Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You need to configure a computer to encrypt all inbound connections by using IPSec.
What should you do?
A. From Network and Sharing Center, click Connect to a network.
B. From Network and Sharing Center, click Set up a new connection or network.
C. From Windows Firewall with Advanced Security, click Inbound Rules and then click New Rule.
D. From Windows Firewall with Advanced Security, click Connection Security Rules and then click New Rule.
Answer: D
Explanation:
Connection Security Rules Connection security rules are a special type of rule that deal with authenticated and encrypted traffic. You can use connection security rules to manage how communication occurs between different hosts on the network. You use the New Connection Security Rule Wizard, to create connection security rules. Connections can be authenticated using the Kerberos V5 protocol requiring a domain computer and user account or a domain computer account. If you select advanced properties, connections can be authenticated using NTLMv2, computer certificates from a particular certificate authority (CA) or using a pre-shared key.Connection Security Rules and IPSec policies The relationship between connection security rules and IPSec policies is similar to the relationship between AppLocker and Software Restriction Policies. Both sets of rules do similar things, but the ones that you use depend on the operating systems used by the client computers in your organization. All editions of Windows 7 and Windows Vista support connection security rules, but Windows XP does not.
Q2. - (Topic 3)
You have a computer that contains a DVD drive and a single 350-GB hard disk drive. You attempt to install Windows 7 on the computer by using the DVD installation media and receive the following error message: "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device."
You need to ensure that you can install Windows 7 on the computer by using the DVD installation media.
What should you do?
A. From the BIOS, modify the startup order.
B. From the BIOS, enable Pre-Boot Execution Environment (PXE).
C. Create an answer file named oobe.xml and place the file on the hard disk drive.
D. Create an answer file named autounattend.xml and place the file on the hard disk drive.
Answer: A
Explanation: To install Windows 7 from a DVD-ROM, boot from the DVD-ROM drive and follow the prompts. You may need to configure the computer's BIOS to support booting from DVD-ROM. If a computer does not have a DVD-ROM drive attached, you can still install from DVD-ROM—you just need to acquire a USB DVD-ROM drive. In this case, it will be necessary to configure the computer's BIOS to boot from the USB device.
Q3. - (Topic 6)
A company has Windows 7 Enterprise computers that use BitLocker drive encryption on operating system drives.
You need to configure multi-factor authentication before client computers are booted into Windows.
On each client computer, what should you do?
A. Configure a TPM PIN.
B. Implement fingerprint authentication.
C. Implement a Dynamic Access Control policy.
D. Install a standalone certification authority server.
Answer: A
Explanation: BitLocker supports multifactor authentication for operating system drives. If you enable BitLocker on a computer that has a TPM version 1.2, you can use additional forms of authentication with the TPM protection. BitLocker offers the option to lock the normal boot process until the user supplies a personal identification number (PIN) or inserts a USB device (such as a flash drive) that contains a BitLocker startup key, or both the PIN and the USB device can be required. These additional security measures provide multifactor authentication and help ensure that the computer will not start or resume from hibernation until the correct authentication method is presented.
Q4. - (Topic 1)
You start a computer by using Windows Preinstallation Environment (Windows PE).
You need to dynamically load a network adapter device driver in Windows PE.
What should you do?
A. Run Peimg.exe and specify the device driver path.
B. Run Drvload.exe and specify the device driver path.
C. Run Winpeshl.exe and specify a custom Winpeshl.ini file.
D. Run Wpeutil.exe and specify the InitializeNetwork command.
Answer: B
Explanation:
Drvload The Drvload tool adds out-of-box drivers to a booted Windows PE image. It takes one or more driver .inf files as inputs. To add a driver to an offline Windows PE image, use the peimg tool.NOT WinpeshlWinpeshl.ini controls whether a customized shell is loaded in Windows PE instead of the default Command Prompt window. To load a customized shell, create a file named Winpeshl.ini and place it in %SYSTEMROOT% \System32 of your customized Windows PE image. The .ini file must have the following section and entry.NOT WpeutilThe Windows PE utility (Wpeutil) is a command-line tool that enables you to run various commands in a Windows PE session. For example, you can shut down or restart Windows PE, enable or disable a firewall, set language settings, and initialize a network.
Q5. - (Topic 2)
You have a computer that runs Windows 7. Multiple users log on to the computer. The computer has five removable devices.
You need to ensure that users can only access removable devices that have been previously installed on the computer.
What should you modify in the Local Group Policy?
A. Enable the Prevent redirection of USB devices setting.
B. Enable the Prevent installation of removable devices setting.
C. Disable the WPD Devices: Deny read access setting.
D. Disable the Allow administrators to override Device Installation Restriction policies setting.
Answer: B
Explanation:
Prevent installation of removable devices This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings. NOT Prevent redirection of USB devicesThis policy setting prevents redirection of USB devices. If you enable this setting, an alternate driver for USB devices cannot be loaded. If you disable or do not configure this setting, an alternate driver for USB devices can be loaded.
Q6. - (Topic 2)
You have a customized image of Windows 7 Professional.
You need to create a new unattended file to automate the deployment of the image. You must achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A. Run Imagex.exe and specify the /mount parameter.
B. Run Dism.exe and specify the /mount-WIM parameter.
C. From Microsoft Deployment Toolkit (MDT), add the custom Windows image (WIM).
D. From Windows System Image Manager (Windows SIM), open the custom Windows image (WIM).
Answer: D
Explanation:
Windows SIMOpens Windows images, creates answer files, and manages distribution shares and configuration sets.NOT DismDeployment Image Servicing and Management (DISM) is a command-line tool used to service Windows. images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system.NOT ImagexImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack./mountMounts a .wim file from Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1 (SP1), or Windows Vista with read-only permission to a specified directory. Once the file is mounted, you may view, but not modify, all the information contained in the directory.NOT MDT MDT 2010 is the Microsoft solution accelerator for operating system and application deployment and offers flexible driver management, optimized transaction processing, and access to distribution shares from any location. You can use the MDT on imaging and deployment servers to implement the automatic deployment of Windows 7 (for example) on client computers. It is possible to run MDT 2010 on a client running Windows 7, but in practice it would typically run from a distribution server running Windows Server 2008. The MDT provides detailed guidance and job aids and offers a common deployment console that contains unified tools and processes that you can use for client and server deployment. The toolkit offers standardized desktop and server images, along with improved security and ongoing configuration management.
Q7. - (Topic 1)
Which of the following operating systems support an offline migration using USMT? Choose three.
A. Windows 2000 Professional
B. Windows XP Professional
C. Windows Vista
D. Windows 7
Answer: B,C,D
Q8. - (Topic 5)
You administer computers that have Windows 7 and Internet Explorer 8 installed.
You want to log on to one of the computers and access a web-based management application that runs on a server by using Internet Explorer.
You need to ensure that any data about your browser session is not saved on the computer.
What should you do?
A. Disable Internet Connection Sharing.
B. From Internet Options, select Delete browsing history on exit.
C. Start the Microsoft Network Access Protection service.
D. From the Safety drop-down menu, configure InPrivate Filtering.
Answer: B
Q9. - (Topic 6)
You have a computer that runs Windows 7.
The computer's hard disks are configured as shown in the following table.
You need to ensure that you can recover the operating system and all the files on the computer if hard disk 0 experiences hardware failure.
What should you do?
A. Use the Backup and Restore tool to create a system image on an external hard disk.
B. Create a restore point for both hard disks.
C. Use the Backup and Restore tool to back up data files for all users.
D. Shrink drive C and then create a new partition.
Answer: A
Explanation: System Image in Windows 7 The new backup utilities in Windows 7 are actually pretty impressive and creating an image will be possible in all versions. Today we take a look at creating a backup image of your machine without the need for a third party utility like Ghost or True Image.
You are just finished installing a fresh copy of Windows 7 on your computer and have it set up to your liking. One of the first things you should do now is create an image of the disc so in the event of a crash you will be able to restore it to its current state. An image is an exact copy of everything on the drive and will restore it back to its current state. It's probably best to create an image when everything is clean and organized on your system. This will make the image file smaller and allows you to restore the system with a smooth running set up.
Q10. - (Topic 3)
You plan to capture a Windows 7 image by using the Windows Preinstallation Environment (Windows PE).
You need to ensure that Windows PE supports the Windows Scripting Host (WSH).
Which tool should you use?
A. Bcdedit.exe
B. Dism.exe
C. Imagex.exe
D. Oscdimg.exe
Answer: B
Explanation:
DismDeployment Image Servicing and Management (DISM) is a command-line tool used to service Windows. images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system. Windows 7 introduces the DISM command-line tool. You can use DISM to service a Windows image or to prepare a Windows PE image. DISM replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg in Windows Vista, and includes new features to improve the experience for offline servicing. You can use DISM to perform the following actions:
-Prepare a Windows PE image.- Enable or disable Windows features within an image.-Upgrade a Windows image to a different edition.- Add, remove, and enumerate packages.-Add, remove, and enumerate drivers.- Apply changes based on the offline servicing section of an unattended answer file.- Configure international settings.- Implement powerful logging features.- Service operating systems such as Windows Vista with SP1 and Windows Server 2008.- Service a 32-bit image from a 64-bit host and service a 64-bit image from a 32-bit host.- Service all platforms (32-bit, 64-bit, and Itanium).- Use existing Package Manager scripts.
DISM Command-Line Options To service a Windows image offline, you must apply or mount it. WIM images can be mounted using the WIM commands within DISM, or applied and then recaptured using ImageX. You can also use the WIM commands to list the indexes or verify the architecture for the image you are mounting. After you update the image, you must dismount it and then either commit or discard the changes you have made.NOT BcdeditBCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements: BCDEdit exposes a wider range of boot options than Bootcfg.exe, and BCDEdit has improved scripting support.NOT ImagexImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack.NOT
OscdimgOscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of Windows PE. You can then burn that .iso file to a CD-ROM or DVD-ROM. Oscdimg supports ISO 9660, Joliet, and Universal Disk Format (UDF) file systems.
Q11. - (Topic 1)
You have a computer named Computer1 that runs Windows Vista and a computer named Computer2 that runs Windows 7. You plan to migrate all profiles and user files from Computer1 to Computer2.
You need to identify how much space is required to complete the migration.
What should you do?
A. On Computer1 run Loadstate c:\store /nocompress
B. On Computer1 run Scanstate c:\store /nocompress /p
C. On Computer2 run Loadstate \\computer1\store /nocompress
D. On Computer2 run Scanstate \\computer1\store /nocompress /p
Answer: B
Explanation:
ScanState You run ScanState on the source computer during the migration. You must run ScanState.exe on computers running Windows Vista and Windows 7 from an administrative command prompt. When running ScanState on a source computer that has Windows XP installed, you need to run it as a user that is a member of the local administrators group. The following command creates an encrypted store named Mystore on the file share named Migration on the file server named Fileserver that uses the encryption key Mykey: scanstate \\fileserver\migration\mystore /i:migapp.xml /i:miguser.xml /o /config:config.xml /encrypt /key:"mykey" Space Estimations for the Migration StoreWhen the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file: Scanstate.exe C:\MigrationLocation [additional parameters] /p:"C:\MigrationStoreSize.xml" To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying "pathtoafile", in USMT 4.0. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT 3.x releases. User State Migration ToolUSMT 4.0 is a command-line utility that allows you to automate the process of user profile migration. The USMT is part of the Windows Automated Installation Kit (WAIK) and is a better tool for performing a large number of profile migrations than Windows Easy Transfer. The USMT can write data to a removable USB storage device or a network share but cannot perform a direct side-by-side migration over the network from the source to the destination computer. The USMT does not support user profile migration using the Windows Easy Transfer cable. USMT migration occurs in two phases, exporting profile data from the source computer using ScanState and importing profile data on the destination computer using LoadState.
Q12. - (Topic 2)
You have a dual boot PC running both Vista and Windows 7 on partitions on the computer. Which file would you edit to force the PC to book Vista by default?
A. boot.ini
B. ntfsboot.cfg
C. bcdedit.exe
D. system.cfg
Answer: C
Q13. - (Topic 3)
You need to back up your Encrypting File System (EFS) certificate. You must achieve this goal in the minimum amount of time.
What should you do?
A. Run Cipher.exe /x.
B. Run Ntbackup.exe /p.
C. From Backup and Restore, click Back up now.
D. From Backup and Restore, click Create a system image.
Answer: A
Explanation:
Cipher is used to manage certificates.
NOT Backup and Restore:Only the EFS certificate needs to be backed up and time is a factor.
Q14. HOTSPOT - (Topic 4)
A company has client computers that run Windows 7. You create an AppLocker policy for the client computers.
You need to ensure that the AppLocker policy is enforced after the computers restart.
Which service startup type should you use? (To answer, select the appropriate setting or settings in the work area.)
Answer:
Q15. - (Topic 1)
You have a computer named Computer1 that runs Windows 7. The computer is a member of an Active Directory domain. The network contains a file server named Server1 that runs Windows Server 2008.
You log on to the computer by using an account named User1.
You need to ensure that when you connect to Server1, you authenticate by using an account named Admin1.
What should you do on Computer1?
A. From User Accounts, select Link online IDs.
B. From Windows CardSpace, select Add a card.
C. From Credential Manager, select Add a Windows credential.
D. From Local Security Policy, modify the Access this computer from the network user right.
Answer: C
Explanation:
Credential Manager Credential Manager stores logon user name and passwords for network resources, including file servers, Web sites, and terminal services servers. Credential Manager stores user name and password data in the Windows Vault. You can back up the Windows Vault and restore it on other computers running Windows 7 as a method of transferring saved credentials from one computer to another. Although Credential Manager can be used to back up some forms of digital certificates, it cannot be used to back up and restore the self-signed Encrypting File System (EFS) certificates that Windows 7 generates automatically when you encrypt a file. For this reason, you must back up EFS certificates using other tools. You will learn about backing up EFS certificates later in this lesson.