Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 2)
You have a computer that runs windows 7 professional.
A removable drive is attached to the computer.
You need to protect data on the removable drive by using Bitlocker To Go.
What should you do first?
A. Upgrade the computer to Windows 7 Enterprise.
B. Install all Windows Updates for Windows 7 Professional.
C. Issue a digital certificate for the Encryption File System (EFS).
D. Select the Encrypt contents to secure data checkbox from the properties on the removable drive.
Answer: A
Explanation:
Windows 7 ProfessionalWindows 7 Professional is available from retailers and on new computers installed by manufacturers. It supports all the features available in Windows Home Premium, but you can join computers with this operating system installed to a domain. It supports EFS and Remote Desktop Host but does not support enterprise features such as AppLocker, DirectAccess, BitLocker, and BranchCache.Windows 7 Enterprise and Ultimate EditionsThe Windows 7 Enterprise and Ultimate editions are identical except for the fact that Windows 7 Enterprise is available only to Microsoft's volume licensing customers, and Windows 7 Ultimate is available from retailers and on new computers installed by manufacturers. The Enterprise and Ultimate editions support all the features available in other Windows 7 editions but also support all the enterprise features such as EFS, Remote Desktop Host, AppLocker, DirectAccess, BitLocker, BranchCache, and Boot from VHD.
Q2. - (Topic 5)
Your company has an Active Directory domain and several branch locations. A Group Policy Object (GPO) exists for each branch office and for the main office. Computer accounts for computers used by sales employees are located in the Sales-Computers organizational unit (OU).
The sales employees use portable computers that have Windows 7 Enterprise installed.
Employees report that the documents that must be printed are sent to printers in their home office when they travel to the different branch offices.
You need to ensure that documents are printed automatically to the correct printer when the sales employees travel to a branch office.
What should you do first?
A. From Devices and Printers, select Change my default printer when I change networks.
B. Publish all printers to Active Directory.
C. Link the GPO of the branch offices to the Sales-Computers OU.
D. From Print Management, select the branch office printer, and select set as default from the Printer menu.
E. From the Network and Sharing Center, select Advanced sharing settings, and then select Turn on file and printer sharing.
Answer: A
Q3. - (Topic 2)
Your computer running Windows 7 Enterprise has two internal hard disks.
System protection is configured by default on the C: drive, which holds the operating system and installed applications.
The D: drive is a 500-GB hard disk formatted with the NTFS filing system, and you use it to store your personal files.
You want to store previous versions going back several months and therefore intend to reserve 200 GB of this disk for system protection.
You are not using either of your internal disks for backup; instead, you store your backups on a 1-TB external USB hard disk.
How do you configure system protection on your D: drive? (Choose all that apply; each answer forms part of the complete solution.)
A. Select Restore System Settings And Previous Versions Of Files
B. Select Only Restore Previous Versions Of Files
C. Set the Max Usage slider control to 40 percent
D. Set the Max Usage slider control to 4 percent
Answer: B,C
Q4. - (Topic 1)
You have a stand-alone computer named Computer1 that runs Windows 7. Several users share Computer1.
You need to prevent all users who are members of a group named Group1 from running Windows Media Player. All other users must be allowed to run Windows Media Player.
You must achieve this goal by using the least amount of administrative effort. What should you do?
A. From Software Restriction Policies, create a path rule.
B. From Software Restriction Policies, create a hash rule.
C. From Application Control Policies, create the default rules.
D. From Application Control Policies, create an executable rule.
Answer: D
Explanation:
Executable Rules Executable rules apply to files that have .exe and .com file extensions. AppLocker policies are primarily about executable files, and it is likely that the majority of the AppLocker policies that you work with in your organizational environment will involve executable rules. The default executable rules are path rules that allow everyone to execute all applications in the Program Files folder and the Windows folder. The default rules also allow members of the administrators group to execute applications in any location on the computer. It is necessary to use the default executable rules, or rules that mirror their functionality, because Windows does not function properly unless certain applications, covered by these default rules, are allowed to execute. When you create a rule, the scope of the rule is set to Everyone, even though there is not a local group named Everyone. If you choose to modify the rule, you can select a specific security group or user account. NOT Default rulesDefault rules are a set of rules that can be created automatically and which allow access to default Windows and program files. Default rules are necessary because AppLocker has a built-in fallback block rule that restricts the execution of any application that is not subject to an Allow rule. This means that when you enable AppLocker, you cannot execute any application, script, or installer that does not fall under an Allow rule. There are different default rules for each rule type. The default rules for each rule type are general and can be tailored by administrators specifically for their environments. For example, the default executable rules are path rules. Security-minded administrators might replace the default rules with publisher or hash rules because these are more secure.NOT Path RulesPath rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: \Program files\Application\App.exe to Unrestricted and one that sets the folder C:\Program files\Application to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:\Program files\Application\*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:\Apps\Filesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed.NOT Hash RulesHash rules, work through the generation of a digital fingerprint that identifies a file based on its binary characteristics. This means that a file that you create a hash rule for will be identifiable regardless of the name assigned to it or the location from which you access it. Hash rules work on any file and do not require the file to have a digital signature. The drawback of hash rules is that you need to create them on a per-file basis. You cannot create hash rules automatically for Software Restriction Policies; you must generate each rule manually. You must also modify hash rules each time that you apply a software update to an application that is the subject of a hash rule. Software updates modify the binary properties of the file, which means that the modified file does not match the original digital fingerprint.
Q5. - (Topic 3)
Your network contains computers that run either Windows Vista (x86) or Windows 7 (x86). All computers are joined to a domain.
You install a computer named Computer1 that runs Windows 7 (64-bit). You share a printer named Printer1 on Computer1.
You need to ensure that any user can automatically download and install the drivers for Printer1.
What should you do from Printer Properties?
A. Install a new driver.
B. Enable bidirectional support.
C. Modify the Additional Drivers settings.
D. Assign the Manage this printer permission to the Domain Users group.
Answer: C
Explanation:
If you are going to be sharing a printer with computers running previous versions of Microsoft Windows, you can add the drivers for the printer using Additional Drivers. When you add additional drivers, other computers on the network that do not have the printer drivers installed are able to download them from the computer that is sharing the printer.
Q6. - (Topic 3)
Your network has a main office and a branch office.
The branch office has five client computers that run Windows 7 and a server that runs Windows Server 2008 R2. The branch office server is enabled for BranchCache.
You need to configure Windows Firewall on each client computer so that cached content can be retrieved from the branch office server.
Which firewall rule should you enable on the client computers?
A. BranchCache - Content Retrieval (Uses HTTP)
B. BranchCache - Hosted Cache Server (Uses HTTPS)
C. BranchCache - Peer Discovery (Uses WSD)
D. File and Printer Sharing
Answer: A
Explanation:
Configure domain member client distributed cache mode firewall rules When you configure BranchCache in distributed cache mode, BranchCache client computers use the Hypertext Transfer Protocol (HTTP) for data transfer with other client computers. BranchCache client computers also use the Web Services Dynamic Discovery (WS-Discovery) protocol when they attempt to discover content on client cache servers. You can use this procedure to configure client firewall exceptions to allow incoming HTTP and WS-Discovery traffic on client computers that are configured for distributed cache mode. The BranchCache – Content Retrieval (Uses HTTP) predefined rule. If this rule is not available, create rules that allow inbound and outbound traffic on TCP port 80. This rule is required for both Hosted Cache and Distributed Cache mode. The BranchCache – Peer-Discovery (Uses WSD) predefined rule. If this rule is not available, create rules that allow inbound and outbound traffic on UDP port 3702. This rule is only required when using Distributed Cache mode. The BranchCache – Hosted Cache Client (HTTPS-Out) predefined rule. It this rule is not available, configure a rule that allows outbound traffic on TCP port 443. This rule is required only when using Hosted Cache mode.
Q7. - (Topic 5)
You manage several client computers in an organization.
You need to ensure that all users, including administrators, are required to enter a username and password when uninstalling applications from any computer in the organization.
What should you do?
A. Create a custom GPO to modify the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting.
B. Configure an AppLocker Windows Installer rule.
C. Configure the User Account Control (UAC) settings on all client computers to always notify.
D. Create a custom GPO to configure a software restriction policy.
Answer: A
Q8. - (Topic 3)
You have a computer named Computer1 that runs Windows 7. You have a server named Server1 that runs Windows Server 2008.
Computer1 and Server1 have IPv4 and IPv6 installed.
You need to identify whether you can connect to Server1 by using IPv6.
What should you do?
A. Run Ping Server1 -6.
B. Run Ping Server1- n 6.
C. Run Net view \\Server1.
D. Open \\server1 from the Run dialog box.
Answer: A
Explanation:
Ping The Ping tool is still widely used, although more firewalls block Internet Control Message Protocol (ICMP) echo requests than used to be the case. However, even if you cannot get past a firewall on your organization's network, Ping is still useful. You can check that the IPv4 protocol is working on a computer by entering ping 127.0.0.1. You can then ping the IPv4 address of the computer. You can find out what this is by using the Ipconfig tool. If your computer has more than one interface combined in a network bridge, you can ping the Ipv4 address of the network bridge. When you have established that you can ping your computer using an Ipv4 address, you can test that DNS is working internally on your network (assuming you are connected to a DNS server, a WAP, or have ICS configured on your network) by pinging your computer name—for example, entering ping canberra. Note that if DNS is not implemented on your system, ping canberra still works because the IPv6 link-local address resolves automatically. -6 Force using IPv6.
Q9. - (Topic 5)
Your company network includes a Windows Server 2008 R2 server named Server1 and client computers that have Windows 7 installed. All computers are members of an Active Directory domain. You use a computer named Client1.
You plan to collect events from Client1 on Server1 by using HTTPS. On Server1, you start and configure the Windows Event Collector service. On Client1, you start the Windows Remote Management service.
You discover that no events are being collected.
You need to ensure that events are forwarded from Client1 to Server1.
What should you do?
A. on Client1, create an outbound Rule to allow port 5986 for the Domain connection type.
B. on Client1, create an inbound Rule to allow port 5986 for the Public connection type.
C. on Server1, create a Windows Event Collector firewall exception for the Domain connection type.
D. on Client1, create a Windows Remote Management firewall exception for the Domain connection type.
Answer: D
Q10. DRAG DROP - (Topic 5)
Windows 7 client computers in your company network are assigned IP addresses manually or by using DHCP.
Recent changes have been made to a DHCP Server scope. Desktops that have manually assigned IP addresses are reporting that they can no longer connect to the Internet.
You need to ensure that all client computers receive IP address and DNS servers' addresses from the DHCP server.
Which commands should you run? (To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.)
Answer:
Q11. - (Topic 4)
A company has a server running Windows Server2008 R2 with Windows Deployment Services (WDS), the Microsoft Deployment Toolkit (MDT), and the Windows Automated Installation Kit (WAIK) set up. The company also has client computers running Windows 7 Enterprise.
A new driver is released for the network cards that are installed in the client computers.
You need to update the image with the new driver for the network cards.
What should you do to add the driver to the mounted Windows image file?
A. Run the Start /w ocsetup command.
B. Run the DiskPart command and the Attach command option.
C. Use Sysprep with an answer file and set the PersistAHDeviceInstalls option in the answer file to True.
D. Use Sysprep with an answer file and set the PersistAHDeviceInstalls option in the answer file to False.
E. Use Sysprep with an answer file and set the UpdateInstalledDrivers option in the answer file to Yes.
F. Run the Dism command with the /Mount-Wim option.
G. Use Sysprep with an answer file and set the UpdateInstalledDrivers option in the answer file to No.
H. Run the PEImg /Prepcommand.
I. Run the ImageX command with the /Mountparameter.
J. Add a boot image and create a capture image in WDS.
K. Run the Dism command with the/Add-Driver option.
L. Run the BCDEdit /delete command.
M. Run the Dism command with the /Add-Package option.
Answer: K
Q12. - (Topic 1)
Your company has an Active Directory domain. All computers are members of the domain.
Your network contains an internal Web site that uses Integrated Windows Authentication.
From a computer that runs Windows 7, you attempt to connect to the Web site and are prompted for authentication.
You verify that your user account has permission to access the Web site.
You need to ensure that you are automatically authenticated when you connect to the Web site.
What should you do?
A. Create a complex password for your user account.
B. Open Credential Manager and modify your credentials.
C. Add the URL of the Web site to the Trusted sites zone.
D. Add the URL of the Web site to the Local intranet zone.
Answer: D
Explanation:
Local Intranet Sites in the Local Intranet zone are computers on your organizational intranet. Internet Explorer can be configured to detect intranet sites automatically. It is also possible to add Web sites to this zone by clicking the Advanced button on the Local Intranet sites dialog box, as shown in the figure. The default security level of this zone is Medium-Low. Protected Mode is not enabled by default for sites in this zone.
Security settings are configured primarily by assigning sites to zones. Sites that require elevated privileges should be assigned to the Trusted Sites zone. Sites that are on the intranet are automatically assigned to the Local Intranet zone, though this may require manual configuration in some circumstances. All other sites are assigned to the Internet zone. The Restricted Sites zone is used only for Web sites that may present security risks but must be visited.
Q13. - (Topic 1)
You have a computer that runs Windows 7. You open the Disk Management snap-in as shown in the exhibit. (Click the Exhibit button.)?
You need to ensure that you can create a new partition on Disk 0.
What should you do?
A. Shrink volume C.
B. Compress volume C.
C. Convert Disk 0 into a dynamic disk.
D. Create and initialize a Virtual Hard Disk (VHD).
Answer: A
Explanation:
Needs to have sufficient space in order to create a new partition. Hence shrinking the C: partition will create additional space that can be used for a new partition.
Q14. - (Topic 1)
Which of the following best describes how the user is alerted with information system and configuration alerts?
A. A popup occurs and the Windows 7 desktop contrast is dimmed. Until you acknowledge the alert the screen will not move.
B. If Aero is installed the shaking alert flag appears in the index bar of every open window.
C. A flag in the taskbar with a red "x" indicates there is a problem needing attention.
D. All of the above
Answer: C
Q15. - (Topic 2)
You have a computer that runs Windows 7. The computer contains one hard disk. The hard disk is configured as shown in the following table.
You install a new 250-GB hard disk in the computer.
You need to ensure that all the files on the computer are available if a single disk fails.
What should you do?
A. Create a mount point on C and D and then create a striped volume.
B. Create a mount point on C and D and then create two striped volumes.
C. Convert both disks to dynamic disks and then create a mirrored volume.
D. Convert both disks to dynamic disks and then create two mirrored volumes.
Answer: D
Explanation:
Creating a Mirrored Volume (RAID-1)A mirrored or RAID-1 volume provides availability and fault tolerance but does not improve performance. It uses two disks (or two portions on separate disks) that are the same size. Any changes made to the first disk of a mirror set are also made to its mirror disk. If the first disk fails, the mirror is broken and the second disk is used until the first is repaired or replaced. The mirror is then re-created, and the information on the working disk is mirrored on the repaired disk. The disadvantage of RAID-1 is that you need (for example) two 200-GB disks to hold 200 GB of data. The advantage is that you can mirror a system disk containing your operating system.You create a mirrored volume using a very similar procedure to the one that creates a striped volume, except that you right-click the first disk of your mirror and click New Mirrored Volume to start the appropriate wizard. You then select the second disk. The second disk needs to have a portion of unallocated space that is at least as large as the disk you want to mirror. The drive letter for a mirrored volume is the same as the drive letter of the first disk. You can also use the Diskpart tool to create a mirrored volume. At the DISKPART> prompt you first use the select disk command to select the first disk. You then enter a command with the syntax add disk=<n>to specify the mirror disk.