Windows 10 v1.0 (MD-100)

Page:    1 / 10   
Total 150 questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.


A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.â€
You need to ensure that User2 can connect to Share1.
Solution: You create a local group on Computer1 and add the Guest account to the group. You grant the group Modify access to Share1.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.
You need to prevent the computers of the research department from appearing in Network in File Explorer.
What should you do?

  • A. Configure DNS to use an external provider
  • B. Modify the %systemroot%\system32\drivers\etc\Networks file.
  • C. Turn off network discovery.
  • D. Disable the Network List Service.


Answer : C

HOTSPOT -
You have two computers named Computer1 and Computer2 that run Windows 10. The computers are in a workgroup.
You perform the following configurations on Computer1:
-> Create a user named User1.
-> Add User1 to the Remote Desktop Users group.
You perform the following configurations on Computer2:
-> Create a user named User1 and specify the same user password as the one set on Computer1.
-> Create a share named Share2 and grant User1 Full control access to Share2.
-> Enable Remote Desktop.
What are the effects of the configurations? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

HOTSPOT -
Your network contains an Active Directory domain. The domain contains a group named Group1.
All the computers in the domain run Windows 10. Each computer contains a folder named C:\Documents that has the default NTFS permissions set.
You add a folder named C:\Documents\Templates to each computer.
You need to configure the NTFS permissions to meet the following requirements:
-> All domain users must be able to open the files in the Templates folder.
-> Only the members of Group1 must be allowed to edit the files in the Templates folder.
How should you configure the NTFS settings on the Templates folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

You deploy Windows 10 to 20 new laptops.
The laptops will be used by users who work at customer sites. Each user will be assigned one laptop and one Android device.
You need to recommend a solution to lock the laptop when the users leave their laptop for an extended period.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Enable Bluetooth discovery.
  • B. From the Settings app, configure the Dynamic lock settings.
  • C. From Sign-in options, configure the Windows Hello settings.
  • D. From the Settings app, configure the Lock screen settings.
  • E. Pair the Android device and the laptop.
  • F. From the Settings app, configure the Screen timeout settings.


Answer : DF

You have a workgroup computer named Computer1 that runs Windows 10. Computer1 has the user accounts shown in the following table.


User3, User4, and Administrator sign in and sign out on Computer1. User1 and User2 have never signed in to Computer1.
You are troubleshooting policy issues on Computer1. You sign in to Computer1 as Administrator.
You add the Resultant Set of Policy (RsoP) snap-in to an MMC console.
Which users will be able to sign in on Computer1?

  • A. User1, User3, and User4 only
  • B. Administrator only
  • C. User1, User2, User3, User4, and Administrator
  • D. User3, User4, and Administrator only


Answer : D

Explanation:
The Interactive logon: Number of previous logons to cache (in case domain controller is not available) policy setting determines whether a user can log on to a
Windows domain by using cached account information. Logon information for domain accounts can be cached locally so that, if a domain controller cannot be contacted on subsequent logons, a user can still log on.
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain- controller-is-not-available

HOTSPOT -
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.
Computer1 contains the local users shown in the following table.


Computer1 contains the folders shown in the following table.

The Users group has Full control permissions to Folder1, Folder2, and Folder3.
User1 encrypts two files named File1.docx and File2.docx in Folder1 by using EFS.
Which users can move each file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
EFS works by encrypting a file with a bulk symmetric key. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file. Because the encryption & decryption operations are performed at a layer below NTFS, it is transparent to the user and all their applications.
Box 1: User1, User2, and Administrator
Box 2: User1, User2, and Administrator
All three are members of the Users group that has Full control permissions to Folder1, Folder2, and Folder3.

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.
You plan to share Folder1. Everyone will have Read share permissions, and administrators will have Full control share permission.
You need to prevent the share from appearing when users browse the network.
What should you do?

  • A. Enable access-based enumeration.
  • B. Deny the List NTFS permissions on Folder1.
  • C. Add Folder1 to a domain-based DFS namespace.
  • D. Name the share Folder1$.


Answer : D

Explanation:
Appending a dollar sign to share name prevents a share from appearing when users browse the network.
Incorrect Answers:
Access-based enumeration will hide the share from anyone who doesn’t have permission to access the share. However, as ‘Everyone’ has Read access to the share, the share would appear for everyone when they browse the network.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Explanation:
Files and folders are objects and are audited through object access.
References:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html

You have a computer named Computer1 that runs Windows 10.
On Computer1, you turn on File History.
You need to protect a folder named D:\Folder1 by using File History.
What should you do?

  • A. From File Explorer, modify the Security settings of D:\Folder1
  • B. From Backup and Restore (Windows 7), modify the backup settings
  • C. From the Settings app, configure the Backup settings
  • D. From File History in Control Panel, configure the Advanced drive settings


Answer : C

Explanation:
To configure File History, click More options on the Backup screen. The Backup options screen allows you to set how often File History backs up your files and how long versions are saved.
References:
https://www.groovypost.com/howto/configure-windows-10-file-history/

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit system events.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Explanation:
Files and folders are objects and are audited through object access, not though system events.
References:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html

Configure Connectivity -

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview -

Existing Environment -
Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory -
The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.
The domain contains a user account for an employee named User10.

Client Computers -
All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.
All the employees register their computer to Azure AD when they first receive the computer.
User10 has a computer named Computer10.
All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures -
Fabrikam has the following operational procedures:
Updates are deployed by using Windows Update for Business.
When new contractors are hired, administrators must help the contactors configure the following settings on their computer:
- User certificates
- Browser security and proxy settings
- Wireless network connection settings

Security policies -
The following security policies are enforced on all the client computers in the domain:
All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.
The local Administrators group on each computer contains an enabled account named LocalAdmin.
The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements -
Fabrikam identifies the following issues:
Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.
When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.
An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.
User10 reports that Computer10 is not activated.

Technical requirements -
Fabrikam identifies the following technical requirements for managing the client computers:
Provide employees with a configuration file to configure their VPN connection.
Use the minimum amount of administrative effort to implement the technical requirements.
Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.
Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.
Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft


SharePoint site to apply the required configurations.

You need to recommend a solution to configure the employee VPN connections.
What should you include in the recommendation?

  • A. Remote Access Management Console
  • B. Group Policy Management Console (GPMC)
  • C. Connection Manager Administration Kit (CMAK)
  • D. Microsoft Intune


Answer : D

References:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#bkmk_ProfileXML

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview -

Existing Environment -
Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory -
The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.
The domain contains a user account for an employee named User10.

Client Computers -
All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.
All the employees register their computer to Azure AD when they first receive the computer.
User10 has a computer named Computer10.
All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures -
Fabrikam has the following operational procedures:
Updates are deployed by using Windows Update for Business.
When new contractors are hired, administrators must help the contactors configure the following settings on their computer:
- User certificates
- Browser security and proxy settings
- Wireless network connection settings

Security policies -
The following security policies are enforced on all the client computers in the domain:
All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.
The local Administrators group on each computer contains an enabled account named LocalAdmin.
The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements -
Fabrikam identifies the following issues:
Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.
When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.
An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.
User10 reports that Computer10 is not activated.

Technical requirements -
Fabrikam identifies the following technical requirements for managing the client computers:
Provide employees with a configuration file to configure their VPN connection.
Use the minimum amount of administrative effort to implement the technical requirements.
Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.
Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.
Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft


SharePoint site to apply the required configurations.

You need to take remote control of an employee’s computer to troubleshoot an issue.
What should you send to the employee to initiate a remote session?

  • A. a numeric security code
  • B. a connection file
  • C. an Easy Connect request
  • D. a password


Answer : A

References:
https://support.microsoft.com/en-us/help/4027243/windows-10-solve-pc-problems-with-quick-assist

Configure Connectivity -

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has IT, human resources (HR), and finance departments.
Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment -
Contoso uses Microsoft 365.
The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).
All computers run Windows 10 Enterprise.
You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.
In the domain, you create four groups named Group1, Group2, Group3, and Group4.
Computer2 has the local Group Policy settings shown in the following table.


The computers are updated by using Windows Update for Business.
The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.


Requirements -

Planned Changes -
Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements -
Contoso identifies the following technical requirements:
The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).
Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.
Users in the HR department must be able to view the list of files in a folder named D:\Reports on Computer3.
ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.
Quality update installations must be deferred as long as possible on ComputerA.
Users in the IT department must use dynamic lock on their primary device.
User6 must be able to connect to Computer2 by using Remote Desktop.
The principle of least privilege must be used whenever possible.
Administrative effort must be minimized whenever possible.
Kiosk (assigned access) must be configured on Computer1.

You need to meet the technical requirement for User6.
What should you do?

  • A. Add User6 to the Remote Desktop Users group in the domain.
  • B. Remove User6 from Group2 in the domain.
  • C. Add User6 to the Remote Desktop Users group on Computer2.
  • D. And User6 to the Administrators group on Computer2.


Answer : B

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has IT, human resources (HR), and finance departments.
Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment -
Contoso uses Microsoft 365.
The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).
All computers run Windows 10 Enterprise.
You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.
In the domain, you create four groups named Group1, Group2, Group3, and Group4.
Computer2 has the local Group Policy settings shown in the following table.


The computers are updated by using Windows Update for Business.
The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.


Requirements -

Planned Changes -
Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements -
Contoso identifies the following technical requirements:
The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).
Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.
Users in the HR department must be able to view the list of files in a folder named D:\Reports on Computer3.
ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.
Quality update installations must be deferred as long as possible on ComputerA.
Users in the IT department must use dynamic lock on their primary device.
User6 must be able to connect to Computer2 by using Remote Desktop.
The principle of least privilege must be used whenever possible.
Administrative effort must be minimized whenever possible.
Kiosk (assigned access) must be configured on Computer1.

You need to meet the technical requirement for the IT department users.
What should you do first?

  • A. Issue computer certificates
  • B. Distribute USB keys to the IT department users.
  • C. Enable screen saver and configure a timeout.
  • D. Turn on Bluetooth.


Answer : D

References:
https://support.microsoft.com/en-za/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from

Configure Connectivity -

Page:    1 / 10   
Total 150 questions