Planning for and Managing Devices in the Enterprise v7.0 (70-398)

Page:    1 / 3   
Total 36 questions

Your organization is deploying new Windows 10 devices. You create a new organizational unit that contains all Windows 10 devices.
You are preparing a new security policy for Windows 10 devices. Your organization requires audits on the use of removable storage devices on personal devices.
You need to enable audits of removable storage.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.




Answer :

Your organization needs to implement a Dynamic Access Control (DAC) plan that includes user and device claims.
The domain controllers have not been enabled to provide claims and compound authentication.
You need to configure the Default Domain Controllers Group Policy Object to provide claims and compound authentication.
You decide to first enable the domain controllers to provide claims and compound authentication on request.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.




Answer :

You upgrade 15 client devices to Windows 10 Enterprise.
You need to configure the devices.
Which Control Panel applets should you use? To answer, select the appropriate applet from each list in the answer area. Each correct answer is worth one point.




Answer :

You are a network administrator for a company that has an Office 365 E3 subscription. You purchase Enterprise Mobility Suite licenses. You implement synchronization by using a federated identity model.
Passwords for Sales team users often expire while they are travelling. When this happens, the users are not able to log on to the virtual private network (VPN) to perform their duties.
Users must be able to reset their own passwords.
You need to enable password write-back.
Which application should you configure?

  • A. Web Application Proxy
  • B. Active Directory Federation Services (AD FS)
  • C. Microsoft Online Services Sign-in Assistant
  • D. Directory Synchronization (DirSync)
  • E. Azure Active Directory Connect


Answer : E

You administer Office 365 and Azure Active Directory (AD) for a car rental company. You also manage an on-premises Active Directory Domain Services (AD DS) domain. You implement Active Federation Services (AD FS).
You plan to implement Azure AD Connect Health.
You need to ensure that you can install and configure Azure AD Connect Health.
What should you do? To answer, select the appropriate option from each list in the answer area.




Answer :

Explanation:


References:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect- health-agent-install/#Requirements

A company implements offline files for all Windows 10 devices.
A user reports that they are running low on free disk space.
You need to determine the amount of disk space being used by offline files on the users device.
What should you do?

  • A. On the device, run the following Windows PowerShell command:Get-Disk | Where- Object IsOffline- Eq $True | Set-Disk-IsOffline $False
  • B. Instruct the user to launch Resource Manager.
  • C. On the device, run the following Windows PowerShell command:Get-Disk | Where- Object IsOffline- Eq $False | Set-Disk-IsOffline $True
  • D. Instruct the user to launch Sync Center.


Answer : D

A company has an Active Directory Domain Services (AD DS) domain named global.fabrikam.com, and an on-premises Microsoft Exchange Server 2010 server. The company has an Office 365 E3 subscription. You have not assigned any licenses to users.
You deploy Enterprise Mobility Suite (EMS). All client devices run Windows 7 and Office
2010.
You must protect emails that contain sensitive information from unauthorized access.
You need to ensure that users can easily protect sensitive emails as messages are sent.
Which three actions should you perform? Each correct answer presents part of the solution.

  • A. Configure Exchange Online.
  • B. Configure Office 365 message encryption.
  • C. Upgrade client devices to Office 365 Pro Plus.
  • D. Assign an EMS license to each user.
  • E. Deploy theRights Management Service client.
  • F. Assign an Office 365 E3 license to each user.


Answer : C,D,F

You are deploying Windows 10 clients for a small company. The environment does not have access to any network shares, and USB drives are not allowed.
You need to determine which recovery options you can use.
For each scenario, which recovery option should you use? To answer, drag the appropriate recovery tool to the correct scenario. Each recovery tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Each correct answer is worth one point.




Answer :

You manage 500 laptop devices and 250 desktop devices that run Windows 10. All devices are joined to an Active Directory Domain Services (AD DS) domain. You also manage a
Windows Server 2012 R2 file server named FILE01.
All user document folders must be located on FILE01.
You need to ensure that the mobile users can access documents offline.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.




Answer :

A company has tablet devices that run Windows 10. You configure auditing for devices.
You need to determine which audit policies are configured on the devices.
What should you do?

  • A. At a command prompt, run the following command:auditpol
  • B. Run the following Windows PowerShell cmdlet:Get-AdminAuditLogConfig
  • C. At a command prompt, run the following command:Dsget
  • D. At a command prompt, run the following command:Winrm
  • E. Run the following Windows PowerShell cmdlet:Get-AuditLogSearch


Answer : A

A company integrates Microsoft Intune with System Center 2012 R2 Configuration
Manager. The company uses Intune to manage Windows 7 and Windows 10 devices along with mobile devices. Users access company data by using iOS, OS X, Windows Phone, and Android devices.
The company plans to use features of the Microsoft Enterprise Mobility Suite to increase user mobility and ensure data protection. All users must be able to run a custom 32-bit
Windows app. The app cannot be migrated.
You need to ensure that the app is accessible from all devices.
In the table below, for each technology, identify which feature to implement.
NOTE: Make only one selection in each column. Each correct answer is worth one point.




Answer :

You configure Windows Remote Desktop to allow remote connections. You are testing the remote desktop connection.
When users that are not administrators sign in to the Remote Desktop Connection, the following error message displays: To sign in remotely, you need the right to sign in through
Remote Desktop Services.
You need to ensure that all employees can access resources by using Remote Desktop
Connection.
What should you do?

  • A. In the local group policy, configure the Remote Desktop Connection Client to prompt for credentials on the client.
  • B. Create a Group Policy Object that enables the Windows Firewall to allow inbound Remote Desktop Exceptions.
  • C. Ensure that the employee’s device is joined to the domain.
  • D. In Computer Management, add the Authenticated Users group to the Remote Users group.


Answer : D

You manage an Active Directory Domain Services (AD DS) domain that has 500 devices.
All devices run Windows 7 Enterprise Edition. You deploy System Center 2012 R2
Configuration Manager SP1.
You plan to upgrade all devices to Windows 10 Enterprise and encrypt the devices by using Microsoft BitLocker Administration and Monitoring (MBAM), Data secured with
BitLocker must not be stored on USB devices.
You need to ensure that existing devices are ready for the upgrade.
What should you do?

  • A. Implement MBAM in thedomain. Create an MBAM group policy and apply the policy to all devices.
  • B. Verify that the System Center Configuration Manager agent is installed on all devices.
  • C. In the system BIOS, verify that all devices have a Trusted Platform Module (TPM) 1.2 or higher chip. Enable the TPM chip.
  • D. Integrate MBAM with System Center Configuration Manager. Deploy the BitLocker prepare task sequence to all laptop computers.
  • E. From System Center Configuration Manager, create a custom deploy task sequence that enables MBAM. Deploy the task sequence to all Windows 7 devices.


Answer : B

A company has a policy that all data stored on a corporate mobile device must be encrypted.
You need a management solution that enforces the policy.
Which two management solutions should you use? Each correct answer presents part of the solution.

  • A. Windows Server 2012 R2 Active Directory Certificate Services Server role.
  • B. Microsoft Exchange ActiveSync.
  • C. System Center 2012 R2 Configuration Manager.
  • D. Microsoft Operations Management Suite.
  • E. Microsoft Intune Mobile Device Management.


Answer : B,E

A company uses Office 365. The company has an on-premises Active Directory Domain
Services (AD DS) domain and Azure Active Directory Connect. The company runs an on- premises installation of System Center Configuration Manager. All devices are joined to the domain. All users have AD DS accounts and use their AD DS credentials to access the
Office 365 resources.
You plan to use Cloud App Discovery.
You need to deploy a solution.
Which three will achieve the goal? Each correct answer presents a complete solution.

  • A. Install the agent by using System Center Operations Manager.
  • B. Install the agent by using SystemCenter Configuration Manager.
  • C. Install the agent by using Group Policy.
  • D. Install the agent manually.
  • E. Install the agent by using the Office 365 portal.


Answer : B,C,D

Page:    1 / 3   
Total 36 questions