Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. The help desk technicians discover that Windows Defender definitions are not up-to-date on client computers. The help desk technicians report that other critical updates are applied to the client computers.
You need to ensure that all client computers have the latest Windows Defender definitions. Your solution must comply with the corporate security policy.
What should you request?
A. Software Environment An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that: No .bat files are allowed to be run by users and rules are enforced An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that: No .bat files are allowed to be run by users and rules are enforced Data Protection Environment Some users at the Manufacturing site use EFS to encrypt data. A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA). The DRA certificate and private key are stored on a portable USB hard drive. As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company's existing security configurations related to network security and data security. The management team has issued the following requirements: New software requirements All installation programs must be digitally signed. Minimum permissions must be granted for installation of programs. Internet Explorer requirements Users must not be able to bypass certificate warnings. Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT. Data protection requirements All portable storage devices must use a data encryption technology. The solution must meet the following requirements: Allow all users a minimum of read access to the encrypted data while working from their company client computers. Encrypt entire contents of portable storage devices. Minimize administrative overhead for users as files and folders are added to the portable storage devices. Recovery information for client computer hard drives must be centrally stored and protected with data encryption. Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin's certificate is not available. You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them. What should you recommend that the users do? A. From the command line, run the cipher.exe /e command. B. From the command line, run the certutil.exe /backupKey command. C. Enroll for a secondary EFS certificate. D. Export their EFS certificates with private keys to an external location. Answer: D
Q13. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series.
Topic 7, Contoso, Ltd.
Scenario:
You are an enterprise desktop support technician for Contoso, Ltd.
IP Addressing
Contoso has one office. The IP addressing for Contoso is configured as shown in the following table:
A year ago, a Windows Server 2008 R2 VPN server was deployed. Ten sales users participated in a pilot project to test the new VPN. The pilot project lasted two months. After the pilot project, the VPN server was put into production. The VPN server allows L2TP/IPSec-based VPN connections only. The VPN server requires certificate authentication.
Printer Configuration
Network printers are located in a single room on each floor. Users can search Active Directory to find printers that are nearby. Print1 is the print server for all printers.
Client Computer Configuration
Most users have desktop computers. Several users in the sales and management departments have portable computers because they travel frequently. All client computers run Windows 7 Enterprise.
The Windows Internet Explorer proxy settings are configured on all client computers by using a GPO named GPO-IE. GPO-IE is linked to the domain.
All users in the company use a custom application named App1. App1 is manually installed on all client computers. A new version of App1 is available. Some features in the new version of App1 are incompatible with the previous version of App1.
The help desk reports that several users use the previous version of App1, which causes some data to become corrupt.
You need to recommend a solution to prevent all users from using the previous version of App1.
What should you recommend?
A. that a domain administrator create a GPO linked to the domain and configure AppLocker settings in the GPO
B. that a domain administrator create a GPO linked to the domain and configure Software Installation settings in the GPO
C. that the new version of App1 be added to the Data Execution Prevention (DEP) settings on each client computer
D. that the previous version of App1 be added to the Data Execution Prevention (DEP) settings on each client computer
Answer: A
Q14. A client computers on your company network run Windows 7. Employees log on to their computers as Standard users.
There is a zero-day malicious software attack affecting your network. Employees receive User AccountControl (UAC) messages frequently requesting permission to elevate privileges. You know that this malicious software attack is responsible for these UAC prompts.
You need to ensure that employees are unable to provide elevated credentials.
What should you do?
A. Configure the Group Policy User Account Control: Only elevate executables that are signed and validated setting to Disabled.
B. Configure the Group Policy User Account Control: Switch to the secure desktop when prompting for elevation setting to Disabled.
C. Configure the Group Policy User Account Control: Behavior of the elevation prompt for standard users setting to Automatically deny elevation requests.
D. Configure the Group Policy User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting to Prompt for consent for non-Windows binaries.
Answer: C
Q15. Your company network has 500 client computers that run Windows 7. Your team consists of 20 desktop support technicians.
Two technicians troubleshoot a hardware-related performance issue on a computer. The technicians obtain different results by using their own User Defined Data Collector Sets.
You need to create a standardized Data Collector Set on a network share that is accessible to your team.
What should you create?
A. Event Trace Data Collector Set
B. Performance Counter Data Collector Set
C. Performance Counter Alert Data Collector Set
D. System Configuration Information Data Collector Set
Answer: B