wireless network for one of your prestigious clients.
The director wants to ensure that only certain designated wireless laptops can connect to the new network to prevent misuse.
What do you need to do?
- A . Use MAC address control
- B . Use IPv4 address control
- C . Use WEP
- D . Use WPA
A
Explanation:
A media access control address (MAC address), also called a physical address, of a computer which is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi.
You administer computers that run Windows 10 Enterprise and are members of an Active Directory domain. The computers are encrypted with BitLocker and are configured to store BitLocker encryption passwords in Active Directory.
A user reports that he has forgotten the BitLocker encryption password for volume E on his computer. You need to provide the user a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Ask the user for his computer name.
- B . Ask the user to run the manageCbde Cunlock E: Cpw command.
- C . Ask the user for his logon name.
- D . Ask the user for a recovery key ID for the protected volume.
A,B
Explanation:
A: To view the recovery passwords fora computer you would need the computer name:
In Active Directory Users and Computers, locate and then click the container in which the computer is located.
Right-click the computer object, and then click Properties.
In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the particular computer.
B: The ManageCbde: unlock command unlocks a BitLocker-protected drive by using a recovery password or a recovery key.
You have a desktop computer that runs Windows 8 Enterprise. You add three new 3-terabyte disks. You need to create a new 9-terabyte volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
- A . From Disk Management, create a new spanned volume.
- B . From Disk Management, convert all of the 3-terabyte disks to GPT.
- C . From PowerShell, run the NewCVirtualDisk cmdlet.
- D . From Disk Management, bring all disks offline.
- E . From Diskpart, run the Convert MBR command.
- F . From PowerShell, run the AddCPhysicalDisk cmdlet.
A,B
Explanation:
B: GPT disks can grow to a very large size. The maximum partition (and disk) size is a function of the operating system version. Windows XP and the original release of Windows Server 2003 have a limit of 2TB per physical disk, including all partitions. For Windows Server 2003 SP1, Windows XP x64 edition, and later versions, the maximum raw partition of 18 exabytes can be supported.
A: A spanned volume is a dynamic volume consisting of disk space on more than one physical disk. If a simple volume is not a system volume or boot volume, you can extend it across additional disks to create a spanned volume, or you can create a spanned volume in unallocated space on a dynamic disk. You can make a spanned volume of GPT disks.
At home, you use a Windows 10 desktop computer. At work, you use a Windows 10 laptop that is connected to a corporate network. You use the same Microsoft account to log on to both computers.
You have a folder with some personal documents on your desktop computer. The folder must be available and synced between both computers.
You need to ensure that the latest version of these files is available.
What should you do?
- A . Create a folder by using OneDrive for Windows. Move all of the personal documents to the new folder.
- B . Move the folder to the Libraries folder. Go to PC Settings. Under Sync your settings, enable App settings.
- C . Right-click the folder and click Properties. Under Security, provide Full Control for the Microsoft account.
- D . Right-click the folder and select Share With, and then select Homegroup (view and edit).
A
Explanation:
To save a doc you’re working on to OneDrive, select a OneDrive folder from the list of save locations. To move files to OneDrive, open File Explorer and then drag them into a OneDrive folder.
Note: OneDrive (previously SkyDrive, Windows Live SkyDrive, and Windows Live Folders) is a file hosting service that allows users to sync files and later access them from a web browser or mobile device. Users can share files publicly or with their contacts; publicly shared files do not require a Microsoft account to access them. OneDrive is included in the suite of online services formerly known as WindowsLive.
You have 100 client Windows 10 computers. Users are NOT configured as local administrators. You need to prevent the users from running applications that they downloaded from the Internet, unless the applications are signed by a trusted publisher.
What should you configure in the Security settings from the Action Center?
- A . Virus protection
- B . User Account Control
- C . Windows SmartScreen settings
- D . Network Access Protection
C
Explanation:
SmartScreen checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen will warn you that the download has been blocked for your safety. SmartScreen also checks the files that you download against a list of files that are well known and downloaded by many people who use Internet Explorer. If the file that you’re downloading isn’t on that list, SmartScreen will warn you.
You are a systems administrator of a small branch office. Computers in the office are joined to a Windows 10 HomeGroup.
The HomeGroup includes one shared printer and several shared folders.
You join a new computer to the HomeGroup and try to access the HomeGroup shared folders. You discover that the shared folders are unavailable, and you receive an error message that indicates the password is incorrect.
You need to reconfigure the new computer in order to access the HomeGroup resources.
What should you do?
- A . Adjust the time settings on the new computer to match the time settings of the HomeGroup computers.
- B . Change the Enterprise password and re-enter it on the computers of all members of the HomeGroup.
- C . Change the default sharing configuration for the shared folders on the HomeGroup computers.
- D . Reset your account password to match the HomeGroup password.
A
Explanation:
Symptoms
When joining a system to a HomeGroup, you may receive the following error message "The password is incorrect", even though you have typed the password correctly.
Cause
This can be caused by a difference in the Date and Time settings on the computer trying to join the HomeGroup, and not an invalid password. If the date/time of the computer joining a HomeGroup is greater than 24 hours apart from the date/time of the system that owns the HomeGroup, this will cause the error.
Resolution
Adjust the date/time settings on the system joining the HomeGroup, to match the system that owns the HomeGroup, and then try to join again.
Your network contains an Active Directory domain. The domain contains 100 Windows 10 client computers. All of the computers secure all connections to computers on the internal network by using IPSec.
The network contains a server that runs a legacy application.
The server does NOT support IPSec.
You need to ensure that some of the Windows 8 computers can connect to the legacy server. The solution must ensure that all other connections are secured by using IPSec.
What should you do?
- A . Modify the settings of the Domain Profile.
- B . Create a connection security rule.
- C . Create an inbound firewall rule.
- D . Modify the settings of the Private Profile,
A
Explanation:
A firewall profile is a way of grouping settings, such as firewall rules and connection security rules, which are applied to the computer depending on where the computer is connected. On computers running this version of Windows, there are three profiles for Windows Firewall with Advanced Security: Domain, Private, and Public.
The Domain profile is applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined.
You administer Windows 10 Enterprise laptop and desktop computers. Your company uses Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS).
Your company decides that access to the company network for all users must be controlled by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?
- A . Install smart card readers on all computers. Issue smart cards to all users.
- B . Enable the Password must meet complexity requirements policy setting. Instruct users to logon by typing their user principal name (UPN) and their strong password.
- C . Create an Internet Protocol security (IPsec) policy on each Windows 10 Enterprise computer to encrypt traffic to and from the domain controller
- D . Issue photo identification to all users. Instruct all users to create and use a picture password.
A
Explanation:
Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates.
A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources.
Your network contains an Active Directory domain and 100 Windows 10 client computers. All software is deployed by using Microsoft Application Virtualization (App-V) 5.0.
Users are NOT configured as local administrators.
Your company purchases a subscription to Microsoft Office 365 that includes Office 365 ProPlus.
You need to create an App-V package for Office 365 ProPlus.
What should you do?
- A . Run the Office Customization Tool (OCT), run the App-V Sequencer and then run Setup /Packager.
- B . Download the Office Deployment Tool for Click-to-Run, run the App-V Sequencer and then run Setup /Admin.
- C . Download the Office Deployment Tool for Click-to-Run, run Setup /Download and then run Setup /Packager.
- D . Run the Office Customization Tool (OCT), run Setup /Download and then run the App-V Sequencer.
C
Explanation:
The Office Deployment Tool allows the administrator to customize and manage Office 2013Volume License or Office 365 Click-to-Run deployments.
The Office Deployment Tool Setup runs the following tasks:
Setup /Download C Downloads files to create an Office 15 installation
Setup /Configure C Adds, removes, or configures an Office 15 installation
Setup /Packager C Produces an Office 15 App-V package
You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain. Some volumes on the computers are encrypted with BitLocker.
The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker password to local drive E: and is unable to access the protected volume.
You need to provide a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
- A . Ask the user to run the manageCbdeCprotectorsCdisable e: command.
- B . Ask the user for his or her logon name.
- C . Ask the user to run the manageCbdeCunlock E:Cpw command.
- D . Ask the user for his or her computer name.
- E . Ask the user for a recovery key ID for the protected drive.
C,D
Explanation:
D: To view the recovery passwords for a computer you would need the computer name:
In Active Directory Users and Computers, locate and then click the container in which the computer is located.
Right-click the computer object, and then click Properties.
In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the particular computer.
C: The ManageCbde: unlock command unlocks a BitLocker-protected drive by using a recovery password or a recovery key.
You are a systems administrator for your company. The company has employees who work remotely by using a virtual private network (VPN) connection from their computers, which run Windows 8 Pro.
These employees use an application to access the company intranet database servers. The company recently decided to distribute the latest version of the application through using a public cloud.
Some users report that every time they try to download the application by using Internet Explorer, they receive a warning message that indicates the application could harm their computer.
You need to recommend a solution that prevents this warning message from appearing, without compromising the security protection of the computers.
What should you do?
- A . Publish the application through a public file transfer protocol (FTP) site.
- B . Publish the application through an intranet web site.
- C . Instruct employees to disable the SmartScreen Filter from within the Internet Explorer settings.
- D . Publish the application to Windows Store.
B
Explanation:
As the publication is to be published on the cloud, we should publish in through the Windows Store.
You administer computers that run Windows 8 Enterprise in an Active Directory domain in a single Active Directory Site. All user account objects in Active Directory have the Manager attribute populated. The company has purchased a subscription to Windows Intune. The domain security groups are synchronized with the Microsoft Online directory.
You create a Windows Intune group that specifies a manager as a membership criterion. You notice that the group has no members.
You need to ensure that users that meet the membership criteria are added to the Windows Intune group.
What should you do?
- A . Force Active Directory replication within the domain.
- B . Ensure that all user accounts are identified as synchronized users.
- C . Ensure that the user who is performing the search has been synchronized with the Microsoft Online directory.
- D . Synchronize the Active Directory Domain Service (AD DS) with the Microsoft Online directory.
B
Explanation:
For users and security groups to appear in the Windows Intune administrator console, you must sign in to the Windows Intune account portal and do one of the following:
Manually add users or security groups, or both, to the account portal.
Use Active Directory synchronization to populate the account portal with synchronized users and security groups.
The Windows Intune cloud service enables you to centrally manage and secure PCs through a single web-based console so you can keep your computers, IT staff, and users operating at peak performance from virtually anywhere without compromising the essentials: cost, control, security, and compliance.
References: http://technet.microsoft.com/en-us/windows/intune.aspx
http://technet.microsoft.com/library/hh441723.aspx
You support Windows 10 Enterprise laptops that are part of a workgroup. An employee is unable to start Windows Mobility Center on his laptop.
You need to make it possible for the employee to use Windows Mobility Center on the laptop.
What should you do?
- A . Use Add features to Windows 10 Enterprise to add Windows Mobility Center.
- B . Use Programs and Features to repair the installation of Windows Mobility Center.
- C . Use Local Group Policy Editor to set Turn off Windows Mobility Center to Not Configured.
- D . Use Turn Windows features on or off in Programs and Features to enable Windows Mobility Center.
C
Explanation:
To Enable or Disable Windows Mobility Center using Group Policy
You have a Windows 8.1 Enterprise client computer named Computer1.
The Storage Spaces settings of Computer1 are configured as shown in the following exhibit. (Click the Exhibit button.)
You plan to create a three-way mirror storage space in the storage pool and to set the size of the storage space to 50 GB.
You need to identify the minimum number of disks that must be added to the storage pool for the planned mirror.
How many disks should you identify?
- A . 1
- B . 3
- C . 4
- D . 5
B
Explanation:
In Windows Server 2012 Storage Spaces and Windows 8Storage Spaces, a 2-way mirror requires at least 2 physical disks.
However, a 3-way mirror requires at least 5 physical disks.
The reason is that a 3-way mirror uses a quorum. In order to keep running, the mirror space must keep over 50% of the disks functioning.
So a 3-way mirror must have at least 5 physical disks to be able to survive the loss of up to 2 physical disks.
Your company has Windows 10 client computers. All of the computers are managed by using Windows Intune. You need to provide a user with the ability to deploy software to the computers by using Windows Intune.
The solution must minimize the number of permissions assigned to the user.
Which role should you use?
- A . User management administrator from the Windows Intune account portal
- B . Global administrator from the Windows Intune account portal
- C . Service administrator from the Windows Intune administrator console
- D . Service administrator from the Windows Intune account portal
C
Explanation:
As a service administrator, you use the Microsoft Intune administrator console to manage day-to-day tasks, such as deploying applications, for Intune.
Your company has a main office that has a connection to the Internet.
The company has 100 Windows 10 Enterprise computers that run Microsoft Office 2010.
You purchase a subscription to Office 365 for each user. You download the Office Deployment Tool for Click-to-Run.
You need to deploy Office 365 Pro Plus to the computers. The solution must minimize the amount of traffic over the Internet connection.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
- A . On a file server, run setup.exe and specify the /download parameter.
- B . On each client computer, run setup.exe and specify the /configure parameter.
- C . On a file server, run setup.exe and specify the /configure parameter.
- D . On each client computer, run setup.exe and specify the /download parameter.
A,C
Explanation:
A: First we download the installation files to the server. The Office Deployment Tool Setup /Download command downloads files to create an Office 15 installation
C: The Office Deployment Tool Setup /Configure command adds, removes, or configures an Office 15 installation. This should be run on the server.
Note: To deploy Click-to-Run for Office 365 products and languages from a network share by using the Office Deployment Tool, you do the following:
Create a customized Configuration.xml file to specify which Click-to-Run for Office 365 products and languages to deploy.
Use the Office Deployment Tool with the /configure command and the customized Configuration.xml file to install Click-to-Run for Office 365 products and languages on a user’s computer.
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10. A local printer is shared from a client computer. The client computer user is a member of the Sales AD security group.
You need to ensure that members of the Sales security group can modify the order of documents in the print queue, but not delete the printer share.
Which permission should you grant to the Sales group?
- A . Manage queue
- B . Manage this printer
- C . Print
- D . Manage documents
- E . Manage spooler
D
Explanation:
With the Manage Documents permission the user can pause, resume, restart, cancel, and rearrange the order of documents submitted by all other users. The user cannot, however, send documents to the printer or control the status of the printer.
You have a computer that runs Windows 10. You have an application control policy on the computer. You discover that the policy is not enforced on the computer.
You open the Services snap-in as shown in the exhibit. (Click the Exhibit button.)
You need to enforce the application control policy on the computer.
What should you do?
- A . Set the Application Identity service Startup Type to Automatic and start the service.
- B . Set the Application Information service Startup Type to Automatic and start the service.
- C . Set the Application Management service Startup Type to Automatic and start the service.
- D . Set the Application Experience service Startup Type to Automatic and start the service.
A
Explanation:
AppLocker, and its applications control policies, relies upon the Application Identity Service being active.
Note: When you install Windows 7, the startup type of the Application Identity Service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic.
HOTSPOT
Your company has a main office and two branch offices named Branch1 and Branch2. The main office contains a file server named Server1 that has BranchCache enabled. Branch1 contains a server named Server2 that is configured as a hosted cache server. The average round trip network latency between the offices is 100 milliseconds.
All client computers run Windows 8 Enterprise. All of the computers are joined to an Active Directory domain.
The BranchCache settings of all the computers are configured as shown in the following exhibit. (Click the Exhibit button.)
In the table below, identify the effective setting for the client computers in each branch office.
Note: Make one selection in each column. Each correct selection is worth one point.
Explanation:
Both Server1 and Server2 will cache content for their local clients.
Note: BranchCache has two modes of operation:
References: https://blogs.technet.microsoft.com/canitpro/2013/05/13/step-by-step-enabling-branchcache-in-microsoft-windows-server-2012/
HOTSPOT
You provide support for a small company. The company purchases a Windows 10 laptop for an employee who travels often. The company wants to use BitLocker to secure the hard drive for the laptop in case it is lost or stolen.
While attempting to enable BitLocker, you receive the error message shown in the following image:
Explanation:
How to Configure Computer to Enable BitLocker without Compatible TPM:
Administrators must follow the steps below to configure their Windows 8 computers to allow enabling Bit LockerDrive Encryption without compatible TPM:
References: https://answers.microsoft.com/en-us/windows/forum/windows_8-security/allow-bitlocker-without-compatible-tmp-module/4c0623b5-70f4-4953-bde4-34ef18045e4f?auth=1
DRAG DROP
You support desktop computers for a company named Fabrikam, Inc. The computers are members of the Active Directory domain named fabrikam.com. Fabrikam works with a supplier named Contoso, Ltd.
Each company has a public key infrastructure (PKI), and no public certificate authorities (CAs) are used. Fabrikam employees regularly use a Contoso website that is hosted on a server in the contoso.com domain.
The website requires SSL and mutual authentication.
You need to configure the computers to allow Fabrikam users to access the Contoso website without any warning prompts. You also need to use the fewest certificates possible.
Which certificate or certificates should you use?
DRAG DROP
A company has a main office located in Miami, and branch offices in Boston, Los Angeles and Portland.
The Office Networks are configured as described in the following table.
A management computer in the main office, named COMPUTER1, runs windows 8 and several third-party management applications.
You need to meet the following requirements:
– Ensure that only users in the Boston office can connect to COMPUTER1 by using http.
– Ensure that only users in the Los Angeles office can connect COMPUTER1 by using https
– Ensure that only users in th Portland office can connect to COMPUTER1 by using FTP.
You are configuring access to COMPUTER1.
How should you configure windows firewall?
Explanation:
* First Row: 10.20.0.0/16, 21, TCP
The Portland users, on network 10.20.0.0/16, need FTP, which uses TCP port 21.
* Second Row: 10.30.0.0/16, 80, TCP
The Boston users, on network10.30.0.0/16, need HTTP, which uses TCP port 80.
*Third row:10.40.0.0/16, 443, TCP
The Los Angles users, on network 10.40.0.0/16, need HTTPS, which uses TCP port 443.
References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
DRAG DROP
You administer Windows 10 Enterprise computers. Your company has a team of technical writers that is preparing technical manuals and help files. The team manager wants to ensure that the technical writers are able to restore any documents that been modified within the last year.
You need to ensure that the technical writers can restore Microsoft Word files to any previous versions for up to one year.
Which three actions should you perform in sequence?
Explanation:
We need a NTFS folder.
In the Advanced settings we can configure the Keep SavedVersions settings.
Finally we turn on File History.
DRAG DROP
You manage update compliance for Windows 10 desktop computers that are part of a domain. You need to configure new desktops to automatically receive updates from an intranet resource that you manage.
Which three actions should you perform in sequence?
Explanation:
Box 1: Create a GPO that enables automatic updates through the intranet source.
Box 2: gpupdate /force
The Gpupdate command refreshes local and Active Directory-based Group Policy settings, including security settings. The /force Ignores all processing optimizations and reapplies all settings.
Box 3: Configure the clients to install updates automatically.
DRAG DROP
You work for a small company that uses Windows 10 computers. The computers are joined to a homegroup. You want to share an existing folder named Research. It is located in the Documents folder.
You need to give users the ability to change the files in this folder.
Which three actions should you perform in sequence?
Explanation:
Box 1: Righ-click on the Research folder.
Select the folder.
Box 2: Share it with the home group.
Finally we need to change the level of access, which by default is view.
Box 3: Under Share With, choose HomeGroup (View and edit).
DRAG DROP
You have a Windows 8 computer. You need to migrate from Windows 8 to Windows 10 while retaining as much data as possible. You load the Windows 10 media into the DVD drive.
Which three actions should you perform next in sequence?
Explanation:
Box 1: Run the Setup.exe file from the DVD.
Launch setup.exe on the DVD drive to start the upgrade process.
Box 2: Enter the license key.
You will be prompted for the license key.
Box 3: Under the installation, choose Keep personal files.
References: http://www.laptopmag.com/articles/how-to-upgrade-windows-10
DRAG DROP
You administer Windows 8 Pro computers in your company network.
You discover that Sleep, Shut down and Restart are the only options available when you select the Power button as shown in the following exhibit (Click the Exhibit button.)
You need to enable hibernation on the computer.
Which three steps should you perform in sequence?
Explanation:
Box 1: From the Charm Bar, open Change PC settings.
The Settings options of the Charm bar let you quickly tweak your computer’s six major settings: WiFi/Network, Volume, Screen, Notifications, Power, and Keyboard/Language.
Box 2: Select What the power button does.
In Power options, select Choose what the power button does.
Box 3: Change the When Ipress the power button menu settings.
Now select the option that says “Change settings that are currently unavailable”.
This will provide you with the option to enable Hibernation. Check Show Hibernate option to enable and click Save Changes.
References: http://www.addictivetips.com/windows-tips/how-to-enable-windows-8-hibernate-option/
DRAG DROP
You administer 50 laptops that run Windows 7 Professional 32-bit. You want to install Windows 10 Enterprise 64-bit on every laptop. Users will keep their own laptops.
You need to ensure that user application settings, Windows settings, and user files are maintained after Windows 10 Enterprise is installed.
Which four actions should you perform in sequence?
Explanation:
Box 1: First we copy the User State Migration Tool to the source computer.
Box 2: Scanstatewith /nocompress
The ScanState command is usedwith the User State Migration Tool (USMT) 5.0 to scan the source computer, collect the files and settings, and create a store.
We use the /nocompress option as the only available loadstate option, in step 4, uses /nocompress.
Box 3: Delete old partitions, and install windows 8 on a new partition.
After you create a migration store on a server, you will install Windows 8 and load the files and settings from that migration store onto the destination computer. You can reformat the source computer (PC refresh) and use it as your destination computer, or you can use an additional computer (PC replacement).
Box 4: Loadstate
To apply migrated data to your hard drives, you connect the computer to your network, install USMT (this step is missing in this question),and then run LoadState.
References: https://technet.microsoft.com/en-us/library/hh824873.aspx
DRAG DROP
You administer desktop computers that run Windows 8 Enterprise and are members of an Active Directory domain.
A new security policy states that all traffic between computers in the research department must be encrypted and authenticated by using Kerberos V5. You need to configure the requested traffic authentication settings by using Windows Firewall with Advanced Settings.
Which three actions should you perform in sequence?
Explanation:
(Step 1) In the Windows Firewall with Advanced Security MMC snap-in, right-click Connection Security Rules, and then click New Rule.
(Step 2) On the Rule Type page, click Isolation, and then click Next. (The Kerberos option in step 4 below is available only when you specify an Isolation or Custom rule type.)
On the Requirements page, confirm that Request authentication for inbound and outbound connections selected, and then click Next.
(Step 3) On the Authentication Method page, click Computer and user (Kerberos V5), and then click Next.
On the Profile page, clear the Private and Public check boxes, and then click Next.
On the Name page, type Request Inbound Request Outbound, and then click Finish.
DRAG DROP
Your network contains an Active Directory domain and 100 Windows 10 Enterprise client computers. All software is deployed by using Microsoft Application Virtualization (App-V) 5.0.
Users are NOT configured as local administrators. Your company purchases a subscription to Microsoft Office 365 that includes Office 365 ProPlus.
You need to create an App-V package for Office 365 ProPlus.
Which three actions should you perform in sequence?
Explanation:
Step 1: First we download the Office Deployment Tool for Click-to Run.
Step 2: We use the tool to download files to create an Office 15 installation with the Run Setup/Download command.
Step 3: Finally we produce the App-V package with by running the Setup /Packager.
The Office Deployment Tool allows the administrator to customize and manage Office 2013 Volume License or Office 365 Click-to-Run deployments.
The Office Deployment Tool Setup runs the following tasks:
Setup /Download C Downloads files to create an Office 15 installation
Setup /Configure C Adds, removes, or configures an Office 15 installation
Setup/Packager C Produces an Office 15 App-V package
DRAG DROP
You administer computers that run Windows 10 Enterprise. The computers on your network are produced by various manufacturers and often require custom drivers.
You need to design a recovery solution that allows the repair of any of the computers by using a Windows Recovery Environment (WinRE).
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange then in the correct order.
Explanation:
The Windows Assessment and Deployment Kit (Windows ADK) is a collection of tools and documentation that you can use to customize, assess, and deploy Windows operating systems to new computers.
Walkthrough: Create a Custom Windows PE Image
References: https://technet.microsoft.com/en-us/library/cc709665(v=ws.10).aspx
DRAG DROP
A local printer named PRINTER1 is shared from a client computer named COMPUTER1 that run a 32-bit version of Windows 10. A workgroup contains client computers that run a 64-bit version of Windows 10.
Computers in the workgroup can’t currently print to PRINTER1.
You need to ensure that the workgroup computers can print to PRINTER1.
Which three actions should you perform in sequence? To answer, move the appropriate actions to the answer area and arrange them in the correct order.
Explanation:
You can very well add a 64-bit printer driver to a local printer on a 32-bit Windows operating system.
After the 64-bit driver has been added connect the 64-bit Windows 10 computers to the printer.
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
Your company is developing a line-of-business application.
You plan to deploy the application by using Windows Store for Business.
You need to ensure that a developer can publish the application to the Windows Store for Business.
What should you do first?
- A . Provision a Windows Dev Center dev account for the developer.
- B . Assign the Windows Store Purchaser role to the developer.
- C . Assign the Windows Store Admin role to the developer.
- D . Provision a Microsoft Azure Active Directory (Azure AD) account for the developer.
- E . Provision a Microsoft account for the developer.
DRAG DROP
You have a line-of-business universal app named App1. You have an image of Windows 10 Enterprise named Image1.
Image1 is mounted to the C:Folder1 folder on a Windows 10 Enterprise computer named Computer1. The source for App1 is in the C:Folder2 folder.
You need to ensure that App1 is included in Image1.
What command should you run on Computer1? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
References: https://technet.microsoft.com/en-us/library/dn376490.aspx
DRAG DROP
You have a computer that runs Windows 10.
You need to meet the following requirements:
• Users must use complex passwords.
• Users must change their password every 180 days.
• Users must be prompted to change their password seven days before the pass-word expires.
Which policy setting should you configure for each requirement? To answer, drag the appropriate policy settings to the correct requirements. Each policy setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
References: https://technet.microsoft.com/en-us/library/jj852243(v=ws.11).aspx
You administer Windows 10 Enterprise client computers in your company network.
You change settings on a reference computer by using the Windows Firewall with Advanced Security tool. You want to apply the same settings to other computers.
You need to save the Windows Firewall with Advanced Security configuration settings from the reference computer. You also need to be able to import the configuration settings into a Group Policy object later.
What should you do?
- A . Open Local Group Policy Editor, select the Windows Firewall with Advanced Security node, and then select the Export Policy action.
- B . Run the netsh advfirewall export c:settings.wfw command.
- C . Run the netsh firewall export c:settings.xml command.
- D . Run the netsh advfirewall export c:settings.xml command
A company has 100 Windows 10 Enterprise client computers. The client computers are members of a workgroup.
A custom application requires a Windows Firewall exception on each client computer.
You need to configure the exception on the client computers without affecting existing firewall settings.
Which Windows PowerShell cmdlet should you run on each client computer?
- A . SetCNetFirewallRule
- B . NewCNetFirewallRule
- C . NewCNetIPSecMairModeRule
- D . SetCNetFirewallProfile
- E . SetCNetFirewallSetting
B
Explanation:
References: https://technet.microsoft.com/en-us/library/jj554908.aspx
You administer Windows 10 Enterprise client computers in your company network.
A user reports that her Internet connection is slower than usual.
You need to identify the Process Identifiers (PIDs) of applications that are making connections to the Internet.
Which command should you run?
- A . netstat Can
- B . netsh show netdlls
- C . netsh set auditClogging
- D . netstat Co
- E . ipconfig /showclassid
HOTSPOT
You administer Windows 10 Enterprise computers in your company network. All computers include Windows 10 Enterprise compatible Trusted Platform Module (TPM).
You configure a computer that will run a credit card processing application.
You need to ensure that the computer requires a user to enter a PIN code when starting the computer.
Explanation:
Require additional authentication at startup”
References: http://www.howtogeek.com/192894/how-to-set-up-bitlocker-encryption-on-windows/
HOTSPOT
You plan to use a Group Policy to configure the power settings of several laptops.
You need to ensure that the laptops meet the following requirements:
Which two Power Management Group Policy settings should you modify? To answer, select the appropriate settings in the answer area.
You are the network administrator for Contoso, Ltd. Many users have Windows 10 Enterprise laptops, and your IT department configures all of them to use BitLocker on all fixed drives.
Many users carry sensitive corporate data on their USB drives.
You need to enable BitLocker for these USB drives.
Which key protector option should you use?
- A . a smartcard
- B . a startup key
- C . TPM+PIN
- D . TPM+Password
D
Explanation:
References: http://www.howtogeek.com/192894/how-to-set-up-bitlocker-encryption-on-windows/
HOTSPOT
You have an Active Directory domain named contoso.com. You have a server that runs Windows Server 2012 R2 and that is a Remote Desktop server.
The RD Web Access Web application settings are shown in the following graphic.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to deploy a Microsoft Azure RemoteApp hybrid collection.
You plan to use a custom template image named Image1 to deploy the hybrid collection.
You need to identify the role and feature that must be enabled in the image to support the deployment of the hybrid collection.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
References: https://azure.microsoft.com/en-gb/documentation/articles/remoteapp-create-custom-image/
You have a Microsoft Intune subscription.
You need to uninstall the Intune agent from a computer.
What should you do?
- A . From the Groups node in the Microsoft Intune administration portal, click Delete.
- B . From the computer, run the provisioningutil.exe command.
- C . From the computer, run the cltui.exe command.
- D . From the computer, use Programs and Features in Control Panel.
B
Explanation:
Answer A is close but incorrect. You would need to select Retire/Wipe, not Delete.
References: https://www.petervanderwoude.nl/post/uninstall-the-microsoft-intune-client/
DRAG DROP
You have a Microsoft Intune subscription.
You need to identify devices based on the following requirements:
• Devices that are jailbroken or rooted
• Devices that are remote wiped or deleted.
• Devices that have blacklisted applications installed.
Which type of report should you use for each requirement? To answer, drag the appropriate reports to the correct requirements. Each report may be used once, more than once, are not at all. You may need to drag the split bar between panes or scroll to view content.
Explanation:
References: https://docs.microsoft.com/en-us/intune/deploy-use/understand-microsoft-intune-operations-by-using-reports
Your network contains an Active Directory domain named contoso.com. All users have email addresses in the @adatum.com domain.
You need to ensure that users can register Windows 10 mobile devices for mobile device management (MDM).
Which DNS record should you create?
- A . Enterpriseregistration.adatum.com
- B . Deviceregistration.adatum.com
- C . Deviceregistration.contoso.com
- D . Enterpriseregistration.contoso.com
D
Explanation:
References: https://technet.microsoft.com/en-us/windows/dn771709.aspx
You support Windows 10 Enterprise laptops. Microsoft BitLocker Administration and Monitoring (MBAM) is deployed on your network on a server named SERVER1.
Company policy requires that laptops with MBAM client installed prompt users to enable BitLocker within 2 hours of being started.
You need to make changes to the Configure MBAM Services Group Policy settings.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Set Select BitLocker Recovery Information to store to Recovery password only.
- B . Set Select BitLocker Recovery Information to store to Recovery password and key package.
- C . Set Enter status reporting frequency (in minutes) to 120.
- D . Set MBAM Status reporting endpoint to SERVER1.
- E . Set MBAM Recovery and Hardware service endpoint to SERVER1.
- F . Set Enter client checking status frequency (in minutes) to 120.
E,F
Explanation:
References: http://www.projectleadership.net/blogs_details.php?id=3519
You purchase a new Windows 10 Enterprise desktop computer. You have six external USB hard drives.
You want to create a single volume by using the six USB drives. You want the volume to be expandable, portable, and resilient in the event of simultaneous failure of two USB hard drives.
You need to create the required volume.
What should you do?
- A . From Control Panel, create a new Storage Space across 6 USB hard drives. Set resiliency type to Parity.
- B . From Disk Management, create a new striped volume.
- C . From Disk Management, create a new spanned volume.
- D . From Control Panel, create a new Storage Space across 6 USB hard drives. Set resiliency type to Three-way mirror.
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a computer that runs Windows 10 and is used by 10 users. The computer is joined to an Active Directory domain. All of the users are members of the Administrators group. Each user has an Active Directory account.
You have a Microsoft Word document that contains confidential information.
You need to ensure that you are the only user who can open the document.
What should you configure?
- A . account policies
- B . application control policies
- C . HomeGroup settings
- D . software restriction policies
- E . NTFS permissions
- F . Microsoft OneDrive
- G . share permissions
- H . Encrypting File System (EFS) settings
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
A user successfully accesses \server1SourcesApp1. The user cannot access \server1SourcesApp2.
You need to ensure that the user can access \server1SourcesApp2.
What should you configure?
- A . Microsoft OneDrive
- B . share permissions
- C . account policies
- D . software restriction policies
- E . HomeGroup settings
- F . application control policies
- G . NTFS permissions
- H . Encrypting File System (EFS) settings
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have an application named App1 installed on a computer named Computer1. Computer1 runs Windows 10. App1 saves data to %UserProfile%App1Data.
You need to ensure that you can recover the App1 data if Computer1 fails.
What should you configure?
- A . share permissions
- B . application control policies
- C . Encrypting File System (EFS) settings
- D . NTFS permissions
- E . HomeGroup settings
- F . Microsoft OneDrive
- G . software restriction policies
- H . account policies
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.
You have a computer that runs Windows 10 and is used by 10 users. The computer is joined to an Active Directory domain. Each user has an Active Directory account.
You need to ensure that all of the users can access the files located in one another’s libraries.
What should you configure?
- A . Microsoft OneDrive
- B . HomeGroup settings
- C . Encrypting File System (EFS) settings
- D . NTFS permissions
- E . Account policies
- F . Share permissions
- G . Software restriction policies
- H . Application control policies
All client computers in a company’s network environment run Windows 10 Enterprise.
A client computer has drives that are configured as shown in the following table.
You are choosing a backup destination for drive C. You have the following requirements:
• Ensure that the backup file is available if drive C: fails.
• Ensure that the backup file can be accessed by other computers on the network.
• Support the storage of multiple versions of system image backups.
You need to select a backup destination that meets the requirements.
Which destination should you select?
- A . drive D:
- B . drive F:
- C . drive E:
- D . drive Z:
HOTSPOT
You have an Active Directory domain. All of the client computers in the domain run Windows 10 Enterprise.
You need to configure the client computers to download updates from a Windows Server Update Service server.
Which two settings should you configure? To answer, select the appropriate settings in the answer area.
Explanation:
Configure Automatic Updates
Specify intranet Microsoft update service location
You have a computer that runs Windows 10.
You install a second hard disk drive on the computer and you create a new volume named E.
You need to enable system protection for volume E.
What should you use?
- A . the Wbadmin command
- B . the Settings app
- C . System Properties
- D . the SetCVolume cmdlet
You are configuring two Windows 10 Enterprise client computers: A desktop computer named COMPUTER1 and a portable computer named COMPUTER2.
You have the following requirements:
• Store all personal data in a folder named Data on COMPUTER1.
• Ensure that you can access all personal data from COMPUTER2, even when a network connection is unavailable.
• Synchronize personal data between the computers twice a day.
You need to configure the computers to meet the requirements.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . From COMPUER2, connect to COMPUTER1 and configure the Data folder to always be available offline.
- B . From COMPUTER1, connect to COMPUTER2 and configure the Data folder to always be available offline.
- C . In Sync Center, configure a schedule for offline files.
- D . From COMPUTER2, map a network drive to the Data folder onCOMPUTER1.
- E . In Sync Center, set up a new sync partnership.
A company has Windows 10 Enterprise computers in an Active Directory Domain Services (AD DS) domain.
A computer named COMPUTER1 has a shared printer named PRINTER1 installed and has Remote Desktop enabled. A user named Intern is a member of a security group named Sales. The Sales group is a member of the Remote Desktop Users group on COMPUTER1. Only the Sales group has access to PRINTER1.
You need to configure COMPUTER1 to meet the following requirements:
• Allow only Intern to establish Remote Desktop connections to COMPUTER1.
• Allow Intern to print to PRINTER1.
What should you do?
- A . Assign Intern the Deny log on user right by using the Remote Desktop Services user right.
- B . Assign Intern the Deny access to this computer from the network user right. Assign the Sales group the Allow log on locally user right.
- C . Remove Intern from the Sales group.
- D . Remove the Sales group from the Remote Desktop Users group and add Intern to the Remote Desktop Users group.
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10 Enterprise and joined to the domain.
You have the following requirements:
• Ensure that files in shared network folders are available offline.
• Maximize efficiency for users who connect to shared network folders from a mo-bile device
You need to configure Group Policy settings to meet the requirements.
What should you do first?
- A . Enable the Enable file synchronization on costed networks policy setting.
- B . Enable the Synchronize all offline files when logging on policy settings.
- C . Enable and configure the Configure slow-link mode policy setting.
- D . Enable and configure the Specify administratively assigned Offline Files policy setting.
C
Explanation:
References: https://technet.microsoft.com/en-us/library/hh968298.aspx
You create a VPN connection that has the VPN type set to Automatic.
When attempting to establish a VPN connection, which VPN protocol will be used first?
- A . PPTP
- B . L2TP
- C . SSTP
- D . IKEv2
D
Explanation:
References: https://blogs.technet.microsoft.com/networking/2014/01/13/configuring-native-vpn-client-through-pc-settings/
Your company has a standard power scheme for the sales team. You are replacing a laptop for a sales associate.
You import the power scheme onto the new laptop.
You need to apply the power scheme.
What should you do?
- A . Modify the power scheme under Power and Sleep settings.
- B . Run the gpupdate /F command.
- C . Run the powercfg /S command.
- D . Modify the advanced power settings.
You manage a client Windows 10 Enterprise computer named Computer1.
You have a OneDrive synchronized folder that contains .pdf files.
You need to ensure that you can restore previous versions of the .pdf files.
What should you do?
- A . Enable File History.
- B . Configure System Restore.
- C . Configure Computer1 as a trusted PC.
- D . Enable Sync your settings on Computer1.
A company has an Active Directory Domain Services (AD DS) domain with one physical domain controller. All client computers run Windows 10 Enterprise.
A client computer hosts a Windows 10 Enterprise virtual machine (VM) test environment. The VMs are connected to a private virtual switch that is configured as shown in the Virtual Switch Manager exhibit.
The VMs are unable to connect to the domain controller.
You have the following requirements:
– Configure the test environment to allow VMs to communicate with the host machine.
– Minimize impact on the host machine.
You need to meet the requirements.
What should you do first?
- A . Create a new virtual switch with an Internal Network connection type.
- B . Change the connection type of the private virtual switch to Internal only.
- C . Create a new virtual switch with a Private Network connection type.
- D . Create a new virtual switch with an External Network connection type.
A
Explanation:
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-2- configure-hardware-and-applications-16/
Virtual switches/ Hyper-V VLAN – you can create 3 different types of virtual switches depending the needs of your virtual machines and one single machine can use multi-ple virtual NICs that is member of different Virtual Switches.
External – This virtual switch binds to the physical network adapter and create a new adapter you can see in Control PanelNetwork and InternetNetwork Connections so if a virtual machine needs contact outside the host machine this one is a must.
Internal – This virtual switch can be used to connect all virtual machines and the host machine but cannot go outside that.
Private – This virtual switch can only be used by the virtual host
Further information:
http://technet.microsoft.com/en-us/library/cc816585%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc816585(v=ws.10).aspx
Configuring Virtual Networks Private will not allow communication with the host ma-chine. External will allow communication with the host machine but also allow access to other machines on the host machine’s network which is not a requirement.
DRAG DROP
You administer Windows 10 Enterprise tablets and virtual desktop computers that are joined to an Active Directory domain.
Your company provides virtual desktop computers to all users. Employees in the sales department also use tablets, sometimes connected to the company network and sometimes disconnected from the company network.
You want sales department employees to have the same personal data, whether they are using their virtual desktop or their tablets.
You need to configure the network environment to meet the requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the lust of actions to the answer area and arrange them in the correct order. More than one order to answer choices may be correct. You will receive credit for any of the correct orders you select.
Explanation:
Create a network share.
Configure offline files for the tablets.
Configure folder redirection for the employees’ domain accounts to the network share.
References: https://technet.microsoft.com/en-us/library/cc732275(v=ws.11).aspx
You have a laptop that is a member of a workgroup. The laptop does not have a Trusted Platform Module (TPM) chip.
You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drive.
What are two methods that you can use to unlock the drive when the laptop restarts? Each correct answer presents a complete solution.
- A . a password
- B . a Near Field Communication (NFC)-enabled portable device
- C . a USB drive
- D . a user account
- E . Network Unlock
C
Explanation:
References: http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
You administer Windows 10 Enterprise client computers that are members of an Active Directory domain that includes Active Directory Certificate Services (AD CS).
You restored a computer from a backup that was taken 45 days ago. Users are no longer able to log on to that computer by using their domain accounts. An error message states that the trust relationship between the computer and the primary domain has failed.
What should you do?
- A . Renew the certificates issued to the client computer.
- B . Reset the passwords of all affected domain users.
- C . Logon as a local administrator and issue the netdom resetpwd command. Log off and restart the computer.
- D . Restore the client computer from a known good backup that was taken two weeks earlier than the backup you previously restored.
C
Explanation:
References: http://theitbros.com/fix-trust-relationship-failed-without-domain-rejoining/
DRAG DROP
You have a computer named Client1 that runs Windows 10 Enterprise. Client1 is a member of an Active Directory domain.
A domain administrator provisions a certificate template for a virtual smart card logon.
In the BIOS of Client1, you enable the Trusted Platform Module (TPM).
You need to enable the virtual smartcard logon on Client1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Run the tpminit.exe command.
Run the tpmvscmgr.exe command.
Use the Certificate Enrolment wizard.
References: https://technet.microsoft.com/en-us/library/cc753140(v=ws.11).aspx
http://ss64.com/nt/run.html
https://technet.microsoft.com/en-us/library/cc730689(v=ws.11).aspx
You have an unsecured wireless network for users to connect to from their personal Windows 10 devices.
You need to prevent Wi-Fi Sense from sharing information about the unsecured wireless network.
What should you do?
- A . Configure the SSID of the unsecured wireless to contain _optout.
- B . Instruct the users to disable Internet Protocol Version 6 (TCP/IPv6) on their wireless network adapters.
- C . Configure the SSID of the guest wireless to be hidden.
- D . Instruct the users to turn off Network Discovery on their devices.
A
Explanation:
References: http://www.pcworld.com/article/2951824/windows/how-to-disable-windows-10s-wi-fi-sense-password-sharing.html
You have a computer that runs Windows 10.
You need to block all outbound and inbound communications that occur over TCP 9997, TCP 9999, and TCP 4000.
What is the minimum number of rules that you must create?
- A . 1
- B . 2
- C . 3
- D . 6
D
Explanation:
References: https://technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx
You have a laptop that has connections for three WiFi network named WiFi1, WiFi2, and WiFi 3.
You need to ensure that the laptop connects to WiFi1 when multiple WiFi1 networks are available.
What should you do?
- A . From Netsh, configure the WLAN context.
- B . From Network Connections in Control Panel, modify the bindings for the WiFi.
- C . From the Windows Settings app, configure the Wi-Fi Sense settings.
- D . From Network Connections in Control Panel, modify the network provider order.
D
Explanation:
References: http://www.quepublishing.com/articles/article.aspx?p=2455390&seqNum=3
You administer Windows 10 Enterprise client computers in your company network.
A guest at your company is connected to the Internet as shown in the following exhibit. (Click the exhibit button.)
You need to ensure that the guest user is able to share network resources over Wi-Fi without lowering the overall security of the computer.
What should you do?
- A . Configure File and printer sharing settings for Public networks.
- B . Change the network location type to Private.
- C . Change the network location type to Work.
- D . Configure File sharing connections settings for All networks.
D
Explanation:
References: http://www.isunshare.com/windows-10/turn-off-or-on-password-protected-sharing-in-windows-10.html#_blank
You have a Remote Desktop Session Host (RD Session Host) server. The server is accessible from the internal network.
To access the server remotely, you must connect to a Remote Desktop Gateway (RD Gateway) server.
On a laptop, you successfully configure a Remote Desktop connection that you use to access the RD Session Host server from the internal network.
From your home, you attempt to connect to the RD Session Host server by using the Remote Desktop connection, but the connection fails.
You need to connect to the RD Session Host server.
What should you configure on the laptop?
- A . the Remote Assistance settings in System Properties.
- B . the Connect from anywhere settings in Remote Desktop Connection.
- C . the Performance settings in Remote Desktop Connection.
- D . the Remote Desktop settings in System Properties.
B
Explanation:
References: https://technet.microsoft.com/en-us/library/cc770601(v=ws.11).aspx
HOTSPOT
You install Windows 10 Enterprise on a new laptop that will be shipped to a remote user. You logon to the laptop with the user credentials, map network drives, and configure the network drives to be always available offline.
Company policy requires that files with a .db1 extension should be excluded from offline file synchronization.
You need to prevent the user from creating files with a .db1 extension on the mapped drives.
In the Local Group Policy Editor, which setting should you configure? To answer, select the appropriate setting in the answer area.
Answer Area
Explanation:
Enable file screens.
References: https://www.windows-security.org/1941654bad9040dfcb8ffaba2724b014/enable-file-screens
You have a computer that runs Windows 10. You need to ensure that the next time the computer restarts, the computer starts in safe mode.
What should you use?
- A . the System Configuration utility
- B . the RestoreCComputer cmdlet
- C . the Bcdboot command
- D . System in Control Panel
A
Explanation:
References: http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10
You have a computer named Computer1 that runs Windows 10 Enterprise. You install a Universal app named App1 on Computer1.
You discover that an update for App1 is available.
You need to install the update as soon as possible.
What should you do?
- A . Log off and log on to the Computer1.
- B . From the Windows Update settings, modify the Choose how updates are delivered setting.
- C . From the Windows Update settings, modify the Choose how updates are installed setting.
- D . From the Windows Update settings, click Check for updates.
A
Explanation:
References: http://www.howtogeek.com/223068/what-you-need-to-know-about-windows-update-on-windows-10/
You have a Windows 10 Enterprise computer that has File History enabled
You create a folder named Data in the root of the C: drive.
You need to ensure that Data is protected by File History.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
- A . From File Explorer, include Data in an existing library.
- B . Modify the Advanced settings from the File History Control Panel item.
- C . From File Explorer, create a new library that contains Data
- D . From File Explorer, modify the system attribute of Data.
A,C
Explanation:
References: http://www.digitalcitizen.life/introducing-windows-8-how-backup-data-file-history
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details in a question apply only to that question.
You have a mobile device that connects to a 4G network and a laptop.
You work from a remote location that does not have Internet access.
You plan to use the mobile device as a mobile hotspot for the laptop, so that you can access files from the corporate office.
Which Control Panel application should you use on the laptop to connect to the mobile hotspot?
- A . Phone and Modem
- B . RemoteApp and Desktop Connections
- C . System
- D . Credential Manager
- E . Work Folders
- F . Power Options
- G . Sync Center
- H . Network and Sharing Center
You have a standalone Windows 10 Enterprise computer that has a single hard drive installed and configured. You need to identify which storage devices can have content backed up by using File History.
What should you identify?
- A . A writable Blu-ray disc
- B . A writable DVD disc
- C . An internal drive that is formatted NTFS
- D . An SD card that is formatted FAT32
D
Explanation:
References: http://www.laptopmag.com/articles/back-files-file-history-windows-10
You support Windows 10 Enterprise computers in a workgroup. You have configured a local AppLocker policy to prevent users from running versions of app.exe previous to v9.4. Users are still able to run app.exe.
You need to block users from running app.exe by using the minimum administrative effort.
What should you do?
- A . Change the Application Identity service startup mode to automatic and start the service.
- B . Configure enforcement for Windows Installed rules.
- C . Configure a Software Restriction Policy publisher rule.
- D . Run the GPupdate /force command in a relevant command prompt.
A
Explanation:
References: https://technet.microsoft.com/en-us/library/ee791779(v=ws.10).aspx
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/configure-the-application-identity-service