Page: 1
/ 16
Total 231 questions
You have a folder that you plan to share.
You need to configure security for the shared folder to meet the following requirements:
-> Members of a security group named Group1 must be able to modify permissions of files and folders.
-> Members of a security group named Group2 must be able to read files and folders only.
-> Members of a security group named Group3 must be able to take ownership of files.
What should you do? (To answer, select the appropriate options in the answer area.)
Answer :
Explanation:
You support computers that run Windows 8 Pro.
Your company recently purchased 200 new desktop computers. Company policy requires that the desktop computers include a recovery partition. The partition must contain a bootable image that includes support for incoming Remote Desktop connections.
You need to configure the desktop computers to comply with company policy.
Which four actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer :
Explanation:
Box 1: Create a customized Microsoft Diagnostics and Recovery Tool (DaRT) ISO image file.
Box 2: Extract the boot.wim file
Box 3: Use the boot.wim file to create a bootable partition.
Box 4: Replace the recovery partition on the target computers.
Note:
After you have finished running the Microsoft Diagnostics and Recovery Toolset (DaRT)
8.0 Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 8 image. A partition is recommended, because any corruption issues that prevent the Windows operating system from starting would also prevent the recovery image from starting.
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 8.1 and Microsoft Office 2013. All of the computers are joined to the domain.
Your company purchases a subscription to Office 365. An administrator creates an Office
365 account for each user and deploys a federated solution for Office 365.
You need to prevent the users from being prompted for a user account and a password each time they access services from Office 365.
Which account should you instruct the users to use when they sign in to their computer?
- A. A contoso.com account
- B. A Microsoft account
- C. An Office 365 account
- D. A local user account
Answer : B
Explanation: Office 2013 users can sign in by using either of two types of credentials:
Microsoft account, or Organization or School. The second type of credential is the user ID that is assigned by the organization or school for the purpose of accessing Office 365.
Reference: Configure user sign-in for Office 2013
You administer desktop computers on your company network.
You want to deploy a WIM file of Windows 8 Enterprise to 15 desktop computers that have a third-party iSCSI adapter installed. The hardware vendor provided a device driver to support this adapter.
You need to update the image to ensure that the device driver is installed when you deploy the image.
What should you do?
- A. Run the dism.exe tool and specify the fadd-driver parameter.
- B. Download and run the drvload.exe tool and specify the path to the driver .inf file.
- C. Download and run the imagex.exe tool and specify the /remount parameter.
- D. Run the dism.exe tool and specify the /append-image parameter.
Answer : A
Explanation: Driver Servicing Command-Line Options
The driver servicing commands can be used on an offline image to add and remove drivers based on the INF file, and on a running operating system (online) to enumerate drivers.
Reference:
http://technet.microsoft.com/en-us/library/dd799258(v=ws.10).aspx http://social.technet.microsoft.com/wiki/contents/articles/516.how-to-boot-from-a- vhd.aspx#Add
You administer laptop and desktop computers that run Windows 8 Pro. Your company uses
Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD
CS).
Your company decides that access to the company network for all users must be controlled by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?
- A. Install smart card readers on all computers. Issue smart cards to all users.
- B. Enable the Password must meet complexity requirements policy setting. Instruct users to log on by using the domain \username format for their username and their strong password.
- C. Create an Internet Protocol security (IPsec) policy that requires the use of Kerberos to authenticate all traffic. Apply the IPsec policy to the domain.
- D. Issue photo identification to all users. Instruct all users to set up and use PIN Logon.
Answer : A
Explanation: Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates.
A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources.
Registry certificates cannot be used for two factor authentication. Although certificates are ideal candidates for two-factor authentication, registry certificates which are protected by a strong private key and are the most appropriate certificates for two-factor authentication - cannot be used. The reason for this is that Windows does not support registry certificates and completely ignores them. As a result, organizations must deploy and manage complex and expensive smart card solutions rather than using registry based certificates. http://technet.microsoft.com/en-us/library/cc770519.aspx] http://technet.microsoft.com/en-us/library/jj200227.aspx
You are a Windows 8 user. Your organization has purchased an Office 365 subscription.
You install Microsoft Lync and Microsoft Outlook on your computer.
You need to connect Office 365 to Lync and Outlook.
What should you do?
- A. Run the Office Professional Plus setup from the Office 365 portal.
- B. Run the Windows Mail application. Add a new account by using your Office 365 credentials.
- C. Run the People application. Add a new account by using your Office 365 credentials.
- D. Run the Office 365 desktop setup from the Office 365 portal.
Answer : D
Explanation: Set up your desktop for Office 365
When you have set up your desktop, you will be able to:
Install the complete suite of Microsoft Office 2010 desktop apps, if you have a Office
Professional Plus subscription.
Install Lync, your workplace connection for instant messaging and online meetings, including audio and video.
Use your user ID to sign in to Office 365 from your desktop applications.
Reference:
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637594.aspx
You support computers that run Windows 8 and are members of an Active Directory domain. Recently, several domain user accounts have been configured with super- mandatory user profiles.
A user reports that she has lost all of her personal data after a computer restart.
You need to configure the user's computer to prevent possible user data loss in the future.
What should you do?
- A. Configure the user's documents library to include folders from network shares.
- B. Remove the .man extension from the user profile name.
- C. Add the .dat extension to the user profile name.
- D. Configure Folder Redirection by using the domain group policy.
Answer : D
Explanation:
A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users. With mandatory user profiles, a user can modify his or her desktop, but the changes are not saved when the user logs off. The next time the user logs on, the mandatory user profile created by the administrator is downloaded. There are two types of mandatory profiles: normal mandatory profiles and super-mandatory profiles.
User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) on the server to NTuser.man. The .man extension causes the user profile to be a read-only profile.
User profiles become super-mandatory when the folder name of the profile path ends in
.man; for example, \\server\share\mandatoryprofile.man\.
Super-mandatory user profiles are similar to normal mandatory profiles, with the exception that users who have super-mandatory profiles cannot log on when the server that stores the mandatory profile is unavailable. Users with normal mandatory profiles can log on with the locally cached copy of the mandatory profile.
Only system administrators can make changes to mandatory user profiles.
Reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx http://technet.microsoft.com/en-us/windows/hh868022.aspx
Your network contains a Microsoft Exchange Server 2013 organization.
You have an Exchange ActiveSync policy that has the following settings configured:
-> AllowRemoteDesktop
-> AllowInternetSharing
-> RequireDeviceEncryption
-> MinDevicePasswordLength
-> AllowSimpleDevicePassword
You need to identify which settings are applied to devices that run Windows RT.
Which three settings should you identify? (Each correct answer presents part of the solution. Choose three.)
- A. MinDevicePasswordLength
- B. AllowRemoteDesktop
- C. AllowInternetSharing
- D. RequireDeviceEncryption
- E. AllowSimpleDevicePassword
Answer : A,D,E
Explanation: Windows 8\RT Supported Policy Parameters for EAS mailbox policies for
Exchange Server 2013 are:
(A) MinDevicePasswordLength
(D) RequireDeviceEncryption
(E) AllowSimpleDevicePassword
PasswordEnabled -
MinDevicePasswordComplexCharacters
MaxInactivityTimeDeviceLock -
DevicePasswordHistory -
MaxDevicePasswordFailedAttempts -
AllowNonProvisionableDevices -
DevicePasswordExpiration -
Note:
* Windows RT is a new Windows-based operating system that's optimized for thin and light
PCs that have extended battery life and are designed for life on the go. Windows RT only runs built-in apps or apps that you download from the Windows Store. Windows Update automatically keeps your PC up to date and Windows Defender provides up-to-date virus and malware protection. http://technet.microsoft.com/en-US/library/aa998357%28v=exchg.150%29.aspx
Your network contains an Active Directory domain and 100 Windows 8.1 client computers.
All software is deployed by using Microsoft Application Virtualization (App-V) 5.0.
Users are NOT configured as local administrators,
Your company purchases a subscription to Microsoft Office 365 that includes Office 365
ProPlus.
You need to create an App-V package for Office 365 ProPlus.
What should you do?
- A. Run the Office Customization Tool (OCT), run the App-V Sequencer and then run Setup /Packager.
- B. Download the Office Deployment Tool for Click-to-Run, run the App-V Sequencer and then run Setup /Ad mm.
- C. Download the Office Deployment Tool for Click-to-Run, run Setup /Download and then run Setup /Packager.
- D. Run the Office Customization Tool (OCT), run Setup /Download and then run the App-V Sequencer.
Answer : C
Reference: http://blogs.technet.com/b/pauljones/archive/2013/08/28/office-2013-click-to- run-with-configuration-manager-2012.aspx http://technet.microsoft.com/en-us/library/cc179097%28v=office.15%29.aspx http://technet.microsoft.com/en-us/library/hh825212.aspx http://technet.microsoft.com/en-us/library/jj713463.aspx http://technet.microsoft.com/en-us/library/dn144768.aspx
You have a Windows 8.1 Enterprise client computer named Computer1 The Storage
Spaces settings of Computer1 are configured as shown in the following exhibit. (Click the
Exhibit button.)
You plan to create a three-way mirror storage space in the storage pool and to set the size of the storage space to 50 GB.
You need to identify the minimum number of disks that must be added to the storage pool for the planned mirror.
How many disks should you identify?
- A. 1
- B. 3
- C. 4
- D. 5
Answer : B
Explanation: In Windows Server 2012 Storage Spaces and Windows 8 Storage Spaces, a
2-way mirror requires at least 2 physical disks. However, a 3-way mirror requires at least
5 physical disks.
The reason is that a 3-way mirror uses a quorum. In order to keep running, the mirror space must keep over 50% of the disks functioning. So a 3-way mirror must have at least
5 physical disks to be able to survive the loss of up to 2 physical disks. http://blogs.technet.com/b/tip_of_the_day/archive/2013/08/29/tip-of-the-day-3-way- mirrors.aspx
Reference: http://www.eightforums.com/tutorials/4203-storage-spaces-create-new-pool- storage-space-windows-8-a.html http://windows.microsoft.com/en-US/windows-8/storage-spaces-pools http://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently- asked-questions-faq.aspx
Your network contains an Active Directory domain and 100 Windows 8.1 Enterprise client computers.
All software is deployed by using Microsoft Application Virtualization (App-V) 5.0.
Users are NOT configured as local administrators.
Your company purchases a subscription to Microsoft Office 365 that includes Office 365
ProPlus.
You need to create an App-V package for Office 365 ProPlus.
Which three actions should you perform in sequence? (To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order.)
Answer :
Explanation: Run the App-V Sequencer
Run Setup/packager -
Download the office deployment tool for click-to-run
http://technet.microsoft.com/en-us/library/jj713487.aspx
http://technet.microsoft.com/en-us/library/jj713421.aspx
http://technet.microsoft.com/en-us/library/jj713491.aspx
You administer client computers that run Windows 8 Enterprise deployed by using
Windows Deployment Services (WDS). Your company recently purchased 25 new tablets that run Windows 8 Pro.
For all 25 new tablets, you want to replace the existing Windows 8 Pro installation with
Windows 8 Enterprise.
You need to deploy the Windows 8 Enterprise image to all 25 tablets simultaneously by using the existing WDS infrastructure.
What should you do?
- A. Start the tablets from the Windows To Go workspace.
- B. Start the tablets from a USB flash drive with a customized Windows Preinstallation Environment (WinPE).
- C. Start the tablets normally. Map the Windows Image (WIM) file from a WDS network share.
- D. Start the tablets from a customized Windows Recovery Environment (WinRE).
Answer : B
Explanation: Walkthrough: Create a Custom Windows PE Image
To create a bootable UFD (USB Flash Drive)
During a running Windows Vista operation system or a Windows PE session, insert your
UFD device.
At a command prompt, use Diskpart to format the device as FAT32 spanning the entire device, setting the partition to active. For example, diskpart select disk 1 clean create partition primary size=<size of device> select partition 1 active format fs=fat32 assign exit where the value of disk 1 is equal to UFD.
On your technician computer, copy all the content in the \ISO directory to your UFD device.
You can manually create the directory structure or use the xcopy command to automatically build and copy the appropriate files from your technician computer to your
UFD device. For example,
xcopy c:\winpe_x86\iso\*.* /s /e /f f:\
where c is the letter of your technician computer hard disk and f is the letter of your UFD device.
Reference:
http://technet.microsoft.com/en-us/library/cc709665(v=ws.10).aspx
Your network contains client computers that run Windows 8 Enterprise. The computers are members of an Active Directory domain.
Your company purchases a subscription to Windows Intune.
Synchronization between Active Directory and Windows Intune is not configured.
You enroll all of the computers in Windows Intune.
You plan to create groups that contain the computers by using dynamic membership.
You need to identify which criteria you can use to populate the groups dynamically.
Which three criteria should you identify? (Each correct answer presents a complete solution. Choose three.)
- A. organizational unit (OU)
- B. manager
- C. security group
- D. device type
- E. domain
Answer : A,B,C
Explanation: Windows Intune Dynamic membership query criteria include:
Security group -
Manager -
Organizational unit (OU)
Note:
* A group can have direct members (static membership), dynamic query-based members, or both. When you create a dynamic membership query, you define the criteria that determines the query that Windows Intune runs to retrieve the list of group members. The group is automatically updated with members that meet the criteria whenever changes occur. You can also create groups that have static membership lists. These are groups that you manually define by explicitly adding members.
* Windows Intune is a Microsoft cloud-based management solution.
Intune is primarily aimed at small and medium enterprises and service providers who want to manage up to 500 Microsoft Windows computers. Distribution is through a subscription system in which a fixed monthly cost is incurred per PC. The minimum subscription duration is one year. Included in the package is the Windows operating system, currently
Windows 8 Enterprise.
http://technet.microsoft.com/en-us/library/hh456367.aspx
http://technet.microsoft.com/en-us/library/dn646950.aspx
http://technet.microsoft.com/en-us/library/dn646983.aspx
You have Windows 8.1 Enterprise client computers. All of the computers are managed by using Microsoft System Center 2012 Configuration Manager.
You enable Microsoft System Center 2012 Endpoint Protection on the computers.
You need to ensure that Endpoint Protection automatically downloads the latest available malware definition updates when unidentified malware is detected on the computers,
What should you configure? (To answer, select the appropriate option in the answer area.)
Answer :
Explanation:
Microsoft Active Protection Service is an online community that helps you decide how to respond to potential threats.
If YES setting is configured - Yes automatically sends information about detected malware to the Microsoft Active Protection Service. http://technet.microsoft.com/en-us/library/dn646970.aspx http://technet.microsoft.com/en-us/library/jj822983.aspx
You administer Windows 8.1 Pro tablets that are members of an Active Directory domain.
Your company policy allows users to download and install only certain few Windows Store apps.
You have created a new AppLocker Packaged Apps policy to help enforce the company policy.
You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.
What should you do?
- A. Open PowerShell and run the Get-AppLockerPoIicy -Effective cmdlet to retrieve the AppLocker effective policy.
- B. Open Group Policy Management console and run the Group Policy Modeling Wizard.
- C. Open Group Policy Management console and run the Group Policy Results Wizard.
- D. Open Group Policy Management console and enforce the new AppLocker policy in Audit Only mode.
Answer : D
Explanation: Step 1: Enable the Audit only enforcement setting
By using the Audit only enforcement setting, you can ensure that the AppLocker rules that you have created are properly configured for your organization. This setting can be enabled on the Enforcement tab of the AppLocker Properties dialog box.
Step 2: Configure the Application Identity service to start automatically
Step 3: Test the policy -
Test the AppLocker policy to determine if your rule collection needs to be modified.
Because you have created AppLocker rules, enabled the Application Identity service, and enabled the Audit only enforcement setting, the AppLocker policy should be present on all client computers that are configured to receive your AppLocker policy.
Reference: Test and Update an AppLocker Policy