Page: 1
/ 16
Total 231 questions
HOTSPOT -
You have a workgroup computer named Computer1 that runs Windows 10. Computer1 has the users accounts shown in the following table:
Computer1 has the local Group Policy shown in the following table.
You create the Local Computer\Administrators policy shown in the following table.
You create the Local Computer\Non-Administrators policy shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Reference:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766291(v=ws.10)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
User2 attempts to access Share1 and receives the following error message: ג€The username or password is incorrect.ג€
You need to ensure that User2 can connect to Share1.
Solution: You create a local group on Computer1 and add the Guest account to the group. You grant the group Modify access to Share1.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.
You need to prevent the computers of the research department from appearing in Network in File Explorer.
What should you do?
- A. Configure DNS to use an external provider
- B. Modify the %systemroot%\system32\drivers\etc\Networks file.
- C. Turn off network discovery.
- D. Disable the Network List Service.
Answer : C
HOTSPOT -
You have two computers named Computer1 and Computer2 that run Windows 10. The computers are in a workgroup.
You perform the following configurations on Computer1:
✑ Create a user named User1.
✑ Add User1 to the Remote Desktop Users group.
You perform the following configurations on Computer2:
✑ Create a user named User1 and specify the same user password as the one set on Computer1.
✑ Create a share named Share2 and grant User1 Full control access to Share2.
✑ Enable Remote Desktop.
What are the effects of the configurations? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
HOTSPOT -
Your network contains an Active Directory domain. The domain contains a group named Group1.
All the computers in the domain run Windows 10. Each computer contains a folder named C:\Documents that has the default NTFS permissions set.
You add a folder named C:\Documents\Templates to each computer.
You need to configure the NTFS permissions to meet the following requirements:
✑ All domain users must be able to open the files in the Templates folder.
✑ Only the members of Group1 must be allowed to edit the files in the Templates folder.
How should you configure the NTFS settings on the Templates folder? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
You deploy Windows 10 to 20 new laptops.
The laptops will be used by users who work at customer sites. Each user will be assigned one laptop and one Android device.
You need to recommend a solution to lock the laptop when the users leave their laptop for an extended period.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Enable Bluetooth discovery.
- B. From the Settings app, configure the Dynamic lock settings.
- C. From Sign-in options, configure the Windows Hello settings.
- D. From the Settings app, configure the Lock screen settings.
- E. Pair the Android device and the laptop.
- F. From the Settings app, configure the Screen timeout settings.
Answer : DF
You have a workgroup computer named Computer1 that runs Windows 10. Computer1 has the user accounts shown in the following table.
User3, User4, and Administrator sign in and sign out on Computer1. User1 and User2 have never signed in to Computer1.
You are troubleshooting policy issues on Computer1. You sign in to Computer1 as Administrator.
You add the Resultant Set of Policy (RsoP) snap-in to an MMC console.
Which users will be able to sign in on Computer1?
- A. User1, User3, and User4 only
- B. Administrator only
- C. User1, User2, User3, User4, and Administrator
- D. User3, User4, and Administrator only
Answer : D
Explanation:
The Interactive logon: Number of previous logons to cache (in case domain controller is not available) policy setting determines whether a user can log on to a
Windows domain by using cached account information. Logon information for domain accounts can be cached locally so that, if a domain controller cannot be contacted on subsequent logons, a user can still log on.
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain- controller-is-not-available
HOTSPOT -
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.
Computer1 contains the local users shown in the following table.
Computer1 contains the folders shown in the following table.
The Users group has Full control permissions to Folder1, Folder2, and Folder3.
User1 encrypts two files named File1.docx and File2.docx in Folder1 by using EFS.
Which users can move each file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
EFS works by encrypting a file with a bulk symmetric key. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file. Because the encryption & decryption operations are performed at a layer below NTFS, it is transparent to the user and all their applications.
Box 1: User1, User2, and Administrator
Box 2: User1, User2, and Administrator
All three are members of the Users group that has Full control permissions to Folder1, Folder2, and Folder3.
Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.
You plan to share Folder1. Everyone will have Read share permissions, and administrators will have Full control share permission.
You need to prevent the share from appearing when users browse the network.
What should you do?
- A. Enable access-based enumeration.
- B. Deny the List NTFS permissions on Folder1.
- C. Add Folder1 to a domain-based DFS namespace.
- D. Name the share Folder1$.
Answer : D
Explanation:
Appending a dollar sign to share name prevents a share from appearing when users browse the network.
Incorrect Answers:
Access-based enumeration will hide the share from anyone who doesnג€™t have permission to access the share. However, as ג€˜Everyoneג€™ has Read access to the share, the share would appear for everyone when they browse the network.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.
Does this meet the goal?
- A. Yes
- B. No
Answer : A
Explanation:
Files and folders are objects and are audited through object access.
References:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html
You have a computer named Computer1 that runs Windows 10.
On Computer1, you turn on File History.
You need to protect a folder named D:\Folder1 by using File History.
What should you do?
- A. From File Explorer, modify the Security settings of D:\Folder1
- B. From Backup and Restore (Windows 7), modify the backup settings
- C. From the Settings app, configure the Backup settings
- D. From File History in Control Panel, configure the Advanced settings
Answer : C
Explanation:
To configure File History, click More options on the Backup screen. The Backup options screen allows you to set how often File History backs up your files and how long versions are saved.
Reference:
https://www.groovypost.com/howto/configure-windows-10-file-history/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.
You need to log which user reads the contents of the folder and modifies and deletes files in the folder.
Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit system events.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Explanation:
Files and folders are objects and are audited through object access, not though system events.
References:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 10921597 -
You need to create a file named File1.txt in a folder named Folder1 on the C drive of Client2. You need to ensure that a user named User1 can read the contents of File1.txt. The solution must prevent User1 from modifying the file.
To complete this task, sign in to Client2 and perform the required action.
Answer : See explanation below.
Explanation:
1. After creating File1.txt in Folder1, right-click the file and select Properties.
2. Access the Security tab, click Disable inheritance
3. Click on Remove all inherited permissions from this object, click Apply, and select Yes in the dialog box that appears.
4. Click OK
5. Back on the Security tab select Edit to change permissions.
6. Click Add, then enter User1 in the Enter the object names to select section.
7. Click Check Names, and then click OK.
8. Check only the Read box in the Allow column.
9. Click apply, Ok, and OK
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 11145882 -
Users in the Finance group report that they cannot copy files to Client1\Finance.
You need to resolve the issue.
To complete this task, sign in to the required computer or computers.
Answer : See explanation below.
Explanation:
1. Open File Explorer.
2. Browse and find the file or folder you want to have full access.
3. Right-click it, and select Properties.
4. Click the Security tab to access the NTFS permissions.
5. Click the Advanced button.
6. On the "Advanced Security Settings" page, you need to click the Change link, in the Owner's field.
7. Click the Advanced button.
8. On the "Select User or Group" page, click the Find Now button.
9. From the search result, select your user account, and click OK.
10.On the "Select User or Group" page, click OK.
11.Click Apply.
12.Click OK.
13.Click OK again.
14.Click OK one more time to complete this task.
It's important to note that if you're taking ownership of a folder, you can check the Replace ownership on subcontainers and object option in the Advanced
Security Settings page to take control of the subfolders inside of the folder.
Now you'll need to grant full access control to your account, to do this use the following steps:
1. Right-click the file or folder and select Properties.
2. Click the Security tab to access the NTFS permissions.
3. Click the Advanced button.
4. Under the Permissions tab, click Add.
5. Click Select a principal to add your user account.
6. On the "Select User or Group" page, click the Find Now button.
7. From the search result, select your user account, and click OK.
8. On the "Select User or Group" page, click OK.
9. On "Permission Entry", check the Full control option.
10.Click OK.
11.Click OK.
12.Click Apply.
13.Click OK.
14.Click OK to close the file or folder properties to complete the task.
You can now assign the necessary permissions to the Finance group.
If you right-click on a file or folder, choose Properties and click on the Security tab, we can now try to edit some permissions. Go ahead and click the Edit button to get started.
At this point, there are a couple of things you can do. Firstly, youג€™ll notice that the Allow column is probably greyed out and canג€™t be edited. This is because of the inheritance I was talking about earlier. However, you can check items on the Deny column.
When you click the Add button, you have to type in the user name or group name into the box and then click on Check Names to make sure itג€™s correct. If you donג€™t remember the user or group name, click on the Advanced button and then just click Find Now. It will show you all the users and groups.
Click OK and the user or group will be added to the access control list. Now you can check the Allow column or Deny column.
Reference:
https://www.windowscentral.com/how-take-ownership-files-and-folders-windows-10 https://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.
Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:
Lab Instance: 10921597 -
You need to enable the Prohibit User from manually redirecting Profile Folders Group Policy setting only for the administrative users of Client3.
To complete this task, sign in to the required computer or computers.
Answer : See explanation below.
Explanation:
1. Open the Administrator Group Local Group Policy Editor.
2. In the left pane, click on User Configuration, Administrative Templates, and Desktop.
3. In the right pane, right click on Prohibit User from Manually redirecting Profile Folders and click on Properties.
4. To Prevent User Profile Folders Location Change
Select (dot) Enabled and click on OK.
5. Close the Local Group Policy Editor window.
References:
https://www.vistax64.com/threads/user-profile-folders-prevent-or-allow-location-change.180719/