Topic 1, Fabrikam, Inc.
Introductory Info
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Existing Environment
Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.
Active Directory
The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.
The domain contains a user account for an employee named User10.
Client Computers
All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.
All the employees register their computer to Azure AD when they first receive the computer.
User10 has a computer named Computer10.
All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.
Operational Procedures
Fabrikam has the following operational procedures:
Updates are deployed by using Windows Update for Business.
When new contractors are hired, administrators must help the contactors configure the following settings on their computer:
– User certificates
– Browser security and proxy settings
– Wireless network connection settings
Security policies
The following security policies are enforced on all the client computers in the domain:
✑ All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.
✑ The local Administrators group on each computer contains an enabled account named LocalAdmin.
✑ The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).
Problem Statements
Fabrikam identifies the following issues:
✑ Employees in the finance department use an application named Application1.
Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.
✑ When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.
✑ An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.
✑ User10 reports that Computer10 is not activated.
Technical requirements
Fabrikam identifies the following technical requirements for managing the client computers:
✑ Provide employees with a configuration file to configure their VPN connection.
✑ Use the minimum amount of administrative effort to implement the technical requirements.
✑ Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.
✑ Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.
✑ Automate the configuration of the contractors’ computers. The solution must
provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.
An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.
What should you instruct the employee to do from the desktop computer?
- A . Run themanage-bde.exe Cstatus command
- B . From BitLocker Recovery Password Viewer, view the computer object of the laptop
- C . Go to https://account.activedirectory.windowsazure.com and view the user account profile
- D . Run the Enable-BitLockerAutoUnlock cmdlet
C
Explanation:
References: https://celedonpartners.com/blog/storing-recovering-bitlocker-keys-azure-active-directory/
HOTSPOT
You need to reduce the amount of time it takes to restart Application1 when the application crashes.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to implement a solution to configure the contractors’ computers.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd
You need to take remote control of an employee’s computer to troubleshoot an issue.
What should you send to the employee to initiate a remote session?
- A . a numeric security code
- B . a connection file
- C . an Easy Connect request
- D . a password
A
Explanation:
References: https://support.microsoft.com/en-us/help/4027243/windows-10-solve-pc-problems-with-quick-assist
You need to recommend a solution to monitor update deployments.
What should you include in the recommendation?
- A . Windows Server Update (WSUS)
- B . the Update Management solution in Azure Automation
- C . the Update Compliance solution in Azure Log Analytics
- D . the Azure Security Center
C
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-monitor
You need to ensure that User10 can activate Computer10.
What should you do?
- A . Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.
- B . From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.
- C . From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.
- D . Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.
D
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing
You need to sign in as LocalAdmin on Computer11.
What should you do first?
- A . From the LAPS UI tool, view the administrator account password for the computer object of Computer11.
- B . From Local Security Policy, edit the policy password settings on Computer11.
- C . From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.
- D . From Microsoft Intune, edit the policy password settings on Computer11.
A
Explanation:
References: https://technet.microsoft.com/en-us/mt227395.aspx
You need to recommend a solution to configure the employee VPN connections.
What should you include in the recommendation?
- A . Remote Access Management Console
- B . Group Policy Management Console (GPMC)
- C . Connection Manager Administration Kit (CMAK)
- D . Microsoft Intune
D
Explanation:
References: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#bkmk_ProfileXML
Topic 2, Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has IT, human resources (HR), and finance departments.
Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.
Existing environment
Contoso uses Microsoft 365.
The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).
All computers run Windows 10 Enterprise.
You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.
In the domain, you create four groups named Group1, Group2, Group3, and Group4.
Computer2 has the local Group Policy settings shown in the following table.
The computers are updated by using Windows Update for Business.
The domain has the users shown in the following table.
Computer1 has the local users shown in the following table.
Requirements
Planned Changes
Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.
Technical requirements
Contoso identifies the following technical requirements:
– The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).
– Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.
– Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.
– Computer A must be configured to have an Encrypting File System (EFS) recovery agent.
– Quality update installations must be deferred as long as possible on ComputerA.
– Users in the IT department must use dynamic look on their primary device.
– User6 must be able to connect to Computer2 by using Remote Desktop.
– The principle of least privilege must be used whenever possible.
– Administrative effort must be minimized whenever possible.
– Assigned access must be configured on Computer1.
You need to meet the technical requirement for the IT department users.
What should you do first?
- A . Issue computer certificates
- B . Distribute USB keys to the IT department users.
- C . Enable screen saver and configure a timeout.
- D . Turn on Bluetooth.
D
Explanation:
References: https://support.microsoft.com/en-za/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from
You need to meet the technical requirements for EFS on Computer A.
What should you do?
- A . Runcertutil.exe, and then add a certificate to the local computer certificate store.
- B . Runcipher.exe, and then add a certificate to the local computer certificate store.
- C . Runcipher.exe, and then add a certificate to the local Group Policy.
- D . Runcertutil.exe, and then add a certificate to the local Group Policy.
D
Explanation:
References: https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate
HOTSPOT
You need to meet the technical requirements for the helpdesk users.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://www.itprotoday.com/compute-engines/what-group-policy-creator-owners-group
You need to meet the quality update requirement for Computer A.
For how long should you defer the updates?
- A . 14 days
- B . 10 years
- C . 5 years
- D . 180 days
- E . 30 days
E
Explanation:
References: https://www.thewindowsclub.com/delay-defer-feature-updates-365-days-windows-10
You need to meet the technical requirement for User6.
What should you do?
- A . Add User6 to the Remote Desktop Users group in the domain.
- B . Remove User6 from Group2 in the domain.
- C . Add User6 to the Remote Desktop Users group on Computer2.
- D . And User6 to the Administrators group on Computer2.
You need to meet the technical requirements for the San Diego office computers.
Which Windows 10 deployment method should you use?
- A . wipe and load refresh
- B . Windows Autopilot
- C . provisioning Packages
- D . in-place upgrade
B
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot
HOTSPOT
You need to meet the technical requirement for Computer1.
What should you do? To answer, select the appropriate options in the answer area.
HOTSPOT
You need to meet the technical requirements for the HR department users.
Which permissions should you assign to the HR department users for the D:Reports folder? To answer, select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
Topic 3, Litware inc
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking
these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overview
Litware, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.
Environment
Existing Environment
The network contains an on-premises Active Directory domain named litware.com.
The domain contains the computers shown in the following table.
The network that uses 192.168.10.0/24 connects to the internet by using a Network Address Translation (NAT) device.
Windows Admin Center is installed on Server1.
The domain contains the groups shown in the following table.
The domain contains the users shown in the following table.
Computer1 Configuration
Computer1 contains the local user accounts shown in the following table.
Computer1 contains a folder named D:Folder1 that has permission inheritance disabled.
Computer1 contains a file named D:Folder1Report.docx that has the permissions shown in the following table.
D:Folder1Report.docx has auditing configured as shown in the following table.
The Local Computer Policy for Computer1 is configured as shown in the following table.
Windows Defender Firewall for Computer1 has the rules shown in the following table.
Computer2 Configuration
Computer2 contains the local user accounts shown in the following table.
Group1 and Group2 are members of the Remote Desktop Users group.
The Local Computer Policy for Computer2 is configured as shown in the following table.
Windows Defender Firewall for Computer2 has the rules shown in the following table.
Computer3 Configuration
Computer3 contains the local user accounts shown in the following table.
Windows Defender Firewall for Computer3 has the rules shown in the following table.
Requirements and Planned Changes
Planned Changes
Litware plans to make the following changes on Computer1:
✑ Grant User1 Allow Full control permissions to D:Folder1Report.docx.
✑ Grant User2 Allow Full control permissions to D:Folder1Report.docx.
✑ Grant User3 Allow Full control permissions to D:Folder1.
Technical Requirements
Litware identifies the following technical requirements:
✑ Configure custom Visual Effect performance settings for Computer1.
✑ Manage Computer2 by using Windows Admin Center.
✑ Minimize administrative effort.
Delivery Optimization on the computers that run Windows 10 must be configured to meet the following requirements:
✑ Content must be downloaded only from an original source.
✑ Downloading content from peer cache clients must be prevented.
✑ Downloads must be optimized by using the Delivery Optimization cloud service.
HOTSPOT
Which Windows 10 computers can you ping successfully from Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application, chat or text message
Description automatically generated
Box 1: Computer3 only.
Computer1 and Computer2 are domain joined so both will be using the Domain profile. The firewall rules on Computer1 allow outbound ICMP on all profiles so outbound ICMP will be allowed on the Domain profile.
The firewall rules on Computer2 allow inbound ICMP on the Public profile only, so it will be blocked on the domain profile. Therefore, Computer2 cannot be pinged.
The firewall rules on Computer3 allow inbound ICMP on all profiles. Therefore, Computer3 will not block the inbound pings.
Box 2: No Windows 10 computers.
The firewall rules on Computer2 allow outbound ICMP on the Private profile only, so it will be blocked on the domain profile. Therefore, Computer2 cannot ping any computers.
You need to configure Delivery Optimization to meet the technical requirements.
Which download mode should you use?
- A . Simple (99)
- B . Group (2)
- C . Internet (3)
- D . HTTP Only (0)
- E . Bypass (100)
D
Explanation:
Reference: https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode
Which users can create a new group on Computer3?
- A . User31 only
- B . User1 and User32 only
- C . Admin1 and User31 only
- D . Admin1, User31, and User32 only
C
Explanation:
Reference: https://ss64.com/nt/syntax-security_groups.html
On Computer1, you need to configure the custom Visual Effects performance settings.
Which user accounts can you use?
- A . Admm1, User11, and User13 only
- B . Admin1 only
- C . Admin1, User11, and User12 only
- D . Admin1, User11, User12, and User13
- E . Admin1 and User11 only
CORRECT TEXT
Which users can sign in to Computer3 when the computer starts in Safe Mode?
- A . User31 only
- B . User31 and User32 only
- C . User31 andAdmin1 only
- D . User31, User 32, User33, and Admin1
- E . User31, User32, and User33 only
A
Explanation:
Only users with membership of the local Administrators group can log on to a computer in safe mode. Admin1 cannot log in because Computer3 is not joined to the domain.
References: https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617
Which users can sign in to Computer2 by using Remote Desktop?
- A . Admin1 only
- B . User 1 only
- C . Admin1 and User2 only
- D . Admin1, User1, User2, and User3
- E . User2 only
C
Explanation:
Reference: https://4sysops.com/archives/user-rights-assignment-in-windows-server-2016/
HOTSPOT
You implement the planned changes for Computer1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
A screenshot of a computer
Description automatically generated with low confidence
Box 1: Yes
User1 already has full control access through membership of Group1. Therefore, User1 can write to the file.
Box 2: No
The planned changes will grant User2 full control access to the file. However, User2 is a member of Group2 which has Deny/Write access. The Deny permission will always take precedence. Therefore, User2 will not be able to write to the file.
Box 3: No
The planned changes will grant User3 full control access to the folder. That permission will be inherited by the file. However, User3 is a member of Group2 which has Deny/Write access. The Deny permission will always take precedence. Therefore, User3 will not be able to write to the file.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point.
You need to ensure that you can manage Computer2 by using Windows Admin Center on Server1.
What should you do on Computer2?
- A . Install the Remote Server Administration Tool (RSAT) optional features.
- B . Run the winrm quickconfig command.
- C . Set the Windows Management Service Startup type to Automatic and start the service.
- D . Run the Sec-Location cmdlet.
B
Explanation:
References: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-azure-vms
You need to ensure that you can manage Computer2 by using Windows Admin Center on Server1.
What should you do on Computer2?
- A . Allow the Windows Remote Management (WinRM) feature through Windows Defender Firewall.
- B . Run the set – Location cmdlet
- C . Allow the Windows Device Management feature through Windows Defender Firewall.
- D . Run the winrm quickconfig command.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application, email
Description automatically generated
Topic 4, Mix Questions
You deploy Windows 10 to a computer named Computer1.
Computer1 contains a folder named Folder1 contains multiple documents.
You need to ensure that you can recover the files in Folder1 by using the Previous Versions tab.
What are three possible ways to achieve the goal? Each correct answer presents a complete the solution. NOTE: Each correct selection is worth one point.
- A . Enable File History and include Folder1 in the Documents library.
- B . Enable File History and add Folder1 to File History.
- C . Select Folder is ready for archiving from the properties of Folder1.
- D . Select Allow files in this folder to have contents indexed in addition to file properties from the properties of Folder1.
- E . Set up Backup and Restore (Windows 7) and include Folder1 in the backup.
You have computers that run Windows 11 as shown in the following table.
You ping 192.168.10.15 from Computer1 and discover that the request timed out.
You need to ensure that you can successfully ping 192.168.10.15 from Computer1.
Solution: On Computer2, you enable PowerShell Remoting.
Does this meet the goal?
- A . Yes
- B . No
You have a computer that runs Windows 10.
You need to be able to recover the computer by using System Image Recovery.
What should you use to create a system image?
- A . Windows System Image Manager (Windows SIM)
- B . Backup and Restore (Windows 7)
- C . File History
- D . System Protection
B
Explanation:
Reference: https://answers.microsoft.com/en-us/windows/forum/windows_10/how-to-create-a-system-image-in-windows-10/84fa6683-e3ac-4e93-9139-368af9267869
You have a workgroup computer that runs Windows 10.
You create a local user named User1.
User1 needs to be able to share and manage folders located in a folder named C:Share by using the Shared Folders snap-in. The solution must use the principle of least privilege.
To which group should you add User1?
- A . Device Owners
- B . Users
- C . Power Users
- D . Administrators
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using user2@contoso.com.
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.
Share1 has the permission shown in the following table.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using user2@contoso.com.
User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”
You need to ensure that User2 can connect to Share1.
Solution: You create a local group on Computer1 and add the Guest account to the group.
You grant the group Modify access to Share1.
Does this meet the goal?
- A . Yes
- B . No
You have a computer that runs Windows 10.
You can start the computer but cannot sign in.
You need to start the computer into the Windows Recovery Environment (WinRE).
What should you do?
- A . Turn off the computer. Turn on the computer, and then pressF8.
- B . Turn off the computer. Turn on the computer, and then pressF10.
- C . From the sign-in screen, hold the Shift key, and then click Restart.
- D . Hold Alt+Ctrl+Delete for 10 seconds.
C
Explanation:
References: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-recovery-environment–windows-re–technical-reference
HOTSPOT
You have a computer named Computer5 that runs Windows 10 that is used to share documents in a workgroup.
You create three users named User-a, User-b, User-c. The users plan to access Computer5 from the network only.
You have a folder named Data.
The Advanced Security Settings for the Data folder are shown in the Security exhibit. (Click the Security Exhibit tab).
You share the Data folder.
The permission for User-a are shown in the User-a exhibit (Click the User-a tab.)
The permissions for user-b are shown in the User-b exhibit. (Click the User-b tab.)
The permissions for user-c are shown in the User-c exhibit. (Click the User-c tab.)
For each of the following statements, select Yes if the statements is true. Otherwise, select No.
NOTE:Reach correct selection is worth one point.
You customize the Start menu on a computer that runs Windows 10 as shown in the following exhibit.
You need to add Remote Desktop Connection to Group1 and remove Group3 from the Start menu.
Which two actions should you perform from the Start menu customizations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Unlock Group!
- B . Remove Command Prompt from Group1.
- C . Delete Group3.
- D . Add Remote Desktop Connection to Group1.
- E . Rename Group3 as Group1.
User1 is a member of the Administrators group on a computer that runs Windows 10.
When User1 attempts to view the security settings of a folder named C:SecretData, the user receives the message in the Security exhibit.
On the computer, you sign in as a member of the Administrators group and view the permissions to C:SecretData as shown in the Permissions exhibit.
You need to restore Use1’s access to C:SecretData.
What should you do first?
- A . From the Permissions tab of Advanced Security Settings for SecretData, select Change to take ownership of the folder.
- B . From the Permissions tab of Advanced Security Settings for SecretData, select Continue to attempt the operation by using administrative privileges.
- C . Assign User1 Full control permissions to the C folder and set the inheritance to This folder, subfolders and files.
- D . From an elevated command prompt, run cacls.exe c:secretdata /g user1: F.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/dont-have-permission-access-folder
HOTSPOT
You are a network administrator at your company.
A user attempts to start a computer and receives the following error message: “Bootmgr is missing.”
You need to resolve the issue.
You start the computer in the recovery mode.
Which command should you run next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://neosmart.net/wiki/bootmgr-is-missing/
HOTSPOT
Your network contains an Active Directory domain.
The domain contains the users shown in the following table.
You have a server named Server1 that runs Windows Server 2019 and has the Windows Deployment Services role installed. Server1 contains an x86 boot image and three Windows 10 install images.
The install images are shown in the following table.
You purchase a computer named Computer1 that is compatible with the 64-bit version of Windows 10.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
You have a computer that runs Windows 10 Home.
You need to upgrade the computer to Windows 10 Enterprise as quickly as possible. The solution must retain the user settings.
What should you do first?
- A . Run the scanscace command.
- B . Perform an in-place upgrade to Windows Pro.
- C . Install the latest feature updates.
- D . Run the sysprep command.
B
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/upgrade/windows-10-upgrade-paths
Your network contains an Active Directory domain. The domain contains computers that run Windows 10.
You need to provide a user with the ability to remotely create and modify shares on the computers. The solution must use the principle of least privilege.
To which group should you add the user?
- A . Power Users
- B . Remote Management Users
- C . Administrators
- D . Network Configuration Operators
You have 100 computers that run Windows 10. The computers are joined to an Azure AD tenant and enrolled in Microsoft Intune. The computers are in remote locations and connected to public networks.
You need to recommend a solution for help desk administrators that meets the following requirements:
✑ Connect remotely to a user’s computer to perform troubleshooting.
✑ Connect to a user’s computer without disrupting the desktop of the computer.
✑ Remotely view services, performance counters, registry settings, and event logs.
Which tool should you include in the recommendation?
- A . Quick Assist
- B . Intune
- C . Remote Assistance
- D . Windows Admin Center
DRAG DROP
You have a computer that runs Windows 10 and has the Windows Assessment and Deployment Kit (Windows ADK) installed.
You need to perform the following tasks:
• Prepare a Windows PE (WinPE) working directory.
• Add scripting support to a WinPE image.
• Mount and unmount a WinPE image.
Which command should you use for each task? To answer, drag the appropriate commands to the correct tasks. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.
You join the computers to Microsoft Azure Active Directory (Azure AD).
You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.
What should you do first?
- A . Disable BitLocker.
- B . Add a BitLocker key protector.
- C . Suspend BitLocker.
- D . Disable the TMP chip.
B
Explanation:
References: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bitlocker-key-protectors
HOTSPOT
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.
You need to ensure that Computer1 will respond to ping requests.
How should you configure Windows Defender Firewall on Computer1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You manage devices that run Windows 10.
Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks.
You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the Internet.
What should you do?
- A . From Network & Internet in the Settings app, set a data limit.
- B . From Accounts in the Settings app, turn off Sync settings.
- C . From Network & Internet in the Settings app, set the network connections as metered connections.
- D . From Update & Security in the Settings app, pause updates.
DRAG DROP
You have a computer named Client1 that runs Windows 11 Home.
You need to ensure that you can create virtual machines on Client1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Graphical user interface, application
Description automatically generated
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a workgroup computer that runs Windows 10.
The computer contains the local user accounts shown in the following table.
You need to configure the desktop background for User1 and User2 only.
Solution: From the local computer policy, you configure the Filter Options settings for the computer policy.
Does this meet the goal?
- A . Yes
- B . No
Your company has an on-premises network that contains an Active Directory domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). All computers in the domain run Windows 10 Enterprise.
You have a computer named Computer1 that has a folder named C:Folder1.
You want to use File History to protect C:Folder1.
Solution: You enable File History on Computer1. You then enable archiving for Folder1.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.
Reference: https://support.microsoft.com/en-us/help/17128/windows-8-file-history
HOTSPOT
Your network contains an Active Directory domain. The domain contains a group named Group1.
All the computers in the domain run Windows 10. Each computer contains a folder named C:Documents that has the default NTFS permissions set.
You add a folder named C:DocumentsTemplates to each computer.
You need to configure the NTFS permissions to meet the following requirements:
– All domain users must be able to open the files in the Templates folder.
– Only the members of Group1 must be allowed to edit the files in the Templates folder.
How should you configure the NTFS settings on the Templates folder? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance:10921597
You need to identify the total number of events that have Event ID 63 in the Application event log. You must type the number of identified events into C:Folder1FileA.txt.
To complete this task, sign in to the required computer or computers and perform the required action.
✑ Click the log that you want to filter, then click Filter Current Log from the Action pane or right-click menu. This will open the Filter Current Log dialog box.
✑ You can specify a time period if you know approximately when the relevant events occurred. You can specify the event level, choosing between Critical, Warning, Verbose, Error and Information. If you select none of these, all event levels will be returned. You can’t modify which event log is being checked as filters apply only to a single log.
✑ You can choose the event sources which have generated the log entries, and search for key words, users, or computers. You can also search using specific event IDs.
You have a computer that runs Windows 8.1.
When you attempt to perform an in-place upgrade to Windows 10, the computer fails to start after the first restart.
You need to view the setup logs on the computer.
Which folder contains the logs?
- A . $Windows.~BTSourcesPanther
- B . WindowsLogs
- C . WindowsTemp
- D . $Windows.~BTInf
A
Explanation:
References: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-log-files-and-eventlogs
You are preparing to deploy Windows 10.
You download and install the Windows Assessment and Deployment Kit (Windows ADK).
You need to create a bootable WinPE USB drive.
What should you do first?
- A . Run the MakeWinPEMedia command.
- B . Download and install Windows Configuration Designer.
- C . Run the WPEUcil command.
- D . Download and install the WinPE add-on.
D
Explanation:
WinPE used to be included in the Windows ADK. However, it is now provided as an add-on so the first step is to download and install the add-on.
References:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
HOTSPOT
You have a workgroup computer named Computer1 that runs Windows 10 and has the users shown in the following table.
User Account Control (UAC) on Computer1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Yes
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode is set to Prompt for consent When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user’s highest available privilege.
Box 2: Yes
User1 is a member of Administrators group.
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode is set to Prompt for consent When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user’s highest available privilege.
Box 3: Yes
User Account Control: Behavior of the elevation prompt for standard users is set to Prompt for credentials (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
References: https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings
HOTSPOT
You plan to deploy Windows 10 Enterprise to company-owned devices.
You capture a Windows 10 image file from a reference device.
You need to generate catalog files and answer files for the deployment.
What should you use for each file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
References: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/wsim/open-a-windows-image-or-catalog-file
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit privilege use.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Files and folders are objects and are audited through object access, not though privilege use.
Reference: https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html
You have a Microsoft Azure Active Directory (Azure AD) tenant.
Some users sign in to their computer by using Windows Hello for Business.
A user named User1 purchases a new computer and joins the computer to Azure AD.
User1 attempts to configure the sign-in options and receives the error message shown in the exhibit.
You open Device Manager and confirm that all the hardware works correctly.
You need to ensure that User1 can use Windows Hello for Business facial recognition to sign in to the computer.
What should you do first?
- A . Purchase an infrared (IR) camera.
- B . Upgrade the computer to Windows 10 Enterprise.
- C . Enable UEFI Secure Boot.
- D . Install a virtual TPM driver.
B
Explanation:
References: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide
You have 15 computers that run Windows 10. Each computer has two network interfaces named Interface1 and Interface2.
You need to ensure that network traffic uses Interface1, unless Interface1 is unavailable.
What should you do?
- A . Run the Set-NetIPInterface CInterfaceAlias Interface1 CInterfaceMetric 1 command.
- B . Run the Set-NetAdapterBinding CName Interface2 CEnabled $true CComponentID ms_tcpip CThrottleLimit 0 command.
- C . Set a static IP address on Interface 1.
- D . From Network Connections in Control Pane, modify the Provider Order.
A
Explanation:
References:
https://tradingtechnologies.atlassian.net/wiki/spaces/KB/pages/27439127/How+to+Change+Network+Adapter+Priorities+in+Windows+10
https://docs.microsoft.com/en-us/powershell/module/nettcpip/set-netipinterface?view=win10-ps
HOTSPOT
Your network contains the segments shown in the following table.
You have computers that run Windows 10 and are configured as shown in the following table.
Windows Defender Firewall has the File and Printer Sharing allowed apps rule shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to ensure that User1 can add a third-party driver package for a printer to the driver store of the computer. The solution must use the principle of the least privilege.
To which local group should you add User 1, and what should User1 run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application
Description automatically generated
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have two computers named Computer1 and Computer2 that run Windows 10.
You have an Azure Active Directory (Azure AD) user account named admin@contoso.com that is in the local Administrators group on each computer.
You sign in to Computer1 by using admin@contoso.com.
You need to ensure that you can use Event Viewer on Computer1 to connect to the event logs on Computer2.
Solution: On Computer2, you run the winrm quick config command.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Windows Remote Management is a component of the Windows Hardware Management features that manage server hardware locally and remotely.
References: https://docs.microsoft.com/en-us/windows/win32/winrm/about-windows-remote-management
Your network contains 500 computers that run Windows 11 and have Delivery Optimization enabled.
All the computers contain the following:
• Microsoft 365 apps
• A Microsoft Store app named App1
• A Windows 11 driver named Driver1
What can use Delivery Optimization to download updates?
- A . Driver1 only
- B . Microsoft 365 apps only
- C . Microsoft 365 apps and Driver1 only
- D . Microsoft 365 apps, Driver1, and App1
Your company deploys Windows 10 Enterprise to all computers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).
The company purchases a new computer for a new user and creates an Azure AD account for the user.
The user signs in to the computer by using the Azure AD account.
The user discovers the activation error shown in the following exhibit.
You need to activate Windows 10 Enterprise on the computer.
What should you do?
- A . In Azure AD. assign a Windows 10 Enterprise license to the user.
- B . At the command prompt, run slmgr /ltc.
- C . Reinstall Windows as Windows 10 Enterprise.
- D . At the command prompt, run slmgr /ato.
A
Explanation:
Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation
HOTSPOT
You have a workgroup computer named Computer1 that runs Windows 10.
From File Explorer, you open OneDrive as shown in the following exhibit.
Use the drop-down menus to select the answer choice that answers each question based on the information presented on the graphic. NOTE: Each correct selection is worth one point.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: from the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit system events.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Files and folders are objects and are audited through object access, not though system events.
References: https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Users who attempt to sign in to the domain from Client3 report that the sign-ins fail.
You need to resolve the issue.
To complete this task, sign in to the required computer or computers.
✑ Select Start, press and hold (or right-click) Computer > Properties.
✑ Select Change settings next to the computer name.
✑ On the Computer Name tab, select Change.
✑ Under the Member of heading, select Workgroup, type a workgroup name, and then select OK.
✑ When you are prompted to restart the computer, select OK.
✑ On the Computer Name tab, select Change again.
✑ Under the Member of heading, select Domain, and then type the domain name.
✑ Select OK, and then type the credentials of the user who has permissions in the domain.
✑ When you are prompted to restart the computer, select OK.
✑ Restart the computer.
Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.
You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.
You need to disable the tips and the daily background image for all the Windows 10 computers.
Which Group Policy settings should you modify?
- A . Turn off the Windows Welcome Experience
- B . Turn off Windows Spotlight on Settings
- C . Do not suggest third-party content in Windows spotlight
- D . Turn off all Windows spotlight features
D
Explanation:
References: https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight
A user named User1 has a computer named Computer1 that runs Windows 10.
User1 connects to a Microsoft Azure virtual machine named VM1 by using Remote Desktop.
User1 creates a VPN connection to a partner organization.
When the VPN connection is established, User1 cannot connect to VM1. When User1 disconnects from the VPN, the user can connect to VM1.
You need to ensure that User1 can connect to VM1 while connected to the VPN.
What should you do?
- A . From the proxy settings, add the IP address of VM1 to the bypass list to bypass the proxy.
- B . From the properties of VPN1, clear the Use default gateway on remote network check box.
- C . From the properties of the Remote Desktop connection to VM1, specify a Remote Desktop Gateway (RD Gateway).
- D . From the properties of VPN1, configure a static default gateway address.
B
Explanation:
References: https://www.stevejenkins.com/blog/2010/01/using-the-local-default-gateway-with-a-windows-vpn-connection/
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
You test Windows updates on Computer1 before you make the updates available to other computers.
You install a quality update that conflicts with a customer device driver.
You need to remove the update from Computer1.
Solution: From an elevated command prompt, you run the vmic qfe delete command.
Does this meet the goal?
- A . Yes
- B . No
You have a workgroup computer named Computer1 that runs Windows 10.
You need to configure Windows Hello for sign-in to Computer1 by using a physical security key.
What should you use?
- A . a USB 3.0 device that supports BitLocker Drive Encryption (BitLocker)
- B . a USB device that supports FIDO2
- C . a USB 3.0 device that has a certificate from a trusted certification authority (CA)
- D . a USB device that supports RSA SecurID
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/user-help/security-info-setup-security-key
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3.
The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3.
The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3.
The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3.
The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
Administrators report that they cannot use Event Viewer to remotely view the event logs on Client3.
You need to ensure that the administrators can access the event logs remotely on Client3.
The solution must ensure that Windows Firewall remains enabled.
To complete this task, sign in to the required computer or computers.
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance:10921597
You need to ensure that a local user named User1 can establish a Remote Desktop connection to Client2.
To complete this task, sign in to the required computer or computers.
✑ Open the Settings app on Client2 and go to System -> Remote Desktop. Click on the Select users that can remotely access this PC link on the right side.
✑ When the Remote Desktop Users dialog opens, click on Add.
✑ Click on Advanced.
✑ Click on Find Now and then select any user account you want to add to the “Remote Desktop Users” group, and click OK.
✑ Click OK and you’re done.
HOTSPOT
You plan to install Windows 10 on a new computer by using an answer file.
You need to create the answer file.
Which tool should you use to create the answer file, and which file is required by the tool? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Graphical user interface, text, application, email
Description automatically generated
You have a computer named Computer1 that has the following configurations:
• RAM: 4 GB
• CPU: 1.6 GHz
• Hard drive: 128 GB
• Operating system: Windows 10 Pro in S mode
You need to upgrade Computer1 to Windows 11.
What should you do first?
- A . Increase the amount of RAM.
- B . Increase the storage capacity of the hard drive.
- C . Switch out of S mode.
- D . Upgrade the CPU.
You have a workgroup computer named Computer1 that runs Windows 10.
Computer1 has the user accounts shown in the following table.
User3, User4, and Administrator sign in and sign out on Computer1. User1 and User2 have never signed in to Computer1.
You are troubleshooting policy issues on Computer1. You sign in to Computer1 as Administrator.
You add the Resultant Set of Policy (RsoP) snap-in to an MMC console.
Which users will be able to sign in on Computer1?
- A . User1, User3, and User4 only
- B . Administrator only
- C . Use1, User2, User3, User4, and Administrator
- D . User3, User4, and Administrator only
D
Explanation:
The Interactive logon: Number of previous logons to cache (in case domain controller is not available) policy setting determines whether a user can log on to a Windows domain by using cached account information. Logon information for domain accounts can be cached locally so that, if a domain controller cannot be contacted on subsequent logons, a user can still log on.
References: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available
HOTSPOT
You have a computer named Computer1 that runs Windows 10. Computer1 has an IP address of 10.10.1.200 and a subnet mask of 255.255.255.0.
You configure the proxy settings on Computer1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
References: https://www.howtogeek.com/tips/how-to-set-your-proxy-settings-in-windows-8.1/
CORRECT TEXT
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882
You need to ensure that Windows feature updates on Client1 are deferred for 15 days when the updates become generally available.
To complete this task, sign in to the required computer or computers.
✑ Under Update settings, select Advanced options.
✑ From the boxes under Choose when updates are installed, select the number of days you would like to defer a feature update or a quality update.
Your network contains an Active Directory domain. The domain contains a computer named Compurter1 that runs Windows 10.
The domain contains the users shown in the following table.
Computer has the local users shown in the following table.
All users have Microsoft accounts.
Which two user can be configured to sign in by using their Microsoft account? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . User 1
- B . User 2
- C . User 3
- D . User 4
- E . User 5
Your company has a wireless access point that uses WPA2-Enterprise.
You need to configure a computer to connect to the wireless access point.
What should you do first?
- A . Create a provisioning package in Windows Configuration Designer.
- B . Request a passphrase.
- C . Request and install a certificate.
- D . Create a Connection Manager Administration Kit (CMAK) package.
B
Explanation:
References: https://support.microsoft.com/en-za/help/17137/windows-setting-up-wireless-network
HOTSPOT
You have a Windows 10 device.
A recently installed feature update causes issues with a custom application.
Which settings in the Settings app can you use to roll back to a previous version of Windows 10, and how many days after the feature update can you return to the previous Windows 10 version? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.
You discover that none of the computers are activated.
You need to recommend a solution to activate the computers without connecting the network to the Internet.
What should you include in the recommendation?
- A . Volume Activation Management Tool (VAMT)
- B . Key Management Service (KMS)
- C . Active Directory-based activation
- D . the Get-WindowsDeveloperLicense cmdlet
B
Explanation:
https://docs.microsoft.com/en-us/windows/deployment/volume-activation/introduction-vamt
Your company purchases 20 laptops that use a new hardware platform.
In a test environment, you deploy Windows 10 to the new laptops.
Some laptops frequently generate stop errors.
You need to identify the cause of the issue.
What should you use?
- A . Reliability Monitor
- B . Task Manager
- C . System Configuration
- D . Performance Monitor
A
Explanation:
References: https://lifehacker.com/how-to-troubleshoot-windows-10-with-reliability-monitor-1745624446
HOTSPOT
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.
Computer1 contains the folders shown in the following table.
On Computer1, you create the users shown in the following table.
User1 encrypts a file named File1.txt that is in a folder named C:Folder1.
What is the effect of the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
References: https://support.microsoft.com/en-za/help/310316/how-permissions-are-handled-when-you-copy-and-move-files-and-folders
You have 10 new Windows 10 devices.
You plan to deploy a provisioning package that will configure a wireless network profile.
You need to ensure that a support technician can install the provisioning package on the devices. The solution must use the principle of least privilege.
To which group should you add the support technician?
- A . Users
- B . Power Users
- C . Network Configuration Operators
- D . Administrators
D
Explanation:
Reference: https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
DRAG DROP
You have a computer named Computer1 that runs Windows 7. Computer1 has a local user named User1 who has a customized profile.
On Computer1, you perform a clean installation of Windows 10 without formatting the drives.
You need to migrate the settings of User1 from Windows7 to Windows 10.
Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
References: https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-how-it-works
HOTSPOT
Your network contains an Active Directory domain.
The domain contains the users shown in the following table.
The Authenticated Users group has the Add workstations to domain user right in the Default Domain Controllers Policy.
The Device Managers and Help Desk groups are granted the Create Computer objects permission for the Computers container of the domain.
You have 15 workgroup computers that run Windows 10.
Each computer contains a local user account named LocalAdmin1 that is a member of the following groups:
✑ Administrators
✑ Device Owners
✑ Authenticated Users
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: No
User1 is a member of the Authenticated Users group which has the Add workstations to domain user right. However, with the Add workstations to domain user right, you are restricted to joining a maximum of 10 computers to the domain.
Box 2: No
User2 is a member of the Authenticated Users group which has the Add workstations to domain user right. User2 is also a member of the Device Managers group which is granted the Create Computer objects permission for the Computers container of the domain. The Create Computer objects permission overrides the 10-computer limit imposed by the Add workstations to domain user right so User2 can join more than 10 computers to the domain.
Box 3. Yes
User3 is a member of the Authenticated Users group which has the Add workstations to domain user right. User3 is also a member of the Help Desk group which is granted the Create Computer objects permission for the Computers container of the domain. The Create Computer objects permission overrides the 10-computer limit imposed by the Add workstations to domain user right so User3 can join all the computers to the domain.
You have a public computer named Public1 that runs Windows 10.
Users use Public1 to browse the internet by using Microsoft Edge.
You need to view events associated with website phishing attacks on Public1.
Which Event Viewer log should you view?
- A . Applications and Services Logs > Microsoft > Windows > SmartScreen > Debug
- B . Applications and Services Logs > Microsoft > Windows > Security-Mitigations > User Mode
- C . Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational
- D . Applications and Services Logs > Microsoft > Windows > Device Guard > Operational
HOTSPOT
Your network contains the segments shown in the following table.
You have a computer that runs Windows 10.
The network interface of the computer is configured as shown in the exhibit. (Click the Exhibit tab.)
You need to identify which IP address the computer will have on the network when the computer connects to the segments.
Which IP address should you identify for each segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
HOTSPOT
You have a Windows 10 device.
You need to ensure that only priority notifications are displayed during business hours.
Which settings in the Settings app should you configure, and where will standard notifications be sent during business hours? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a computer named Client1 that runs Windows 11.
You perform the following actions on Client1:
• Enable Hyper-V.
• Create a virtual machine that runs Windows 11 Pro.
You need to connect to VM1 by using enhanced session mode.
What should you do first?
- A . Enable Remote Assistance on Client1.
- B . Enable Remote Assistance on VM1.
- C . Enable Remote Desktop on VM1.
- D . Enable Remote Desktop on Client1.
You need to ensure that User1 can perform a Resultant Set of Policy (RSOP) analysis for User2. The solution must use the principle of least privilege.
What should you do first?
- A . Add User1 to the local Administrators group.
- B . Add User2 to the local Performance Monitor Users group.
- C . Run RSoP from an elevated-privilege account.
- D . Add User1 to the local Performance Monitor Users group.
Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.
A user reports that his computer has a compatibility issue with the latest Windows 10 feature update.
You need to prevent other computers from installing the feature update for 10 days while you mitigate the issue.
Which Windows Update setting should you configure by using a Group Policy Object (GPO)?
- A . Select when Preview Builds and Feature Updates are received
- B . Reschedule Automatic Updates scheduled installations
- C . Disable safeguards for Feature Updates
- D . Automatic Updates detection frequency
A
Explanation:
Reference: https://docs.microsoft.com/en-us/windows/deployment/update/waas-wufb-group-policy
You need to configure Device! to meet the following requirements:
• Deny User1 the right to sign in locally.
• Ensure that a logon script runs only when User2 signs in to Device1.
• Ensure that no login scripts run when User1 or Admin! sign in to Device1.
Which two policies should you modify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Local ComputerAdmin1 Policy
- B . Local ComputerNAdministrators Policy
- C . Local ComputerNon-Administrators Policy IS
- D . Local ComputerUser1 Policy
- E . Local ComputerUser2 Policy
- F . Local Computer Policy
HOTSPOT
You have a computer named Client1 that runs Windows 10 and has Windows Sandbox enabled.
You create a script named Script1.cmd. On Clientl. you save Script1.cmd to a folder named C:Scripts.
You need to ensure that when you sign in to Windows Sandbox. Script1.cmd runs automatically.
How should you complete the configuration file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10 and are joined to the domain.
On Computer1, you create an event subscription named Subscription1 for Computer2 as shown in the Subscription1 exhibit. (Click theSubcription1tab.)
Subscription1 is configured to use forwarded events as the destination log.
On Computer1, you create a custom view named View1 as shown in the View1 exhibit. (Click theView1tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
DRAG DROP
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
You need to create a Start menu layout file.
The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
DRAG DROP
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
You need to create a Start menu layout file.
The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
DRAG DROP
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
You need to create a Start menu layout file.
The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
DRAG DROP
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
You need to create a Start menu layout file.
The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
DRAG DROP
Your network contains an Active Directory domain. The domain contains 100 computers that run Windows 10.
You need to create a Start menu layout file.
The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.
Explanation:
You have computers that run Windows 10. The computers are joined to an Azure Active Directory (Azure AD) tenant and enrolled in Microsoft Intune.
You need to recommend a solution for help desk administrators that meets the following requirements:
✑ The administrators must assist users remotely by connecting to each user’s computer.
✑ The remote connections must be initiated by the administrators. The users must approve the connection.
✑ Both the users and the administrators must be able to see the screen of the users’ computer.
✑ The administrators must be able to make changes that require running applications as a member of each computer’s Administrators group.
Which tool should you include in the recommendation?
- A . Remote Desktop
- B . Intune
- C . Remote Assistance
- D . Quick Assist
B
Explanation:
References: https://docs.microsoft.com/en-us/mem/intune/remote-actions/remote-assist-mobile-devices
You have 10 computers that run Windows 10 and have BitLocker Drive Encryption (BitLocker) enabled.
You plan to update the firmware of the computers.
You need to ensure that you are not prompted for the BitLocker recovery key on the next restart. The drive must be protected by BitLocker on subsequent restarts.
Which cmdlet should you run?
- A . Unlock-BitLocker
- B . Disable-BitLocker
- C . Add-BitLockerKeyProtector
- D . Suspend-BitLocker
D
Explanation:
References: https://support.microsoft.com/en-us/help/4057282/bitlocker-recovery-key-prompt-after-surface-uefi-tpm-firmware-update
HOTSPOT
Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.
You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.
Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permissions.
On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
References: https://www.techrepublic.com/article/learn-the-basic-differences-between-share-and-ntfs-permissions/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
You test Windows updates on Computer1 before you make the updates available to other users at your company.
You install a quality update that conflicts with a customer device driver.
You need to remove the update from Computer1.
Solution: From an elevated command prompt, you run the wusa.exe command and specify the/uninstall parameter.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
References: https://support.microsoft.com/en-us/help/934307/description-of-the-windows-update-standalone-installer-in-windows
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question In this section, you will NOT be able to return to It. As a result these question will not appear In the review screen.
You have two computers named Computer1 and Computer2 that run Windows 10.
You have an Azure Active Directory (Azure AD) user account named admin®contoso.com that is m the local Administrators group on each computer.
You sign m to Compute1 by using admin®contoso.com.
You need to ensure that you can use Event Viewer on Computer1 to connect to the event logs on Computer?
Solution: On Computer2, you create a Windows Defender Firewall rule that allows eventwr.exe.
Does this meet the goal?
- A . Yes
- B . No