Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 3)
You have a computer that runs Windows 7.
You have an application control policy on the computer.
You discover that the policy is not enforced on the computer.
You open the Services snap-in as shown in the exhibit. (Click the Exhibit button.)
You need to enforce the application control policy on the computer.
What should you do?
A. Set the Application Identity service Startup Type to Automatic and start the service.
B. Set the Application Information service Startup Type to Automatic and start the service.
C. Set the Application Management service Startup Type to Automatic and start the service.
D. Set the Application Experience service Startup Type to Automatic and start the service.
Answer: A
Explanation:
Application Identity service AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies
Q2. - (Topic 1)
You have a computer that runs Windows 7.
You need to configure the computer to download updates from a local Windows Server Update Services (WSUS) server. What should you do?
A. From Windows Update, modify the Windows Update settings.
B. From the local Group Policy, modify the Windows Update settings.
C. From the System settings, modify the System Protection settings.
D. From the local Group Policy, modify the Location and Sensors settings.
Answer: B
Q3. - (Topic 4)
A company has client computers that run Windows 7 Enterprise.
A user is asked to remove encryption from a locally saved folder so that other users can read and write to that folder.
You need to verify that the folder is not encrypted with the Encrypting File System (EFS).
What should you use to accomplish this goal?
A. Device Manager
B. Local Users and Groups
C. the User Account Control Settings Control Panel window
D. the icacls command
E. the Group Policy management console
F. share permissions
G. the netsh command
H. the Services management console
I. the folder Properties window
Answer: I
Explanation:
http://technet.microsoft.com/en-us/windows/how-do-i-get-started-with-the-encrypting-file-system-in-windows-7.aspx
Q4. - (Topic 4)
A company has client computers that run Windows 7 Enterprise.
You need to ensure that only signed and validated executable files are run with elevated privileges.
What should you use to achieve this goal?
A. the folder properties window
B. the icacls command
C. Device Manager
D. share permissions
E. the Group Policy management console
F. Local Users and Groups
G. the netsh command
H. the Services management console
I. the User Account Control Settings Controal Panel window
Answer: E
Explanation:
http://www.mcmcse.com/microsoft/guides/70-680/configure_uac.shtml Accessed through secpol.msc too
Q5. - (Topic 6)
A user in your company wants to upgrade a Windows Vista Business computer to Windows
7.
You need to upgrade the computer to the minimum Windows 7 edition that meets the following requirements:
BitLockerTo Go
DirectAccess
Which Windows 7 edition should you choose?
A. Windows 7 Home Premium
B. Windows 7 Professional
C. Windows 7 Home Basic
D. Windows 7 Ultimate
Answer: D
Q6. - (Topic 4)
You administer client computers that have Windows 7 Professional 64-bit installed. All the computers are members of a single Active Directory Domain.
You need to prevent users from installing non-trusted device drivers.
What should you do?
A. Enable the Code signing for device drivers in a domain Group Policy.
B. Disable the Code signing for device drivers in a domain Group Policy.
C. Add each user to the Domain Admins group.
D. Run the SigVerif.exe command on each computer.
Answer: A
Explanation:
Can't see any of the rest PREVENTING users from installing non trusted devices - but Sigverig does highlight them.
Q7. - (Topic 3)
You have two computers named Computer1 and Computer2 that run Windows 7. Computer1 has two local user accounts named User1 and User2. On Computer1, you run Scanstate.exe /all \\server1\data\computer1. On Computer2, you run Loadstate.exe /lac:Pa$$w0rd \\server1\data\computer1.
You need to ensure that User1 and User2 can log on to Computer2.
What should you do on Computer2?
A. Enable all user accounts
B. Modify the default password policy
C. Modify the Allow log on locally user right
D. Add User1 and User2 to the local Administrators group
Answer: A
Explanation:
LoadState is run on the destination computer. You should install all applications that were on the source computer on the destination before you run LoadState. You must run Loadstate. exe on computers running Windows Vista and Windows 7 from an administrative command prompt. To load profile data from an encrypted store named Mystore that is stored on a share named Migration on a file server named Fileserver and which is encrypted with the encryption key Mykey, use this command: loadstate \\fileserver\migration\mystore /i:migapp.xml /i:miguser.xml /decrypt /key:"mykey"
(local account create) /lac:[Password] Specifies that if a user account is a local (non-domain) account, and it does not exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the /lae option. If the /lac option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated. Password is the password for the newly created account. An empty password is used by default.
Q8. - (Topic 6)
You have a computer that runs Windows 7. The computer is a member of a workgroup.
You use Encrypting File System (EFS) to protect your local files.
You need to ensure that you can decrypt EFS files on the computer if you forget your password.
What should you do?
A. From User Accounts, select Manage your file encryption certificates.
B. From Credential Manager, select Back up vault.
C. From BitLocker Drive Encryption, select Manage BitLocker and Turn On BitLocker.
D. From Authorization Manager, modify the Authorization Manager options.
Answer: A
Explanation: Make sure you have a backup of the appropriate encryption certificates
Q9. HOTSPOT - (Topic 4)
You use a computer that has Windows 7 installed. You install a legacy application named LegApp.
LegApp is designed for Windows 98 and does not support the 16-bit or 32-bit color quality setting.
You need to configure application compatibility settings for LegApp to meet the following requirements:
. Compatible with Windows 98
. The 8-bit color quality setting must be used
What should you do? (To answer, configure the appropriate option or options in the dialog box in the answer area.)
Answer:
Q10. - (Topic 2)
You have a computer that runs Windows 7. IPv6 is disabled on the computer.
The computer has the following IPv4 settings:
IP address: 10.1.1.193
Subnet mask: 25S.255.0.0
Default gateway: 10.1.1.194
. Preferred DNS server: 10.1.1.195
You need to ensure that the computer can only communicate with computers on the local subnet.
What should you do?
A. Delete the default gateway address.
B. Delete the preferred DNS server IP address
C. Configure the subnet mask to use 255.255.255.0
D. Configure the subnet mask to use 255.255.255.192
Answer: A
Explanation:
Why gateways work Default gateways are important to make IP routing work efficiently. In most cases, the router that acts as the default gateway for TCP/IP hosts--either a dedicated router or a computer that connects two or more network segments--maintains knowledge of other networks in the larger network and how to reach them. TCP/IP hosts rely on default gateways for most of their communication needs with hosts on remote network segments. In this way, individual hosts are freed of the burden of having to maintain extensive and continuously updated knowledge about individual remote IP network segments. Only the router that acts as the default gateway needs to maintain this level of routing knowledge to reach other remote network segments in the larger internetwork. If the default gateway fails, communication beyond the local network segment may be impaired. To prevent this, you can use the Advanced TCP/IP Settings dialog box (in Network Connections) for each connection to specify multiple default gateways. You can also use the route command to manually add routes to the routing table for heavily used hosts or networks.
Q11. - (Topic 1)
You have a computer that runs Windows 7. Your company has three custom applications named app1.exe, app2.exe, and app3.exe. The applications have been digitally signed by the company.
You need to create a policy that allows only applications that have been digitally signed by the company to run.
What should you create?
A. an AppLocker executable rule
B. an AppLocker Windows Installer rule
C. a software restriction policy and a certificate rule
D. a software restriction policy and a hash rule
Answer: A
Q12. - (Topic 5)
You use a computer that has Windows 7 SP1 installed. The computer has a shared folder named C:\Software.
User1 is a local user account on the computer. The account is a member of several groups that have access to the C:\Software folder.
You need to verify whether User1 can save files to C:\Software.
What should you do?
A. Run the Net Share command.
B. Run the Wfs C:\Software command.
C. In the Advanced Security Settings for the Documents folder, select the Effective Permissions tab.
D. Run the Fsutil C:\Software command.
Answer: C
Explanation: To view effective permissions on files and folders . Open Windows Explorer, and then locate the file or folder for which you want to view effective permissions.
Right-click the file or folder, click Properties, and then click the Security tab.
Click Advanced, click the Effective Permissions tab, and then click Select.
In Enter the object name to select (examples), enter the name of a user or group, and then click OK. The selected check boxes indicate the effective permissions of the user or group for that file or folder.
Q13. DRAG DROP - (Topic 6)
A company has client computers that run Windows Vista.
You need to install Windows 7 on a client computer in a dual-boot configuration with the existing Windows Vista installation, without reducing the size of the partition that contains Windows Vista.
Which actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
Q14. - (Topic 2)
You have a computer that runs windows 7.
The computer is configured as shown in the following table.
You plan to install a new application that requires 40 GB of space. The application will be installed to C:\app1.
You need to provide 40 GB of free space for the application.
What should you do?
A. Create a shortcut.
B. Create hard link.
C. Create a mount point.
D. Change the quota settings.
Answer: C
Explanation:
Assign a mount point folder path to a driveYou can use Disk Management to assign a mount-point folder path (rather than a drive letter) to the drive. Mount-point folder paths are available only on empty folders on basic or dynamic NTFS volumes.Volume Mount PointsVolume mount points are new system objects in the internal namespace of Windows 2000 that represent storage volumes in a persistent, robust manner. This feature allows multiple disk volumes to be linked into a single tree, similar to the way Dfs links remote network shares. You can have many disk volumes linked together, with only a single drive letter pointing to the root volume. The combination of an NTFS junction and a Windows 2000 volume mount point can be used to graft multiple volumes into the namespace of a host NTFS volume. Windows 2000 offers this new mounting feature as an alternative to drive letters so system administrators can transcend the 26-drive letter limit that exists in Windows NT. Volume mount points are robust against system changes that occur when devices are added or removed from a computer. Important-icon Important A volume is a self-contained unit of storage administered by a file system. The file system that administers the storage in a volume defines a namespace for the volume. A volume mount point is a directory name in an NTFS file system that denotes the root of an arbitrary volume. A volume mount point can be placed in any empty directory of the namespace of the containing NTFS volume. Because volumes can be denoted by arbitrary directory names, they are not required to have a traditional drive letter. Placing a volume mount point on an NTFS directory causes the storage subsystem to resolve the directory to a specified local volume. This "mounting" is done transparently and does not require a drive letter to represent the volume. A Windows 2000 mount point always resolves to the root directory of the desired volume. Volume mount points require that the version of NTFS included with Windows 2000 be used because they are based on NTFS reparse points.
Q15. - (Topic 2)
You have two computers on the same subnet. The computers have the IPv6 addresses shown in the following table.
You need to test the connection to the IPv6 address from Computer1 to Computer2.
Which command should you run?
A. Ping -6 fe80::44df:1b68%12
B. Ping -6 fe80::44df:1b68%10
C. Ping -R fe80::44df:1b68%12
D. Ping -R fe80::44df:1b68%10
Answer: B
Explanation:
1073 40112
If you are pinging from one host to another using link-local addresses, you also need to include your interface ID, for example ping fe80::39cd:4c93%10.
The % character followed by a number after each IPv6 address is the interface ID.
If you want to display the configuration of the IPv6 interfaces on the local computer, you can enter netsh interface ipv6 show address.
Ping -6
Force using IPv6.