MD-100: Windows Client

Which DNS record type is used to resolve a host name with an IP address? -MX record -A record -CNAME record

A record - The most common record type in forward lookup zones is an A record, which is also known as a host record. This record is used when resolving a host name to an IP address.

Patti Fernandez is a sales rep for Contoso. Contoso has enabled Device Registration, and Patti has enrolled her smartphone through the enrollment process. Patti is out of town on a sales trip. However, by using her smartphone, Patti can still access internal Contoso applications through the Internet. This scenario is made possible because of two services. One of them is the Web Application Proxy. What is the other service that works in conjunction with the Web Application Proxy to provide Internet access to internal company resources for an enrolled device? -AD DS -AD FS -Azure AD

AD FS - By implementing the Web Application Proxy component, you can enable registered devices to access company resources from external networks such as the Internet. A user can be in a coffee shop or at home, and if their device is registered, it can access internal applications through Web Application Proxy and AD FS. A company must set up AD FS before users can use the Device Registration feature on their devices. You must configure AD FS with a Secure Sockets Layer (SSL) certificate from a trusted CA, and the SSL certificate must have properly configured Subject Name and Subject Alternative Name attributes.

Which feature in Windows 10 and 11 enables users to turn their device into a Wi-Fi hotspot? -Broadband tethering -Autotriggered VPN -Mobile broadband

Broadband tethering -With broadband tethering, you can turn your Windows 10 or later device into a Wi-Fi hotspot.

Contoso's Engineering department typically uses smart cards for user authentication. Each engineer utilizes a smart card reader, which scans the chip on the user's card to authenticate the user. Which of the following authentication methods is used in conjunction with smart cards? -Kerberos version 5 protocol -Certificate mapping -NTLM

Certificate mapping -Typically, users utilize this method in conjunction with smart cards. The certificate that a smart card stores can link to a user account. Users utilize a smart card reader, which scans the card's chip to authenticate a user.

You migrated a website to a new server. One of your users reported that he received an "Unavailable" message when trying to access the website. However, other users that you checked with report that they can access the site with no problem. Which PowerShell cmdlet can you use that hay help resolve the issue? -Test-Connection -Clear-DnsClientCache -Register-DnsClient

Clear-DnsClientCache -The client may still be resolving the IP address of the old server. Therefore, clearing the client's resolver cache will force the client to ask the DNS server for the IP address.

Which variation of the UAC elevation prompt is displayed to standard users when they attempt to perform an administrative task? -Consent prompt -Credential prompt -Approval prompt

Credential prompt - Users elevate only to perform tasks that require an administrator access token. When a standard user attempts to perform an administrative task, UAC prompts the user to enter valid credentials for an administrator account. This is the default for standard user-prompt behavior.

What does AD DS use for locating resources such as domain controllers? -Domain Name System -LDAP -Kerberos

Domain Name System -AD DS uses Domain Name System (DNS) for locating resources such as domain controllers.

Which of the following characteristics of VPN connections allows data to traverse the transit network? -Authentication -Data encryption -Encapsulation

Encapsulation -With VPN technology, private data is encapsulated with a header that contains routing information, which allows the data to traverse the transit network.

As a sales rep for Tailspin Toys, Patti Fernandez gives numerous presentations each day on her Windows 11 laptop. Patti finds it extremely distracting when notifications pop up in the middle of presentations. Which Windows 11 feature enables Patti to suppress notifications, except for priority notifications from selected individuals in her Contact list? -Focus Assist -Show notifications on the lock screen -Control Panel

Focus Assist - While notifications can be helpful in managing the users day, they can be distracting in scenarios such as focusing on a particular task or giving a presentation. Focus Assist allows users to suppress these notifications. It can also be used to configure priority notifications. Examples include communications from specific people in your contact list, telephone calls, and notifications from specific apps.

Which Modern deployment option uses Windows Setup to update the OS and migrate apps and settings? -Windows Autopilot -Subscription activation -In-place upgrade

In-place upgrade -In-place upgrade uses Windows Setup to update your OS and migrate apps and settings.

Which type of disk fragmentation occurs when disk space is over-provisioned and then not used by an application? -Internal fragmentation -External fragmentation -Data fragmentation

Internal fragmentation -Internal fragmentation occurs when disk space is over-provisioned and then not used by an application. Disk space is provisioned into fixed-sized units, so any portion of a unit that's unused is a leftover fragment.

GPOs are applied in a consistent order that enables organizations to predict which settings are effective when there are conflicting settings in GPOs that apply to a user or computer. What's the order in which GPOs are applied - from first to last? -Site GPOs, Local GPOs, OU GPOs, Child OU GPOs, Domain GPOs -Child OU GPOs, OU GPOs, Domain GPOs, Site GPOs, Local GPOs -Local GPOs, Site GPOs, Domain GPOs, OU GPOs, Child OU GPOs

Local GPOs, Site GPOs, Domain GPOs, OU GPOs, Child OU GPOs -GPOs are applied from the least influential objects to the greatest influential objects in an AD DS environment. A local GPO is the least influential object. That's followed by sites, then domains, then OUs, and then child OUs. Any policies that link to child OUs process last.

What's the default browser in Windows 10 and Windows 11? -Internet Explorer -Microsoft Edge -Microsoft Edge Chromium

Microsoft Edge Chromium -Microsoft Edge Chromium is the default browser for Windows 10 or later. The legacy version of Microsoft Edge (non-Chromium) is no longer being developed. Chromium is a free and open-source web browser project. Microsoft Edge and many other browsers are based on the Chromium codebase.

As the Desktop Administrator for Woodgrove Bank, Alan Deyoung wants to create a custom Start menu layout for their fleet of Windows 10 devices. However, Alan also wants to provide flexibility by allowing users to customize the Start menu layout that he creates. Which type of Start menu layout should Alan create that meets this requirement? -Universal layout -Full layout -Partial layout

Partial layout -Partial layout should be used in scenarios where you want to leverage layout, but still provide flexibility for end users to customize the layout.

Some of the users in your organization are running out of disk space. You've identified that each of these users has unallocated free space on a different disk in their computer. What volume would add space to their existing volume? -Mirrored volumes -Spanned volumes -Striped volumes

Spanned volumes - A spanned volume joins areas of unallocated space on at least two and at most 32 disks into a single logical disk. This design gives users the option to gather noncontiguous free space from two or more disks into the same volume.

World Wide Importers requires control over the web apps that users can access from their devices. The company has deployed Device Registration. Which of the following tasks will occur after a user registers and enrolls a device? -The device is associated with the user's account in the company directory -An email is sent to the user verifying the device enrollment -The web apps are added as bookmarks in the device's browser

The device is associated with the user's account in the company directory -After a user enrolls a device, the following steps occur: 1) The device is associated with the user's account in the company directory, 2) The device object is created in AD DS, and 3) The user certificate is installed on the device.

Northwind Traders is a small importer and exporter of fine gems. Northwind created a small business network that supports the 802.11n and 802.11ac wireless standards. It also supports the WPA-Personal security model. A company visitor recently complained that while they could see the company's guest network, they couldn't connect to it. Which of the following items may be a cause of this issue? -The guest's device doesn't support the 802.11x standards -The guest's device doesn't support WPA -The visitor entered an incorrect password when trying to connect to Tradewind's guest network

The visitor entered an incorrect password when trying to connect to Tradewind's guest network -The WPA security model involves providing a security password. The visitor won't be able to connect to Northwind's wireless network if they enter the wrong password.

A hacker has captured network packets that workstations connected to your network send and receive. You have concerns that your organization's sensitive data has been compromised. What is this kind of network-based security threat known as? -Man-in-the-middle attack -Port scanning -Eavesdropping

Eavesdropping -An eavesdropping attack, also known as network sniffing, occurs when a hacker captures network packets that workstations connected to your network send and receive. Eavesdropping attacks can compromise your organization's sensitive data, such as passwords, which can lead to other, more damaging attacks.

When troubleshooting basic network connectivity with devices, which is a unique factor with wireless networks that's generally not a factor when troubleshooting wired networks? -Physical connection distance -Encryption settings -Interference

Encryption settings -Encryption is typically not a factor when troubleshooting basic network connectivity.

You are the IT Support professional for Contoso, a large enterprise organization that's a Microsoft Volume License customer. Contoso needs to deploy a set of Windows 11 computers for an isolated office that won't be managed for at least six months. Which of the following Windows 11 editions would be the best to deploy given Contoso's requirements? -Pro edition -Enterprise edition -Enterprise LTSC edition

Enterprise LTSC edition -The Enterprise LTSC edition is available to Volume License customers. What differentiates it from the Enterprise edition is that Enterprise LTSC is designed not just for large enterprise organizations, but for organizations with restrictive change requirements. Since this version does not receive feature updates, it would be the best solution for Contoso's isolated office that won't be managed for at least six months.

When a permission or password is necessary to complete a task, UAC will notify you with one of three different types of elevation prompts. Which type of elevation prompt will you receive when the item has a valid digital signature that verifies that Microsoft is the publisher of this item? -A program that isn't part of Windows needs your permission to start -A program with an unknown publisher needs your permission to start -A setting or feature that's part of Windows needs your permission to start

A setting or feature that's part of Windows needs your permission to start - You'll receive this prompt when the item has a valid digital signature that verifies that Microsoft is the publisher of this item. If this type of dialog box displays, it usually is safe to continue. If you are unsure, check the name of the program or function to decide if it is something that you want to run.

Fabrikam's current VPN solution only supports IPv6, and its clients must be domain-joined. What VPN solution can Fabrikam migrate to that uses either IPv4 of IPv6 and supports non-domain joined devices? -Always On VPN -Direct Access -Conditional Access Framework

Always On VPN -Direct Access is Fabrikam's current VPN solution, since it requires IPv6 and that clients be domain-joined. Always On VPN is the successor to Direct Access. It can use either IPv4 or IPv6, and supports non-domain joined devices. Always On VPN also provides more granular controls over how traffic is routed and support for conditional access policies.

A user at Northwind Traders is receiving a "product deactivated" message when they try to use Microsoft 365 applications. What type of issue does this message indicate? -An activation issue -An update issue -A connectivity issue

An activation issue - Activation of Microsoft 365 usually occurs during installation. To remain activated, Microsoft 365 connects to the Internet at least once every 30 days. Office goes into reduced functionality mode when there is an activation issue. In this mode, most commands are unavailable and users see "product deactivated" messages when they try to use Microsoft 365 applications. The user should try to reactivate Microsoft 365 from one of the Office applications or access the Microsoft 365 portal to manage Microsoft 365 installations.

Contoso recently purchased solid state drives (SSDs) for the laptops used by its Sales team. What method of defragmentation should the Sales team members periodically complete to defragment their new drives and maintain optimum performance? -Run the Defragment and Optimize Your Drives tool -Run the Disk Cleanup feature (cleanmgr.exe) -Defragmentation is not needed on SSDs

Defragmentation is not needed on SSDs -Defragmentation is not needed on SSDs, as they work quite differently from traditional hard disk drives. The Windows Storage Optimizer subsystem automatically uses TRIM to mark data blocks as not being used and optimize the drive. While the Optimize Drives UI does not distinguish between defragmentation and retrimming, Windows detects the drive type and runs the appropriate optimization task when needed.

As an IT Support professional for your organization, you need to configure the settings for Windows Logs. You create a new GPO for all the computers in your domain. Which of the following is something you can define for each log? -Event level to log, such as errors or warnings -Behavior that occurs when the log is full -Which apps should be excluded

Behavior that occurs when the log is full -For each log, you can define: 1) The location of the log file, 2) The maximum size of the log file, 3) Automatic backup options, 4) Permissions on the logs, and 5) Behavior that occurs when the log is full.

Tailspin Toys doesn't have BitLocker installed on any of the company's computers. However, the company is now considering implementing BitLocker because it recently had an attacker gain access to the startup process components on several computers. The attacker changed the code in these components and gained access to the computers even though the data on the computers' disks was encrypted. Once the attacker gained access to confidential information such as user passwords, they were able to circumvent other Windows security protections. How would BitLocker have prevented these attacks? -By requiring a TPM chip -BitLocker doesn't allow the system to start when it's been tampered with -BitLocker requires a recovery password to enter recovery mode

BitLocker doesn't allow the system to start when it's been tampered with - BitLocker uses a Trusted Platform Module (TPM) chip to verify the integrity of the startup process. It does so by locking the system when it is tampered with. If anyone has tampered with monitored files, the system does not start. This alerts the user to the tampering because the system fails to start as usual. In the event that system lockout occurs, BitLocker offers a simple recovery process.

You're the Desktop Administrator for Northwind Traders. You want to use Windows PowerShell scripts to build automation and complex logic into management tasks. How can you provide this scripting functionality in PowerShell? -By running Windows PowerShell ISE -By running Windows PowerShell through a GUI that embeds the shell -By running the Windows PowerShell command-line interface

By running Windows PowerShell ISE -Windows PowerShell Integrated Scripting Environment (ISE) provides command-completion functionality, and enables you to see all available commands and the parameters that you can use with those commands. You also can use a scripting window within Windows PowerShell ISE to construct and save Windows PowerShell scripts. Windows PowerShell ISE also provides debugging tools that you can use to debug simple and complex Windows PowerShell scripts.

How does IPsec provide protection from replay attacks? -By using sequence numbers -By using one of several available algorithms to encrypt data -By signing traffic

By using sequence numbers - IPsec uses sequence numbers. As a result, any packets that hackers attempt to capture for later replay use numbers that are out of sequence. Using sequenced numbers ensures that an attacker cannot reuse or replay captured data to establish a session or gain information. Using sequenced numbers also protects against attempts to intercept a message and use it to access resources, possibly months later.

As the Desktop Administrator for Adventure Works Cycles, you've received several complaints from users that Microsoft Edge is loading pages very slowly. What common troubleshooting step should you instruct the users to do to try and resolve this issue? -Delete their cached files and enable InPrivate Browsing to disable any trackers -Install an AdBlock extension from the Edge Add-ons catalog -Implement Microsoft Edge extensions

Delete their cached files and enable InPrivate Browsing to disable any trackers - A common troubleshooting step when website pages load slowly in Microsoft Edge is to delete the user's cached files and enable InPrivate Browsing to disable any trackers.

Hackers recently attacked Trey Research by overloading its DNS system with a large number of fake requests. The purpose of this attack was to overload and shut down the server that hosts DNS. What is this common network security threat known as? -Man-in-the-middle attack -Denial of service attack -Brute force network attack

Denial of service attack -This type of attack limits the function of a network app, or renders an app or network resource unavailable. Hackers typically perform DoS attacks by overloading a service that replies to network requests, such as Domain Name System (DNS), with a large number of fake requests in an attempt to overload and shut down a service or the server that hosts the service. A distributed denial of service (DDoS) attack is a version of a DoS attack.

Which of the following items analyzes network traffic and filters out harmful traffic, such as attempts to cause a denial-of-service attack or an SQL injection attack? -Block at first sight -Firewall -Microsoft Defender for Endpoint

Firewall -A sophisticated firewall can analyze network traffic and filter out harmful traffic, such as attempts to cause a denial-of-service attack or an SQL injection attack. Administrators often place firewalls at a network perimeter, between an organization's screened subnet and the Internet, and between the screened subnet and the internal network. Today, it also is common for each host to have its own additional firewall.

Which basic permission on a folder allows groups or users to delete a file in that folder, regardless of the permissions that protect the file? -Modify -Full control -Delete

Full control -Groups or users that have the Full Control permission on a folder can delete any files in that folder, regardless of the permissions that protect the file.

When configuring shared folder permissions for a shared folder, three permissions can allowed or denied. Two of them are Read and Change. What's the third shared folder permission that can be allowed or denied? -Write -Read and execute -Full control

Full control -When you configure shared folder permissions per shared folder, you can allow or deny only Read, Change, and Full Control permissions. These permissions apply to content in all folders and subfolders.

Lucerne Publishing wants to employ InPrivate Browsing to help protect data and privacy by preventing the browser from locally storing or retaining browsing history, temporary Internet files, form data, cookies, user names, and passwords. However, the company is concerned that some users may attempt to use InPrivate Browsing to conceal their tracks when browsing prohibited websites, or websites that do not pertain to work. What feature can Lucerne Publishing use to configure how it uses InPrivate Browsing and still provide full manageability control on users' work devices? -Tracking Protection -Tracking prevention templates from Microsoft Intune -Group Policy

Group Policy - Some users may attempt to use InPrivate Browsing to conceal their tracks when browsing prohibited websites, or websites that don't pertain to work. However, you can use Group Policy to configure how your organization uses InPrivate Browsing, thereby providing you with full manageability control on users' work devices.

As the Desktop Administrator for Northwind Traders, Patti Fernandez is troubleshooting issues with a user's laptop. As part of her initial troubleshooting, Patti reviewed device-related events in Event Viewer. As a best practice, what's the second step that Patti should complete during this initial troubleshooting? -Upgrade the computer's BIOS or firmware -Check for device conflicts in Device Manager -Verify hardware compatibility

Check for device conflicts in Device Manager - When performing initial troubleshooting, you should review device related events in Event Viewer and check for device conflicts in Device Manager.

Since many users have multiple devices, Microsoft Store allows a user to install a single Universal Windows application on multiple devices. How many installations of a single application can a user install through the Microsoft Store? -5 -8 -10

10 -Many users have multiple devices—for example, a desktop and a laptop computer. The Microsoft Store allows 10 installations of a single application so that users can run the same application on each of their devices. If users attempt to install an application on an 11th device, they receive a prompt that they must first remove the application from another device.

When an end user first discovers and reports a computer problem, what's the first step in most troubleshooting methodologies? -Classification -Reporting -Testing

Classification - When an end user first discovers and reports a computer problem, a series of classification processes begins. During these processes, you gather information from the end user in an attempt to establish the problem's nature and scope. The initial discussion might reveal information that results in an immediate resolution to the problem, but with more complex or serious problems, you must continue to troubleshoot the issue to resolve it.

You are troubleshooting a Windows 10 computer in which the Windows Store app can't connect to the store. You ran the Apps troubleshooter but still experience the issue. What should you try next? -Clear Microsoft Store cache -Reconfigure the AppLocker rules -Configure Windows Firewall rules

Clear Microsoft Store cache - If the Microsoft Store app will not start or the Microsoft Store app cannot connect to the store, clearing the Microsoft Store cache might resolve this issue. You can reset the Microsoft Store cache by typing WSReset.exe in a command prompt.

Contoso's IT department wants to provide a consolidated and efficient virtual environment through virtual-machine compatibility with Windows Server. This design will enable them to use a single device to test applications and IT scenarios in multiple operating system configurations. Which of the following Windows 11 features should the IT department use to support this effort? -Windows Sandbox -Virtual secure mode -Client Hyper-V

Client Hyper-V - By using Client Hyper-V, IT departments can provide a consolidated and efficient virtual environment through virtual-machine compatibility with Windows Server. This environment can use a single device to test applications and IT scenarios in multiple operating system configurations.

Adventure Works Cycles has set the Windows Defender Firewall option that allows an app or feature through Windows Defender Firewall. Turning on this option enables Adventure Works' administrators to define a list of approved programs that can communicate through their firewall. What else can Adventure Works do to help decrease security risks with its communication architecture? -Allow all programs to communicate through the firewall -Open a port without scoping the port to a specific app -Close ports when you don't require them

Close ports when you don't require them - Generally, it is safer to add a program to the list of allowed programs than to open a port for an app. If you open a port without scoping the port to a specific app, the opening in the firewall stays open until you close the port, regardless of whether a program is using it. You should only open a port when necessary.

You're an IT Support Professional for Contoso's business applications. A home-based user has requested support with an application. You tell the user to launch Quick Assist. Which of the following items is an option the user will have? -Save this invitation as a file -Send invitation to phone -Code from assistant

Code from assistant -The person providing the assistance will provide a one-time code to establish the connection, which the user requesting the help will enter in the Quick Assist app.

Microsoft Edge provides a side panel that allows you to add pages or drag objects into the panel. This panel allows you to organize and share content that you find across the web. That's this feature? -Pinned tabs -Pivot between profiles -Collections

Collections -Collections allow you to easily collect, organize and share content that you find across the web. Collections provide a side panel that allows you to add pages or drag objects into the panel. This provides an easy way to perform actions such as comparing items when shopping or collecting information for planning a trip or event.

As the Desktop Administrator for Fabrikam, Holly Spencer wants to implement an on-premises management solution to manage desktops, servers, and laptops on the company's network or internet-based. Holly also intends to monitor compliance, query, and act on clients in real time. What tool will provide Holly with this functionality? -Desktop Analytics -Windows Autopilot -Configuration Manager

Configuration Manager - Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.

As the Desktop Administrator for Northwind Traders, you want to deploy Microsoft 365 using the same deployment method that you used to deploy desktop apps. This method will provide native integration for deployment of Microsoft 365. It will also provide extensive control over installation, updates, and settings. Which deployment option is this? -Configuration Manager -Click-to-run -The Office Deployment Tool (ODT)

Configuration Manager - Configuration Manager provides native integration for deployment of Microsoft 365. It also provides extensive control over installation, updates, and settings.

As the Desktop Administrator for Contoso, Holly Dickson wants to convert several desktop apps to Universal Windows apps. What tool must Holly run that repackages an existing binary into the Universal Windows Platform (UWP) format, resulting in a package that contains the same base code that runs the desktop app? -UWP Converter -Desktop App Converter -Universal Windows App Generator

Desktop App Converter - Converting desktop apps to Universal Windows apps relies on two components. The first component is the Desktop App Converter, which is a tool that repackages an existing binary into the Universal Windows Platform (UWP) format. The resulting package contains the same base code that runs the desktop app. The second component is a runtime that allows UWP packages to operate with the full trust level, rather than in an app container. It also assigns a package identity to a converted app.

As the new Desktop Administrator for Northwind Traders, Alan Deyoung is trying to fix some of the security issues left behind by his predecessor. One such practice directed users to sign in to their computers with the Administrator account. Alan discovered that this policy led to malicious users gaining access to server and client computers. What should Alan do to resolve this issue with each device? -Delete the Administrator account and have users sign in with the Default Account -Lock out the Administrator account and have users sign in using the Local Service account -Disable the Administrator account and have users sign in with a local account that's a member of the Administrators group

Disable the Administrator account and have users sign in with a local account that's a member of the Administrators group - Because the Administrator account is known to exist on many versions of the Windows operating system, it's a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer. Then create a local account that's a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the "Run as Administrator" option.

You are an IT Support Professional for a law firm. One of the paralegals is having trouble finding files on their Windows 10 computer. Which of the following files is included in the Windows Search index by default? -Password-protected Office files -Network shares -Documents folder

Documents folder - By default, Windows Search indexes each user's e-mail and Documents and Settings folders (users can add custom locations like network shares). Indexing of shared folders can be turned off with Group Policy.

Which type of corporate network is a logical grouping of networked computers that share a common user database? -Workgroup -Peer-to-peer -Domain

Domain - Domains are logical groupings of networked computers that share a common user database. In addition, they manage security centrally on a single server, known as a domain controller, or on a group of servers (domain controllers). A single domain must have one or more domain controllers. These computers provide Active Directory Domain Services (AD DS), helping to secure access to resources, and providing a single point of administration. By the way, workgroups is another name for peer-to-peer networks.

In which type of network location is network discovery turned on by default, and you can't create or join a HomeGroup? -Domain networks -Private networks -Guest or public networks

Domain networks -These typically are workplace networks that attach to a domain. Use this option for any network that allows communication with a domain controller. Network discovery is on by default, and you cannot create or join a HomeGroup.

As the Desktop Administrator for Fabrikam, Holly Spencer wants to link the custom GPOs that she creates to AD DS containers. This will enable her to apply customized settings to the objects in those containers. Which of the following AD DS containers can Holly apply GPOs to? -Domains container -Computers container -Users container

Domains container -GPOs can be applied to AD DS sites, domains, and organizational units (OUs). This is referred to as linking. GPOs can't be linked to the default Computers or Users containers in AD DS.

Which of the following is a feature of EFS? -EFS encrypts individual files based on user accounts -With EFS, files don't remain encrypted if they're moved or copied to another system that doesn't also provide encryption -EFS is easier to implement and manager than BitLocker

EFS encrypts individual files based on user accounts - Encrypting Files System (EFS) is another encryption feature in Windows. Unlike BitLocker, which encrypts the entire volume, EFS encrypts individual files based on user accounts.

The Microsoft Store is primarily for end-users' use when not necessarily working for an enterprise. In contrast, the Microsoft Store for Business gives enterprise employees a way to install work-related Universal Windows apps. Which of the following items is a feature of the Microsoft Store? -Purchasing requires an Azure AD account -Each user purchases their own license for an application -You can deploy applications through the Microsoft Store and by using deployment tools

Each user purchases their own license for an application -In the Microsoft Store, each user purchases their own license for an application. In contrast, in the Microsoft Store for Business, an administrator can purchase multiple application licenses.

Your organization deployed a new sales desktop app a month ago. A few users are experiencing issues starting this app. What method should you try first to resolve the issue for these users? -Reinstall the application -Reconfigure the application -Repair the application

Repair the application - If a desktop app is experiencing errors or is unable to start, repairing the application might resolve the issue. Repairing an application updates the application files to the correct version, and rewrites the required computer-specific registry entries. It does not affect user-specific registry entries. If an application repair doesn't resolve the problem, then try reinstalling the application.

Which of the following recovery tools should only be used if other methods of recovery are unsuccessful, because this recovery method is intrusive and overwrites everything on the computer? -Startup Repair -System Image Recovery tool -System Restore

System Image Recovery tool -The System Image Recovery tool replaces your computer's current operating system with a complete computer backup that you created previously, and which you stored as a system image. You can use this tool only if you have made a recovery drive of your computer. You should use this tool only if other methods of recovery are unsuccessful, because this recovery method is intrusive and overwrites everything on the computer.

Your organization has identified potential weaknesses in its private networks that may make them susceptible to exploitation. As an IT support professional for your organization, you are tasked to implement IPsec. Which of the following items is a feature of IPsec? -IPsec offers self-authentication before and during communications -IPsec has two modes: Basic and Advanced -IPsec provides a private channel for sending and exchanging potentially sensitive or vulnerable data

IPsec provides a private channel for sending and exchanging potentially sensitive or vulnerable data -If you implement IPsec properly, it provides a private channel for sending and exchanging potentially sensitive or vulnerable data, whether it is email, FTP traffic, news feeds, partner and supply-chain data, medical records, or any other type of TCP/IP-based data.

Northwind Traders has several users that have been running unauthorized software. As a result, the company has begun experiencing a higher incidence of malware infections and help-desk calls. What can Northwind Traders do to restrict which software can run on user PC's and devices? -Implement the Microsoft Security Compliance Toolkit -Implement AppLocker -Implement Windows Device Health Attestation

Implement AppLocker - You can use AppLocker to specify which software can run on user PC's and devices. This can be done by preventing unlicensed software or malware from running, and by restricting the ActiveX controls that are installed.

Contoso has a large number of devices running Windows 8.1. It wants to upgrade these devices to Windows 11 while retaining all user applications, files, and settings. Which of the following installation methods should Contoso use? -Upgrade with Feature update -In-place upgrade using image-based upgrade -Refresh using the Reset this PC feature

In-place upgrade using image-based upgrade - Larger organizations typically use tools like Endpoint Configuration Manager and a pre-defined image to initiate an in-place upgrade. This method is recommended for upgrading existing Windows 8.1 devices to Windows 10 or later. During an in-place upgrade, the Windows installation program automatically retains all user settings, data, hardware device settings, apps, and other configuration information.

Which Microsoft Edge feature enables users to surf the web without collecting browsing history? -InPrivate browsing -Tracking Protection -Cached browsing

InPrivate browsing -For enterprises that want their users to able to browse without collecting browsing history, Microsoft Edge has a privacy mode called InPrivate Browsing. This allows users to surf the web without leaving a trail. InPrivate Browsing helps protect data and privacy by preventing the browser from locally storing or retaining browsing history, temporary Internet files, form data, cookies, user names, and passwords. This leaves virtually no evidence of browsing or search history as the browsing session does not store session data.

As the Desktop Administrator for Contoso, you enabled UAC on all the company's Windows 11 computers to prevent users from installing unauthorized software. Which of the following tasks can a standard user perform without receiving a UAC prompt? -Install drivers from Windows Update -Install drivers for a device Copy or move files into the Program Files or Windows directory

Install drivers from Windows Update -A standard user won't receive a UAC prompt when installing drivers from Windows Update or those that are included with the operating system.

As the Desktop Administrator for Contoso, you enabled UAC on all the company's Windows 11 computers to prevent users from installing unauthorized software. However, some of the users are local Administrators on their computers. Which of the following tasks will generate a UAC consent prompt for these users? -Use Remote Desktop to connect to another computer -Install software and drivers -Connect and configure a Bluetooth device

Install software and drivers - Installing and uninstalling an application will generate a UAC consent prompt for a local Administrator account.

Northwind Traders currently has a workgroup network. However, it's considering implementing a domain network. Which of the following is an advantage for Northwind Traders to stay with a workgroup network? -It's the most secure type of network -It offers centralized security to all computes in the group -It requires the least amount of attention

It requires the least amount of attention -Larger companies and corporations typically configure domains because they are the most secure network option. They also are extensible and offer centralized security and management. Smaller companies generally don't use domains because they are more expensive, and require more attention than workgroups.

Which OneDrive feature redirects the common Windows known folders (Desktop, Documents, Pictures, Screenshots, and Camera Roll) to organizational Sharepoint storage? -Known folder move -OneDrive files on demand -Files restore

Known folder move -This feature redirects the common Windows known folders (Desktop, Documents, Pictures, Screenshots, and Camera Roll) to organizational Sharepoint storage. Users can continue with their daily work habits, while gaining the benefits of OneDrive.

Hard disk drives can fail for a variety of reasons. What's the least severe type of failure that a hard disk drive can experience? -Logical failure -Firmware failure -Bad sector

Logical failure -Examples of logical failures include invalid entries in a file allocation table (FAT) or master file table (MFT) on the NTFS file system volume. Logical failures are the least severe type of failure.

Which Windows Service Channel isn't intended for deployment on most or all the PCs in an organization and should only be used for special-purpose devices? -Windows Insider Program -Long-Term Servicing Channel -General Availability Channel

Long-Term Servicing Channel -Windows Enterprise LTSC is a separate Long-Term Servicing Channel version. Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices. As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.

As the Desktop Administrator for Northwind Traders, you've been receiving reports that your clients are having trouble connecting to a server. Which command or PowerShell cmdlet should you use to check whether your DNS server has the correct IP address for the target host? -Ipconfig /displaydns -Get-DnsClient -Nslookup

Nslookup -The NSLookup command line tool displays information that you can use to diagnose your Domain Name System (DNS) infrastructure. Before using this tool, you should be familiar with how DNS works. The nslookup command-line tool is available only if you have installed the TCP/IP protocol.

Aleksander has been asked to configure basic properties for a share by using Advanced Sharing. They used Advanced Sharing to assign the share name, configure caching, and assign permissions. What other basic property can be configured with Advanced Sharing? -Number of simultaneous users -Access-based enumeration -Online Settings

Number of simultaneous users -This share property limits the number of users that can have an open connection to the share. The connection to the share is open when a user accesses the share for the first time, and it closes automatically after a period of inactivity. The default value in Windows client is no more than 20 users. However, you can configure this to a lower number.

Which method of Windows activation associates the Windows operating system to the computer system BIOS, which means the license can't be transferred to another computer? -Retail -OEM -Microsoft Volume Licensing

OEM -OEM system builders typically sell computer systems that include a customized build of Windows. You can perform OEM activation by associating the Windows operating system to the computer system BIOS, which means that you can't transfer this license to another computer.

As the Desktop Administrator for Lucerne Publishing, Patti Fernandez used Folder Redirection in the company's domain environment to redirect local folders from the user profile to the file server. Which tool should Patti use to make a local copy of these redirected files and then make them available even when there's no network connectivity to the file server? -Work Folders tool -Offline Files tool -robocopy.exe

Offline Files tool - In a domain environment, Folder Redirection redirects local folders from the user profile to the file server. Offline Files makes a local copy of redirected files and then makes them available even when there is no network connectivity to the file server.

As the Desktop Administrator for Adventure Works Cycles, you have been monitoring storage usage on several tablets that have limited storage space. Which category of storage usage enables you to select which folders synchronize to these devices to save disk space? -Apps and Games -OneDrive -System and Reserved

OneDrive -The OneDrive category enables you to select which folders synchronize to the device to save disk space. This is particularly useful on devices with limited storage space, such as tablets.

As the Desktop Administrator for World Wide Importers, you want to create a workgroup for the Warehouse department. This workgroup will enable the warehouse staff to share files, network storage, printers, and any connected resource. What's the maximum number of computers that you can assign to this workgroup? -20 -40 -75

20 - A workgroup has a limit of 20 computers, all of which must be on the same local network.

What is the maximum length of a host name? -16 characters -32 characters -255 characters

255 characters - A host name is a user-friendly name that is associated with a host's IP address and identifies it as a TCP/IP host. A host name can be no more than 255 characters in length. It can only contain alphanumeric characters, periods, and hyphens.

What's the minimum RAM requirements to install or upgrade to Windows 11? -1 GB for 32-bit or 2 GB for 64-bit -4 GB -8 GB

4 GB - To install or upgrade to Windows 11, a device must have a minimum of 4 GB of RAM.

Fabrikam plans to upgrade more than 500 devices from Windows 8.1 Enterprise and Windows 10 Enterprise to Windows 11 Enterprise. Which of the following guidelines should Fabrikam employ to ensure the configuration of each device doesn't drift to a state that becomes a security risk? -Identify the necessary device drivers -Identify storage and network resources that you can use during deployment -Centralized management to identify the method or tools for deploying the -OS

Centralized management to identify the method or tools for deploying the OS -When an organization is managing more than 25 devices, centralized management should be considered to identify the method or tools for deploying the OS and applications. While this might seem like a low threshold, keep in mind that deployment isn't just about the delivery of an operating system and apps, but also continuous management. Specifically, ensuring that the device configuration does not drift to a state that becomes a security risk. Organizations should consider a management solution such as Microsoft Intune, whether they choose to manage devices themselves or contract with an IT management company.

As the Desktop Administrator for Wingtip Toys, you have replaced a hard disk drive on one of your PCs. You began by partitioning the disk using the master boot record (MBR) scheme. What's the next step that you must complete before an operating system can use the disk? -Restart the PC to recognize the disk -Resize the partitions -Create and format one or more volumes on the disk

Create and format one or more volumes on the disk -After partitioning the disk, you must create and format one or more volumes before an operating system can use the disk.

Holly Dickson, Contoso's Desktop Administrator, installed a new USB printer to her Windows 11 laptop. After attaching the printer, Holly installed the printer driver. Everything seems in order, but Holly can't get the printer to function properly. What should Holly do? -Return the printer. -Unattach the printer, remove the device driver, and then reinstall each. -Install the printer driver before attaching the printer.

Install the printer driver before attaching the printer. - Some USB printers require that you install the printer driver before you attach it. Failure to follow this procedure can result in the printer not functioning correctly. Check the product documentation before attaching the printer to your computer.

You're configuring a Windows 10 desktop computer. You added a new hard disk drive to the computer. You want to configure the drive to support quotas so that you can track and control disk-space usage. Which file system should you format the new drive with? -FAT -NTFS -ReFS

NTFS -NTFS supports the use of disk quotas, which enable you to specify the amount of disk space that is available to a user. When you enable disk quotas, you can track and control disk-space usage. You can configure whether to allow users to exceed their limits and configure Windows to log an event when a user exceeds a specified warning level or quota limit.

Contoso recently purchased a new Windows 11 device that came with the Windows Pro edition installed. Since Contoso uses the Windows Enterprise edition on all its devices, it must change the Windows edition on the new machine from Pro to Enterprise. How can Contoso complete this edition upgrade? -Manually enter a product key for Windows Enterprise -Use a provisioning package -Purchase a Windows Enterprise license from the Microsoft Store

Use a provisioning package -There are several supported methods of upgrading from Windows Pro to Enterprise, including: using a provisioning package, using an MDM solution, using a command line tool (changepk.exe), and using Microsoft Store for Business or PC.

A host name combines a domain name with what other object to create a fully qualified domain name (FQDN)? -an alias -a NetBIOS name -a sub-domain name

an alias - An alias is a single name associated with an IP address. The host name combines an alias with a domain name to create the FQDN.

As the Enterprise Security administrator for Fabrikam, Holly Spencer wants to manage the company's group policy objects (GPOs). What tool should Holly use to accomplish this task? -The Group Policy Management Editor -The AppLocker Microsoft Management Console -The Microsoft Security Compliance Toolkit

The Microsoft Security Compliance Toolkit - The Microsoft Security Compliance Toolkit enables enterprise security administrators to effectively manage their enterprise's Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects.

Your network administrator has asked you to verify that a Windows client computer in your Houston office has network connectivity to a file server at the Chicago office. You need to provide detailed statistics on delay and packet loss on the individual steps, or hops, through the network routers. Which command or tool should you use? -The Pathping command -The Ping command -The Tracert tool

The Pathping command - The Pathping command traces a route through the network in a manner similar to the Tracert tool. However, Pathping provides more detailed statistics on the individual steps, or hops, through the network. The command can provide greater detail because it sends 100 packets for each router, which enables it to establish trends.

As the Desktop Administrator for Northwind Traders, Patti Fernandez wants to manage multiple printers and print servers from a single interface. Patti also wants to manage them remotely. Which Windows feature should Patti use that provides this functionality? -The Print Server admin center -The Print Management Console -Device Manager

The Print Management Console - Windows includes the Print Management Console in the Administrative Tools. You can connect to Windows-based print servers through the Print Management Console and manage them remotely. The Print Management Console provides a single interface through which you can administer multiple printers and print servers and perform management tasks.

As the Desktop Administrator for Fabrikam, Saul has added a network folder to a library. Which of the following items will result from that action? -The folder was physically moved on the computer -Users can access the folder when the computer is offline -Users can only access the folder when the computer can connect to the networked location

Users can only access the folder when the computer can connect to the networked location -Users may add network folder locations to libraries. However, users will only be accessible when the computer can connect to that networked location. They cannot be accessed in offline scenarios.

As an IT Support professional for Contoso, you're helping to configure the company's infrastructure to allow Device Registration. Which of the following prerequisites must you implement before you can enable Device Registration on your devices? -Each client machine must have a 64-bit operating system -Web Application Proxy must be set up -A DNS record for the host that's named "Enterpriseregistration"

A DNS record for the host that's named "Enterpriseregistration" - The name Enterpriseregistration is mandatory, and you can't change it. The DNS server must resolve this name to the IP address of the AD FS server. The AD FS server will then use it as one of its Subject Alternative Name attributes in the SSL certificate.

As the Desktop Administrator for Fabrikam, Holly Spencer wants to add physical disks to a storage pool. Which of the following requirements do the disks need to satisfy? -Two physical disks are needed to create a storage pool -A minimum of two physical disks are needed to create a resilient mirror virtual disk -Disks must be blank but formatted

A minimum of two physical disks are needed to create a resilient mirror virtual disk -Creating a resilient mirror virtual disk requires a minimum of two physical disks.

Which of the following characteristics describes a Type 4 printer driver? -A single Type 4 driver can support multiple printer models -Type 4 driver packages are larger and more complex than Type 3 drivers -Type 4 drivers must download from a print server

A single Type 4 driver can support multiple printer models - Windows traditionally uses separate Type 3 printer drivers for each printer device model. However, a single Type 4 driver can support multiple printer models.

What's the recommended way to move from Windows 8.1 to Windows 10? -In-place upgrade -In-place upgrade using feature update -Side-by-side migration

In-place upgrade - The in-place upgrade is the recommended way to move from Windows 8.1 to Windows 10. You perform an in-place upgrade when you want to replace an existing Windows and wish to retain all user applications, files, and settings. Following the in-place upgrade, the Windows installation program retains all user settings, data, hardware device settings, applications, and other configuration information from the previous version of Windows.

What benefit does multicast provide? -Reduces bandwidth consumption by sending the same information to multiple computers at once -Allows one device to talk to multiple devices -Increases the network speed

Reduces bandwidth consumption by sending the same information to multiple computers at once - Multicast can send a single packet of information to multiple computers, instead of sending the same packet of information repeatedly to multiple computers.

Which of the following items is a collection of one or more physical disks that can be use to create virtual disks? -Storage space -Mirror space -Storage pool

Storage pool - A storage pool is a collection of one or more physical disks that you can use to create virtual disks. You can add all nonformatted physical disks and disks that do not have an attachment to another storage pool to a storage pool.

NTFS compression is available on volumes that use NTFS. Which of the following statements is a characteristic of NTFS compression? -NTFS compression and decompression always cause some data loss -The compression state of a folder reflects the compression state of the files within that folder. -When opening a compressed file, the Windows operating system automatically decompresses it.

When opening a compressed file, the Windows operating system automatically decompresses it. -When opening a compressed file, the Windows operating system automatically decompresses it.

Which of the following items is a feature of the Miracast protocol? -The Miracast protocol is used in client-server networks -When transmitting audio and video between devices via Wi-Fi, both devices must be connected to the Internet -When transmitting audio and video between devices via Wi-Fi, the devices only need to share the same local wireless network

When transmitting audio and video between devices via Wi-Fi, the devices only need to share the same local wireless network -It isn't necessary that both devices are connected to the Internet. They only need to share the same local wireless network. The shared information is sent by the device via Wi-Fi through a Wi-Fi Direct connection to a receiver connected to the display device. The receiver then decodes the video signal and passes it to the TV display (or other display device).

Which component of the Windows Assessment and Deployment Kit (ADK) creates provisioning packages that can be used to dynamically configure a Windows device without the need for re-imaging the device with a custom image? -Deployment Image Servicing and Management -Windows Imaging and Configuration Designer -Windows System Image Manager

Windows Imaging and Configuration Designer - Windows Imaging and Configuration Designer is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for re-imaging the device with a custom image.

Holly Spencer is the Desktop Administrator for Fabrikam. Holly, who uses more than one Windows device, has bookmarked several websites in Microsoft Edge. As such, when Holly moves from one device to another, those bookmarks persist in the Favorites list on each device. Which of the following items makes this synchronization of settings possible? -A Microsoft Account -Focus Assist -A group policy

A Microsoft Account -Settings are persistent when using a Microsoft Account. This facilitates a common identity across devices. Settings are maintained as part of the Microsoft Account's profile data and are applied when signing into a device. As such, if a user bookmarks a website in Microsoft Edge, that bookmark will persist in the Favorites list when the user moves to another device.

What does AD DS use to perform authentication for computer accounts during the startup process and for user accounts when the user signs in? -Domain controllers -LDAP calls -Group policy objects

Domain controllers -The sign-in process authenticates both the computer and user accounts. In an AD DS environment, domain controllers perform authentication for computer accounts during the startup process and for user accounts when the user signs in.

Tailspin Toys is planning to upgrade its entire fleet of Windows 10 devices to Windows 11. Tailspin wants to restore the machines to a "first-run" experience and allow administrators to apply organization-specific configurations and even some types of apps. It wants to achieve the same result as reimaging, but without the need to deploy an entire image over a network and reduce the number of custom images. Which upgrade method should Tailspin Toys use to achieve these goals? -Windows Autopilot -Migration -Bare metal installation

Windows Autopilot - If the computer already has Windows 10 or later, Windows Autopilot can be used to achieve the same state as a new deployment. It uses the existing Windows 10 or 11 installation to restore the machine to a "first-run" experience, but allows administrators to apply organization-specific configurations and even some types of apps. As most new computers come with Windows pre-installed, this enables organizations to achieve the same result as reimaging for some scenarios, without the need to deploy an entire image over a network and reduce the number of custom images.

Contoso wants to provide additional security for its remote access connections. Specifically, it wants to protect enterprise data against leakage and unauthorized use. To do so, what feature should Contoso integrate its VPN client with? -Microsoft Defender for Cloud Apps -Azure AD Conditional Access Framework -Windows Information Protection

Windows Information Protection - Windows Information Protection is a feature that uses a number of technologies (including BitLocker Drive Encryption, AppLocker, and Microsoft Azure Rights Management) to protect enterprise data against leakage and unauthorized use. It relies on Microsoft Intune, Microsoft Endpoint Configuration Manager, or another third-party MDM solution to create and deploy policies that you use to specify protected apps, and to apply desired protection levels to your data.

Contoso recently deployed the latest upgrade to the Windows operating system. However, the company later discovered a significant compatibility issue between the latest Windows upgrade and one of their Sales apps. Contoso wants to roll back this upgrade to the previous Windows operating system version. By default, what's the default grace period that Contoso has to roll back to the previous Windows version? -10 days -20 days -30 days

10 days -With Windows, you can roll back an upgrade to the previous Windows operating system version. This can be helpful if unforeseen circumstances occur after updating. There is a default 10-day grace period to roll back to the previous version, however this can be changed with the DISM image tool. When rolling back, any changes will be lost, including installed apps, and it's recommended that user data be backed up prior to a rollback.

As the Windows Update for Business administrator at Contoso, you want to defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You want to use this deferral to allow time to validate deployments as they are pushed to devices. What's the maximum deferral period for quality updates? -30 days -180 days -365 days

30 days - The maximum deferral period for quality updates is 30 days. The maximum deferral period for feature updates is 365 days.

You are configuring the storage on a Windows 10 computer. You format a 32 GB volume with FAT32. What is the maximum file size supported on this volume? -32 GB -4 GB -8 GB

4 GB - FAT32 supports a maximum file size of 4 GB.

Your computer can use more memory than the limitation imposed by 32-bit operating systems. Because your computer doesn't have this memory limitation, you want to select a 64-bit version of Windows. What's the memory limitation imposed by 32-bit operating systems? -2 GB -4 GB -8 GB

4 GB - Using a 64-bit version enables your computer to use more memory than the 4 GB limitation imposed by 32-bit operating systems. If your computer has more than 4 GB of memory, or if you can add additional memory beyond 4 GB, then select a 64-bit version of Windows.

As the Desktop Administrator for World Wide Importers, Alan Deyoung wants to configure each individual computer with specific Windows Update settings. Doing this manually would be very time consuming, so Alan plans to create a Group Policy Object (GPO) to configure the necessary settings. After creating the GPO, what must Alan use to apply those settings to the appropriate collection of computers? -Active Directory Domain Services -Configuration Manager -Microsoft Endpoint Manager

Active Directory Domain Services -To configure each individual computer with specific Windows Update settings would be very time-consuming. Fortunately, you can create a Group Policy Object (GPO) to configure the necessary settings, and then use Active Directory Domain Services (AD DS) to apply those settings to the appropriate collection of computers.

Which type of wireless network topology can connect wireless devices dynamically in a peer-to-peer configuration without the use of any infrastructure devices? -Ad hoc -Infrastructure -WPA2

Ad hoc - Ad hoc networks can connect wireless devices dynamically in a peer-to-peer configuration without the use of any infrastructure devices.

Contoso has several Windows 10 laptops experiencing performance bottlenecks. Diagnostic analysis indicates the source of the problem to be the computers' disk subsystems. What can Contoso do to alleviate this problem? -Install a powerful graphics subsystem -Run applications when demand for resources is low -Add more memory

Add more memory - Windows moves information on the disk into memory before it uses it. Therefore, if a surplus of memory exists, the Windows operating system creates a file cache for items recently written to, or read from disks. Installing additional memory in a workstation often improves the disk subsystem performance, because accessing the cache is faster than moving the information into memory.

Having Windows automatically install a device driver is a two-step process. What's the first step? -Assign administrative permissions to the user who will initiate driver installation from the driver store -Add the driver package into the driver store -Customize the locations that Windows will search for a matching driver package

Add the driver package into the driver store - Installing a device driver in Windows is a two-step process. During staging, you add the driver package into the driver store. You can do this regardless of whether the device is attached to the computer. You must use administrator credentials to add the device driver package into the driver store. The second step is the driver's installation from the driver store. The driver is installed when Windows detects an attached device that would need the driver for the first time. A standard user can perform the second step, because it does not require administrative permissions.

Which of the following items is a common disadvantage to using traditional VPNs? -You must enroll clients and then connect the clients to your on-premises securely through several network changes -All network traffic is tunneled over the VPN -It requires IPv6 and that clients be domain-joined

All network traffic is tunneled over the VPN -Traditional VPNs are an "all or nothing" solution. Once connected, all network traffic is tunneled over the VPN. This can lead to large amounts of bandwidth on the organization's network being consumed when it isn't necessary. The most notable example being remote users who frequently use publicly accessible websites and resources. They may need VPN access for one or two tasks, but inadvertently pass all internet traffic over the organization's network instead of directly through the end user's ISP.

When comparing NTFS and FAT file systems, which of the following features is unique to NTFS? -NTFS uses smaller clusters to reduce space wastage on hard disks -NTFS supports file encryption -You can format floppy disks with NTFS

NTFS uses smaller clusters to reduce space wastage on hard disks -NTFS manages disk space more efficiently than FAT by using smaller cluster sizes. For example, a 30-GB NTFS volume uses 4-KB clusters. The same volume formatted with FAT32 uses 16-KB clusters. Using smaller clusters reduces space wastage on hard disks.

Northwind Traders is currently running Windows 10 Enterprise on its client devices. Northwind recently experienced several security breaches where users unknowingly ran malicious software that transmitted sensitive company information out of the organization. Since Northwind had no previous application control policies in place, its users were free to download whatever applications they wanted on to their devices. This lead to the malicious apps being downloaded that resulted in the security breaches. Northwind wants to rectify this situation by controlling which Universal Windows apps users can install and run. Which tool will provide this security feature? -AppLocker -BitLocker -Microsoft App-V for Windows

AppLocker - Windows 10 Enterprise and Windows 10 Education editions enable you to use AppLocker to control which Universal Windows apps users can install and run. In AppLocker, you configure which Universal Windows apps to allow or deny, under the category Packaged Apps.

As the Desktop Administrator for Contoso, Holly Dickson is planning a new operating system deployment to ensure that all applications function properly. Holly wants to perform an inventory of applications, analyze compatibility of applications, and mitigate any compatibility issues. Which tool should Holly use to complete these tasks? -Apps troubleshooter -Upgrade Analytics -Application Compatibility Toolkit

Application Compatibility Toolkit -The Application Compatibility Toolkit (ACT) is a set of tools that you can use to perform an inventory of applications, analyze compatibility of applications, and mitigate any compatibility issues. Organizations typically use ACT when planning a new operating system deployment to ensure that all applications function properly.

Which of the following items is a benefit of using Windows Installer app packages in an .msi format compared to using app installers in .exe files? -MSI files provide more control over the installation process -You can optionally build a custom UI -Apps that you deploy from .msi packages are more likely to uninstall cleanly

Apps that you deploy from .msi packages are more likely to uninstall cleanly -Because of the way that Windows Installer packages manage changes to an operating system, apps that you deploy from an MSI package are more likely to uninstall cleanly than those that you deploy by using apps installers in EXE files. A "clean" uninstall means that no "artifacts" related to the uninstalled app are left behind. This is important from an app-management perspective, because the ability to remove an app cleanly, without leaving any trace of it on a device, is as important as installing it correctly in the first place.

Which of the following items identifies the four phases in the Windows Server Update Services (WSUS) update management process? -Identify, Evaluate and plan, Deploy, Support -Assess, Evaluate and plan, Identify, Deploy -Assess, Identify, Evaluate and plan, Deploy

Assess, Identify, Evaluate and plan, Deploy -The goal of the assess phase is to set up a production environment that supports update management for routine and emergency scenarios. During the identify phase, you identify new updates that are available, and determine whether they are relevant to your organization. After you identify the relevant updates, you need to evaluate whether they work properly in your environment. After you have thoroughly tested an update and determined any dependencies, you can approve it for deployment in the production network.

Wingtip Toys has a hybrid Exchange deployment. Wingtip employs an on-premises AD DS that supports its Exchange Server 2019 deployment. It also has a cloud-based Azure AD environment that supports Exchange Online in its Microsoft 365 tenant. What tool can Wingtip's Enterprise Administrator use to synchronize these AD DS and Azure AD services together to meet its hybrid identity goals? -Active Directory Rights Management Services (AD RMS) -Azure AD Connect -Active Directory Lightweight Directory Services (AD LDS)

Azure AD Connect - Administrators can synchronize AD DS and Azure AD together using the Azure AD Connect tool. Azure AD Connect enables IT to take advantage of the benefits each service has to offer. It's an on-premises Microsoft application that's designed to meet and accomplish an organization's hybrid identity goals.

Mary is a sales rep for World Wide Importers. After one of Mary's co-workers retired, they attached the co-worker's old dot matrix printer to her Windows 10 laptop. They located a DVD with the print driver from her co-worker's left-over files, so they installed the DVD on her computer. Given the age of the printer, Mary had to attach it to a serial (COM) port on her computer. When Mary tried printing to the printer, Windows wouldn't detect the printer. Mary has never had their own printer before, so they're reluctant to throw it out. They know the printer works because they recently saw their co-worker use it before retiring. What should Mary do to try and get the printer to work? -Hit the side of the printer with a hammer -Reinstall the print driver -Configure a printer port manually

Configure a printer port manually - Windows can automatically detect printers when you connect them to your computer. Windows also installs the printer driver without interaction if the driver is available in the driver store. However, a Windows operating system may not detect network printers, or printers that you connect to older ports, such as serial (COM) or parallel (LPT) ports. In these cases, you must configure a printer port manually.

Walter wants to use OneDrive. Before Walter can use OneDrive from the Windows OneDrive tile, what's the first thing they must do? -Configure your OneDrive synchronization settings -Connect your domain or local account with your Microsoft account -Sign in with your Microsoft account and request OneDrive access

Connect your domain or local account with your Microsoft account -Before you can use OneDrive from the Windows OneDrive tile, you must connect your domain or local account with your Microsoft account.

As the IT Support professional for Fabrikam, Holly Spencer created firewall rules to allow traffic through the company's firewall. Holly now wants to secure this traffic using IPsec. What must Holly do to secure this traffic with IPsec? -Create connection security rules that apply between the computers that are the two endpoints -Create connection security rules that apply to services -Create connection security rules that apply to programs

Create connection security rules that apply between the computers that are the two endpoints -Connection security rules don't apply to programs and services. They apply only between the computers that are the two endpoints.

As the Desktop Administrator for Contoso, Holly Dickson wants to use Windows Update for Business to manage which Windows Updates are received when, as well as the experience a device has when it receives them. Holly wants to specify which devices go first in an update wave, and which ones will come later. This design will help Holly ensure that all quality bars are met. What must Holly do to support this update plan? -Implement peer-to-peer delivery for Microsoft updates -Integrate Windows Update for Business with Microsoft Intune -Create deployment rings

Create deployment rings -Deployment rings enable administrators to specify which devices go first in an update wave, and which ones will come later (to ensure any quality bars are met).

As the Desktop Administrator for Trey Research, you were approached by members of the Engineering department regarding a sign-in issue. Each day the engineers access computers, CAD machines, and printers, in the company's Engineering workgroup. These machines are all running either Windows 10 or Windows 11. Every time they access one of these workgroup resources, they're prompted to enter their credentials. The engineers have found this continual entering of credentials to be very time consuming and annoying. What Windows tool can you use that will save each engineer's credentials on each resource so that they're not prompted each time they access computers in the Engineering workgroup? -Credential Manager -Windows Hello using Biometrics -Web Credentials

Credential Manager - The Credential Manager utility is built into Windows Control Panel. Credential Manager saves the credentials that users enter when accessing other computers and resources on local networks. In doing so, users aren't prompted each time they access other computers. Credential Manager can also be used to back up and restore those credentials.

A user is complaining of decreased computer system performance. Which of the following items is one of the four main hardware components that you should monitor in a Windows 10-based computer? -Network -Battery -Cooling Fan

Network - Windows computers have four main hardware components that you should monitor: Processor, Disk, Memory, and Network.

Fabrikam is a large Microsoft Volume License customer with a complex IT infrastructure. From a device management perspective, its IT department wants to choose the pace at which it adopts new technology for user devices. It also requires a broad range of options for operating system deployment and device and app management. Which of the following Windows 10/11 editions allows Fabrikam to meet these IT requirements? -Pro edition -Pro for Workstations -Enterprise edition

Enterprise edition - Enterprise edition builds on the features of Pro edition, with additional features that meet the needs of large enterprises. Enterprise edition is available to Volume Licensing customers only. They can choose the pace at which they adopt new technology. Enterprise edition also supports a broad range of options for operating system deployment and device and app management.

When you attempted to sign in to one of your company's older Windows 10 computers, you received an error message indicating that a service failed to start. As you begin troubleshooting the problem, what should you pay special attention to? -The list of services in the System Configuration tool -The stop code that's displayed -Error events recorded in the system log records

Error events recorded in the system log records -When you troubleshoot startup problems with services, pay special attention to error events that the system log records.

As Contoso's Desktop Administrator, you want to complete an in-place upgrade to upgrade a Windows 8.1 Enterprise device to Windows 11 Enterprise. What steps should you take to complete this upgrade? -Evaluate, Back up, Upgrade, Verify, Update -Evaluate, Set up, Upgrade, Update, Verify -Evaluate, Back up, Upgrade, Update, Verify

Evaluate, Back up, Upgrade, Verify, Update -When upgrading from Windows 8.1 to Windows 11 on a single device, performing an in-place upgrade is the easiest way to upgrade Windows. The in-place upgrade process includes the following steps: 1) Evaluate whether the device meets the minimum OS requirements, 2) Back up existing data to a secure location, 3) complete the (in-place) Upgrade, 4) after the upgrade is complete, Verify that all the applications and hardware devices function correctly, and 5) Update the Windows OS with any relevant updates.

Which Windows tool is typically the starting point for troubleshooting hardware failures? -Event Viewer -System Information tool -Device Manager

Event Viewer - The Event Viewer tool is the starting point for troubleshooting hardware failures. You should check the system and application logs for information, warnings, or errors that hardware devices or device drivers generate. Use the Event Viewer tool to show logs on remote computers and on the local machine.

You are troubleshooting a computer problem. You need access to essential event information from applications, security, setup, and the system. Which of the following tools provided in Windows 10 lists and categorizes this event information? -Performance Monitor -Resource Monitor -Event Viewer

Event Viewer -Event Viewer provides categorized lists of essential Windows log events, including application, security, setup, and system events, in addition to log groupings for individual installed applications and specific Windows component categories. Individual events provide detailed information regarding the type of event that occurred, when the event occurred, the source of the event, and technical detailed information to assist in troubleshooting the event.

As the Desktop Administrator for Tailspin Toys, Alan Deyoung enabled File History on the company's Windows 10 and 11 computers. By doing so, File History automatically creates a backup of modified user files on each computer's local drive. By default, how often does File History copy the modified files in protected folders? -Every hour -Every 12 hours -Once a day

Every hour - After you enable File History, it creates a backup of modified user files automatically on the local drive, removable drive, or network location. File History backs up the folders in user profiles and libraries, and you can add additional folders. By default, File History copies the modified files in protected folders every hour, and Windows keeps them indefinitely, as long as there is enough storage space.

You support a number of Windows 10 computers that store files on FAT32 file systems. You need to configure a recovery option that will allow you to recover data that was backed up from these systems. Which recovery option should you choose? -File History -Windows Backup and Restore (Windows 7) -Azure Backup

File History - File History, Backup and Restore (Windows 7), and Azure Backup can all protect and recover files and folders that are stored on an NTFS volume, the most common file system in Windows. If files are stored on other file systems, such as FAT, FAT32, exFAT or ReFS, you only can use File History to protect and recover them. The Windows Backup and Restore (Windows 7) tool and Azure Backup don't support those file systems.

As the Desktop Administrator for Contoso, Holly Dickson is comparing the various recovery features that are available. Which of the following is a true statement regarding file recovery options that Holly should consider when determining which recovery option to use? -Windows provides three file recovery options - File History, Backup and Restore (Windows 7), and Azure Backup -File History and Azure Backup can recover files and folders on the same computer on which the backup was created, and on different computers -File History can only recover files and folders on the computer on which the backup was created

File History can only recover files and folders on the computer on which the backup was created -Both the Backup and Restore (Windows 7) tool and Azure Backup can recover files and folders on the same computer on which the backup was created, and on different computers. However, File History can recover files and folders only on the computer on which the backup was created.

Your organization recently upgraded to Windows 10 from Windows 8.1. You want to use a familiar, wizard-driven tool to configure wired and wireless connections. Which tool should you use? -Network and Internet -Network and Sharing Center -Windows PowerShell

Network and Sharing Center -The Network and Sharing Center provides a clear view of the status for any wired or wireless connection. You can use it to create additional network connections by using a wizard-driven interface. The Network and Sharing Center also provides links for accessing other network-related tools.

Windows is very user friendly in that any user can start using devices without any assistance. As long as a driver package is in the driver store, any user can connect a device, and the driver installation will begin. Contoso has found this to be challenging for its IT department, who at times has been unable to support such a broad range of devices. Contoso doesn't want to prevent users from connecting USB devices to their USB ports. Such a solution isn't very flexible, and it would be almost impossible for Contoso to manage given its staffing issues. Instead, Contoso has chosen to implement a built-in Windows feature that will enable it to restrict certain types of USB devices and installation of all devices that aren't explicitly allowed. What is this Windows feature? -Device Manager -The pnputil.exe command line utility -Group Policy settings

Group Policy settings - Windows includes several Group Policy settings that control installation of devices and device drivers. This enables you to restrict installation of specific devices, but allows installation of all others devices. For example, you can use these Group Policy settings to restrict certain types of USB devices and installation of all devices that are not allowed explicitly, such as USB keys that are not company-approved.

A user reports that an application is automatically launching after sign in, which should not be. It is a shared device, and other users are stating the application does not launch when they sign in on the same device. You ask the user to sign in, and then remote in to their session. You decide to investigate the registry to see what is causing the application to launch. Which hive should you check? -HKEY_USERS -HKEY_LOCAL_MACHINE -HKEY_CURRENT_USER -HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER - As only one user is experiencing the issue, checking Software\Microsoft\Windows\CurrentVersion\Run is likely the location that is causing the application to launch.

Miranda is a Sales manager at World Wide Importers. Miranda is able to sign in, but can't access network resources. As the company's IT Support professional, you suspect that this may be due to the sign-in process using Miranda's cached credentials. You've verified that Miranda's computer has network connectivity and that the computer account is authenticating properly. What can you try next to help limit your troubleshooting scope? -Have Miranda sign-in to a second computer -Use Windows PowerShell to query Miranda's account status -Use Event Viewer to view event logs

Have Miranda sign-in to a second computer -When a user can sign in but can't access network resources, the sign-in process may be using the user's cached credentials. If this happens, you should verify that the computer has network connectivity and the computer account is authenticating properly. If your organization does not restrict user sign-in to specific computers, the user can attempt to sign in to a second computer, which identifies whether the authentication issue pertains to a specific computer. You can use the results of this test to limit your troubleshooting scope. For example, if the issue isn't computer-specific, then it isn't a local computer-configuration issue.

As the Desktop Administrator for Contoso, Holly Dickson wants to configure the company's new batch of Windows 11 laptops with the same power plan. Holly wants to select the power plan that keeps the system's disk drive, memory, and processor continuously supplied with power. Which power plan should Holly configure on each of the new devices to meet this requirement? -Balanced -Power saver -High performance

High performance -The High performance power plan keeps the system's disk drive, memory, and processor continuously supplied with power. It requires the highest energy usage of the available power plans, and it sets the screen at its highest brightness.

Tailspin Toys is a small organization with approximately 25 client computers. George works in the company's Accounting department, but given his background with Excel and other business-related computer software, he's also considered the company's "computer" guy. George is the person who everyone turns to when an issue occurs with a computer, printer, or the company's fax machine and telephone system. George wants to upgrade several of Tailspin's older Window devices with Windows 11 as quickly and as easily as possible. Which of the following deployment strategies should George implement to achieve this goal? -High-touch deployment with a standard image -Lite-touch deployment -High-touch deployment with retail media

High-touch deployment with retail media -The high-touch with retail media deployment strategy is suitable for small organizations that do not have information technology (IT) staff, or have IT staff members without deployment experience. Such organizations typically have fewer than 100 client computers. This strategy is the simplest way to deploy Windows. Insert the Windows media and run the setup program. It is a manual installation that requires you to answer each prompt in the setup program.

As the Enterprise Administrator for Contoso, Holly Dickson recently deployed several new Windows 11 computers. George, who was a recipient of one of those new computers, complained to Holly that he was unable to access the local computer or network resources. Which of the following items could be causing the authentication failures that George has been experiencing? -Holly didn't properly configure the list of DNS servers on George's computer -George didn't reauthenticate his user account by restarting the computer -Holly didn't assign George to an Active Directory security group

Holly didn't properly configure the list of DNS servers on George's computer -If you don't properly configure the list of DNS servers on a Windows client computer, it can't obtain a list of domain controllers. This will result in authentication failures, in which case the user can't access the local computer or network resources.

You have deployed several defense mechanisms to protect users from Phishing attacks. However, some users are still falling prey to these attacks. Which of the following statements will help educate your users about Phishing? -Scammers imitate someone you know, so verify their email address rather than contact information or brand accuracy -Hover over links to uncover the URL -Phishing scams are exclusively perpetrated in email

Hover over links to uncover the URL - Always check a URL before you select on the link. Bad links are sometimes embedded into an email as a way to trick the reader.

As the Desktop Administrator for Wingtip Toys, you want to configure Microsoft Edge with group policy objects (GPOs). Doing so will enable you to add rules and settings for Microsoft Edge to the group policy Central Store in your Active Directory domain or the Policy Definition template folder on individual computers. What's the first thing you must do to configure Microsoft Edge with GPOs? -Ingest the administrative GPOs from Microsoft Intune -Install the administrative templates -Download the administrative GPOs from the Microsoft Store for Business

Install the administrative templates -To configure Microsoft Edge with group policy objects, you must first install the administrative templates (ADMX files) that add rules and settings for Microsoft Edge to the group policy Central Store in your Active Directory domain or the Policy Definition template folder on individual computers. If using an MDM such as Microsoft Intune, you can ingest the ADMX files, and create configuration policies.

Which of the following versions of Windows 10 and later is designed to run a single app on fixed purpose devices, such as automated teller machines, point-of-sale terminals, and industrial and medical devices? -IoT Core edition -Pro for Workstations -IoT Enterprise edition

IoT Core edition -The IoT Edition of Windows is designed for fixed purpose devices, such as automated teller machines, point-of-sale terminals, and industrial and medical devices. Windows 10 IoT Core is a smaller OS designed to run a single app, while Windows 10/11 IoT Enterprise is a full version of Windows Enterprise with specialized features.

You need to plan and perform an automated desktop app deployment. You want to determine the best deployment method for your organization. You were initially interested in using Group Policy, but one potential drawback has you concerned. Which of the following items is that drawback? -You can't assign apps to users or computers -It can be difficult to determine whether a deployment is successful -You must upload apps to Microsoft Intune before you can deploy them

It can be difficult to determine whether a deployment is successful - Group Policy software deployment doesn't include reporting functionality. The only way to determine whether an app has installed correctly is to check it manually.

As the Enterprise Administrator for World Wide Importers, Patti Fernandez deployed AD DS on an Azure virtual machine to enable scalability and availability for an on-premises AD DS. What's one of the repercussions of deploying AD DS on an Azure virtual machine? -Authentication will be very slow -You can't use drive C for AD DS storage -It doesn't make any use of Azure AD

It doesn't make any use of Azure AD -You can deploy AD DS on an Azure virtual machine to enable scalability and availability for an on-premises AD DS. However, deploying AD DS on an Azure virtual machine doesn't make any use of Azure AD.

As the IT Support professional for Tailspin Toys, you enabled AppLocker restrictions for the Universal Windows apps by configuring the appropriate Group Policy settings. You did so by creating a new rule in the Local Group Policy editor. During this process, you created the default rule. What does the default rule do? -It enables the Application Identity service to run on all computers affected by your AppLocker policy -It enables all signed package apps to run -It identifies applications, and then processes the AppLocker policies against the identified applications

It enables all signed package apps to run -This default rule has a lower precedence, but it enables all signed packaged apps to run.

Device Registration works by using the Device Registration Service. When a user registers a device through the enrollment process, the Device Registration Service provisions a certificate for the device. What's the purpose of this certificate? -It's used to authenticate the device when it accesses internal resources -It enables the device to access company resources from external networks such as the Internet -So the user isn't prompted for credentials each time they try to access a company resource

It enables the device to access company resources from external networks such as the Internet -This item is why you would enable the Web Application Proxy component

You added a new hard disk to your Windows computer and changed the logical drive numbering. You now want to use BCDEdit to modify the Boot Configuration Data (BCD) store to account for this change in logical drive numbering. What's the first thing you should do? -Update the logical drive number parameters in the Boot.ini file -Make a complete image backup of all drives with BCD partitions on them -Update the logical drive number parameters in the Non-Volatile Random Access Memory (NVRAM) entries in the Windows operating system

Make a complete image backup of all drives with BCD partitions on them - Never use BCDEdit without first making a complete image backup of all drives with BCD partitions on them. It's also important that you build a recovery disk that you can boot from in the event your boot drive fails, following any changes you make to the BCD. If this happens, you can boot to the recovery disk and use it to restore the backup image that you first created. This will enable you to at least get your computer back up and running, even if it's with the pre-modified version of the BCD.

As the Desktop Administrator for Fabrikam, you must set up an account that will be used to sign-in to a Windows 11 PC. This account must be able to synchronize files with OneDrive. What type of account should you create? -Domain Account -Local Account -Microsoft Account

Microsoft Account -A Microsoft Account (formerly Windows Live ID) enables a user to have easier access to Microsoft's services. If you have ever used services such as Xbox Live, Hotmail, Outlook.com, OneDrive, or Windows Messenger, you already have a Microsoft Account. Microsoft has combined all their services together, which allows a user to access them with a single account. Just one email address and password are used for all these services.

You suspect that spyware has infected a specific area of your computer. You want to run a quick scan to determine whether your computer is infected. Which of the following tools will provide this functionality? -Windows Defender Firewall with Advanced Security -Microsoft Defender for Endpoint -Microsoft Defender Antivirus

Microsoft Defender Antivirus - You can use Microsoft Defender Antivirus to run a Quick, Full, Custom, or Offline scan. If you suspect spyware has infected a specific area of a computer, you can customize a scan by selecting specific drives and folders. You also can configure the schedule that Microsoft Defender Antivirus will use.

Which Microsoft Defender for Endpoint feature protects Windows kernel-mode processes against the injection and execution of malicious or unverified code? -Microsoft Defender Application Guard -Microsoft Defender Exploit Guard -Microsoft Defender Device Guard

Microsoft Defender Device Guard - Device Guard combines the features of Application Control with the ability to leverage the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.

As the Desktop Administrator for Tailspin Toys, Patti Fernandez wants to installs several desktop apps throughout the company. Patti wants to use an installation methodology that's as robust as Microsoft Endpoint Configuration Manager, but is significantly less effort to set up and manage. Patti also wants the installation method to deploy apps to non-Windows devices such as iOS, Android and macOS, as well as deployment to unmanaged (BYOD) devices. Which deployment methodology should Patti use that meets these requirements? -Group Policy -Microsoft Intune -Virtualized applications

Microsoft Intune - Intune is Microsoft's cloud -based solution for managing desktop and mobile devices. Intune supports deployment of UWP, AppX, and has recently added support for Win32 apps such as simple MSI files. While not as robust as Configuration Manager, Intune is significantly less effort to setup and manage. Intune also manages deployment of apps to non-Windows devices such as iOS, Android and macOS, as well as deployment to unmanaged (BYOD) devices.

Lucerne Publishing has experienced a rash of security issues related to device management. It wants to control how the organization uses devices, including mobile phones, tablets, and laptops. The company has decided that it wants to prevent emails from being sent to people outside the organization. And while the company allows selected employees to use their personal devices for work, it wants to ensure the organization's data stays protected. It also wants to isolate organization data from personal data. What tool should Lucerne Publishing implement to provide these device management features? -Client Hyper-V -Configuration Manager -Microsoft Intune

Microsoft Intune - Microsoft Intune controls how your organization's devices are used, including mobile phones, tablets, and laptops. It can also configure specific policies to control applications. For example, you can prevent emails from being sent to people outside your organization. Intune also allows people in your organization to use their personal devices for school or work. On personal devices, Intune helps make sure your organization's data stays protected and can isolate organization data from personal data.

In the Windows operating system architecture, the Windows Runtime (RT) APIs enable the operating system to run which type of apps? -Microsoft Store apps -.NET Framework -Win32 APIs

Microsoft Store apps -The Windows Runtime (RT) APIs enable the operating system to run Microsoft Store apps, whereas Win32 and related API sets enable the operating system to run traditional desktop apps.

You're an IT Support professional for a medical facility. One of the physicians needs to move a file to a different folder on the file server. You determine that the folders are on the same volume. What permissions, at a minimum, must the physician have to move the file? -Modify for the source file and Write for the destination folder -Read for the source file and Write for the destination folder -Read for the source file and Full control for the destination folder

Modify for the source file and Write for the destination folder - When you move a file or folder within a volume or between volumes, you must have both the Write permission for the destination folder and the Modify permission for the source file or folder. You require the Modify permission to move a folder or file because Windows deletes the folder or file from the source folder after it copies it to the destination folder.

Fabrikam is looking to update their antiquated system design. They currently connect their host servers directly to the Internet. While this makes their hosts servers available to Internet users, it also allows those users access to Fabrikam's corporate intranet. Which of the following defense mechanisms should they implement to resolve this issue? -Perimeter networks -Internet Protocol security (IPsec) -Firewalls

Perimeter networks -Perimeter networks, which are isolated areas on your network to and from which you can define network traffic flow. When you need to make network services available on the Internet, it is not advisable to connect hosting servers directly to the Internet. However, by placing these servers in a perimeter network, you can make them available to Internet users without allowing those users access to your corporate intranet.

What are effective permissions? -The permissions on a file or folder that are effective on the date the file or folder is created -Permissions that are explicitly assigned to a file or folder -Permissions determined by combining the user and group permissions and then comparing them to the selected user's permissions

Permissions determined by combining the user and group permissions and then comparing them to the selected user's permissions - Each file or folder on the NTFS file system or ReFS has inherited or explicit permissions assigned, or both. Windows determines effective permissions by combining the user and group permissions and comparing them to the permissions of the selected user.

Contoso wants to use Miracast wireless technology in its conference rooms. This technology will enable users to project their screen to conference room TVs, projectors, and streaming media players that also support Miracast. This will enable the users to share what they're doing on their PC or present a slide show on to a larger screen. However, when setting up their conference rooms, Contoso realized that some of the rooms are using older displays that don't support Miracast. What's the most efficient thing that Contoso can do so that its users can project on to these older display devices and still take advantage of the Miracast technology? -Plug a Miracast adapter into the display device's HDMI port -Wire their PC to the display device -Contoso will need to replace these older display devices with devices that support Miracast

Plug a Miracast adapter into the display device's HDMI port - In order to use Miracast, both the source and target device's hardware and OS must support Miracast. If the display you'll project to doesn't support Miracast, you'll need to plug a Miracast adapter (sometimes called a "hardware guard") into the device's HDMI port.

Contoso uses virtual hard disks, which are an integral part of its Client Hyper-V virtual machine environments. Which of the following items is an advantage of using virtual hard disks? -Performance -Portability -Physical failures

Portability - An advantage to using virtual hard disks is portability. Virtual hard disk files may be easier to move between systems, particularly when you use shared storage.

While ReFS was built on NTFS, it's designed to provide the highest level of resiliency, integrity, and scalability, regardless of software or hardware failures. Which of the following features is unique to ReFS when compared to NTFS? -ReFS allows you to control file permissions -ReFS allows you to configure auditing -ReFS periodically scans volumes and tries to automatically correct any corruption

ReFS periodically scans volumes and tries to automatically correct any corruption - ReFS periodically scans volumes. If it detects corruption, ReFS tries to correct the corruption automatically. If it can't repair the corruption automatically, ReFS localizes the salvaging process to the corruption area. This doesn't require any downtime for the volume.

Pierre has created a shared folder on a volume that's formatted with a file system that supports security. As such, both the shared folder permissions and the file and folder permissions combine to control permissions to file resources when a user connects via a network. The share permission for the shared folder that Pierre created is set to Read. What actions can be performed when connecting through a shared folder? -Read or modify the file if the individual file system permission is set to Modify -Read the file only -You have complete control of the file or folder and control of permissions if the individual file system permission is set to Full Control

Read the file only -When you combine file system and share permissions and a share permission is set to Read, the most that you can do when connecting through a shared folder is read the file, even if the individual file system permission is set to Full Control. All file system permissions that are less restrictive than the share permissions filter out, so that only the most restrictive permissions remain - in this case, the Read permission.

Adventure Works Cycles has an older Windows 8.1 device that it wants to replace with a new device running Windows 11. The Desktop Administrator for Adventure Works wants to replace the current device by running a side-by-side migration to its replacement device. The Desktop Admin has completed the first three steps in the migration process. The user data and application settings on the source device were backed up to a network location. The Windows 11 OS was installed, and the most current Windows updates were installed. What's the next step that must be completed in the migration process? -Restore application and user-related settings on the new device -Use OneDrive to synchronize user files and settings between devices -Reinstall all applications

Reinstall all applications - After the Windows OS and Windows updates have been installed, the next step in the side-by-side migration process is to reinstall all applications. Performing an upgrade by using a clean installation and migration process doesn't migrate the installed applications. When you complete the Windows installation, you must reinstall all applications. Windows may block the installation of any incompatible programs. To install any of these programs, contact the software vendor for an updated version that is compatible with the OS version installed.

A user reports problems regarding application failures. The user has indicated that this isn't the first time they've experienced issues with this application. Which of the tools provided in Windows 10 can create a problem report that you can use to troubleshoot this? -Reliability Monitor -Process Explorer -Task Manager

Reliability Monitor - The Reliability Monitor reviews a computer's reliability and problem history. You can use the Reliability Monitor to produce several kinds of reports and charts that can help you identify the source of reliability issues and troubleshoot the problems.

As the Desktop Administrator for Tailspin Toys, Alan Deyoung wants to identify hardware-failure trends so that he can be more proactive when managing devices. This will enable him to identify devices that suffer periodic failures, and replace them before they fail irreversibly. Which Windows tool should Alan use to gather this information? -Device Manager -Reliability Monitor -The System Information tool

Reliability Monitor -The Reliability Monitor displays Windows reliability over time and any hardware failures that have occurred. You can use the Reliability Monitor to identify hardware-failure trends so that you can be more proactive in your administration. This can help you identify devices that suffer periodic failures, and replace them before they fail irreversibly.

Northwind Traders wants its IT Support staff to be able to take control of a computer to troubleshoot and perform maintenance tasks without having to physically travel to the problematic machine. Northwinds wants to limit its IT Support staff to troubleshoot remote computers, but not telecommute or access files or folders. Which service that's bundled with Windows provides this functionality? -Remote Assistance -System Center Virtual Machine Manager -Remote Desktop Services

Remote Assistance -Remote Assistance is a bundled service with Windows. It enables a technician to take control of a computer to troubleshoot and perform maintenance tasks without having to physically travel to the problematic machine. This enables the technician to resolve problems without leaving their home or office. The end user must be there to authorize this, and the user can end the session at any time. This technology is generally used only to troubleshoot remote computers and is not used for telecommuting or accessing files or folders.

Tom is an IT Support Professional for Fabrikam. One of the users that Tom supports isn't able to make a remote desktop connection to a Windows 10 computer. The user keeps receiving an Access Denied error. Tom must confirm whether the user's account has permissions to make a remote desktop connection. Which security group on the Windows 10 computer is the best choice for Tom to set the user's account to be a member of? -Remote Management Users -Remote Desktop Users -Administrators

Remote Desktop Users -As a member of the Remote Desktop Users group, users will have the appropriate permissions to connect. While the Administrators group also provides these permissions, it provides much more access than is required to meet the request. As such, Remote Desktop Users is a better choice than Administrators.

Contoso recently purchased a new PC for use by its Sales team. Each Sales team member will be able to access the PC remotely from their laptops. Contoso's Desktop Administrator joined the new PC to Azure AD. What additional configuration is needed so that Sales staff can access it remotely from their own PCs? -Remote connections must be allowed for the local Authenticated Users group -Remote Assistance connections must be enabled for the PC -No additional configuration is needed

Remote connections must be allowed for the local Authenticated Users group - If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. However, to allow additional users to connect to the PC, you must allow remote connections for the local Authenticated Users group.

As the IT Support professional for Contoso, you want to use the New Connection Security Rule Wizard to create a new rule that specifies how you want authentication to apply to inbound and outbound connections. Which authentication option should you select if you want to specify that all inbound and outbound traffic must authenticate, but that the connection is allowable if authentication fails? -Require authentication for inbound and outbound connections option -Require authentication for inbound connections and Request authentication for outbound connections option -Request authentication for inbound and outbound connections option

Request authentication for inbound and outbound connections option - This option specifies that all inbound and outbound traffic must authenticate, but that the connection is allowable if authentication fails. However, if authentication succeeds, traffic is protected. You typically use this option in low-security environments or in an environment where computers must be able to connect, but they cannot perform the types of authentication that are available with Windows Defender Firewall with Advanced Security.

Adventure Works Cycles has some Windows 10 devices that have been experiencing issues such as not responding, frequent errors, and running slow. As the Desktop Administrator for Adventure Works, you don't want to spend significant time troubleshooting these issues, especially since they don't appear to have anything in common that could help expedite the troubleshooting process. Instead of troubleshooting the root cause of these issues, what Windows 10 feature can you use to revert the machines back to their original state of the image that was used to install Windows? -In-place migration -Reset this PC -Side-by-side migration

Reset this PC - A Windows 10 or 11 device may begin having problems such as not responding, frequent errors, or just runs slow. Refreshing the OS can often be easier than spending significant time trying to troubleshoot the root cause. Windows 10 and later provides a feature called Reset this PC. Reset this PC essentially reverts the machine back to its original state of the image that was used to install Windows. When resetting the PC, the Windows OS will reinstall.

Which Windows 10 performance-monitoring tool provides a snapshot of system performance? -Resource Monitor -Task Manager -Performance Monitor

Resource Monitor -Resource Monitor provides a snapshot of system performance, including a summary and tab with detailed information for the four key system components: processor, memory, disk, and network. If a Windows computer runs slowly, you can use Resource Monitor to view current activity in each of the four component areas, and determine which is causing a performance bottleneck. However, Resource Monitor can show only resource utilization for the local computer, not remote or virtual computers.

As the Desktop Administrator for Fabrikam, Holly Spencer wants to use the Previous Versions tab in File Explorer to view, restore, or revert previous versions of files, folders, or volumes. What must Holly configure to be able to use the Previous Versions feature? -A virtual hard disk -A system image -Restore points

Restore points -The Previous Versions tab in File Explorer is a Windows feature that enables users to view, restore, or revert previous versions of files, folders, or volumes. Data from File History or restore points populates the Previous Versions tab. Therefore, you must configure either File History or restore points to be able to use the Previous Versions feature.

As the Desktop Administrator for Contoso, Holly Dickson wants to implement disk technology that enables the operating system to monitor the hard disk proactively, checking for reliability issues before they can result in data loss. What's the name of this technology? -NTFS -SMART -MTBF

SMART -Some disks implement Self-Monitoring, Analysis, and Reporting Technology (SMART). This technology enables the operating system to monitor the hard disk proactively, checking for reliability issues before they can result in data loss.

As the Desktop Administrator for Contoso, Holly Dickson is auditing information on a Windows 10 computer that's been experiencing issues as of late. Holly wants to review information such as valid and invalid sign-in attempts, and events related to resource use such as creating, opening, or deleting files. Which log file should Holly review in the Event Viewer? -Application log -Security log -System log

Security log -The security log records security events, such as valid and invalid sign-in attempts, and events related to resource use such as creating, opening, or deleting files. An administrator specifies which events Windows records in the security log by creating a domain-wide audit policy.

As the Desktop Administrator for Contoso, Jesse wants to implement Work Folders throughout the organization. Jesse has begun by setting up a Work Folders server. After installing the Work Folder role on the server, what feature will Jesse be able to use to create and manage sync shares, which contain users' Work Folders? -The Work Folders admin center -Server Manager -Work Folders Synchronization tool

Server Manager -When you install the Work Folder role service on the Work Folder server, this adds an additional access protocol and extends Server Manager. You can then use Server Manager to create and manage sync shares, which contain users' Work Folders.

As the Desktop Administrator for Tailspin Toys, Alan Deyoung wants to create storage spaces from storage pools. When configuring storage layout, which option should Alan select that has data striping but no redundancy? -Simple -Two-way and three-way mirrors -Parity

Simple - A simple space has data striping but no redundancy. In data striping, logically sequential data is segmented across all disks in such a way that provides access for these sequential segments to different physical storage drives. Striping makes it possible to access multiple segments of data concurrently.

Fabrikam has enabled Device Registration. After a Fabrikam user enrolls a device, why is the device object created in AD DS? -So that a company Group Policy can be applied to the device -So the user won't have to enter credentials every time they access internal websites and company apps -So that the registered devices can access company resources from external networks such as the Internet

So the user won't have to enter credentials every time they access internal websites and company apps -The device object in AD DS establishes a link between the user and the device. This enables the device to be used as a second form of authentication. Administrators can then configure which apps the user can access from the device without entering credentials, and they can ensure that company policies and security applies to the device by configuring a device policy.

Contoso has a large fleet of computers that it wants to manage more efficiently. Contoso is looking to implement a solution that will simplify deployment of new and replacement computers, provide consistent applications and hardware across the enterprise, and simplify inventory and software development. What should Contoso use that will satisfy these requirements? -Standard operating environment -Windows as a Service -Autotriggered VPN

Standard operating environment - To more efficiently manage a large fleet of computers, enterprises often use one or more standard operating environments (SOEs). An SOE is a set operating system, application, and hardware configuration. The benefits of an SOE include simplified deployment of new and replacement computers, consistent applications and hardware across the organization, simplified inventory, simplified updating, and simpler software development.

Your Windows 10 computer has been experiencing start up problems due to some type of service issue. What can you do to only load a minimal set of services during the startup process so that you can troubleshoot the service startup issue? -Start the computer in safe mode -Modify the MSConfig.exe file, activate boot logging, and then examine the generated log file -Configure Windows to record a Ntbtlog.txt file when it starts

Start the computer in safe mode - If the Windows computer doesn't start normally, try to start the computer in safe mode. You can access the Safe Mode option from the Advanced Boot Options menu, but you also can activate safe mode from MSConfig.exe. In safe mode, a minimal set of services load during the startup process. However, these services are sufficient to load the operating system. You then can troubleshoot the service startup problem using standard Windows operating system tools.

Joseph's Windows 10 laptop won't start normally due to a malfunctioning driver. Joseph wants to use the Driver Roll Back feature to reinstall the last version of the problematic driver. However, to start the laptop so that he can use the Driver Roll Back feature, what's the recommended step that Joseph should complete? -Start the computer in safe mode -Build a recovery disk, make a complete image backup of all drives with BCD partitions on them, boot from the recovery disk, and restore the backup image -Replace the current OS with a backup you create using the System Image Recovery tool

Start the computer in safe mode -If a malfunctioning driver is preventing Windows from starting normally, you can start the computer in safe mode and then use the Roll Back Driver option.

As the Desktop Administrator for Lucerne Publishing, Patti Fernandex wants to implement a high‐speed network that connects computer systems or host servers to high-performance storage subsystems. Patti wants to enable multiple servers to access a pool of storage in which any server can potentially access any storage unit. Which type of external storage system should Patti deploy to satisfy these requirements? -Network-Attached Storage -Direct-Attached Storage -Storage Area Networking

Storage Area Networking -SAN is a high‐speed network that connects computer systems or host servers to high-performance storage subsystems. A SAN enables multiple servers to access a pool of storage in which any server can potentially access any storage unit. Because a SAN is a network, you can use a SAN to connect many different devices and hosts and provide access to any connected device from anywhere.

As the Desktop Administrator for Contoso, Holly Dickson wants to implement storage virtualization in both Windows Server and Windows clients. Holly wants to add physical disks of any type and size to a storage pool, and then create highly available virtual disks from the storage pool. What feature should Holly employ to provide this functionality? -Block virtualization -Storage Spaces -File virtualization

Storage Spaces - Storage Spaces is a storage virtualization capability that is available in both Windows Server and Windows client. You can use Storage Spaces to add physical disks of any type and size to a storage pool, and then create highly available virtual disks from the storage pool.

A user reports a system failure with a computer. You need to return the computer to an earlier state without re-installing the operating system or causing data loss. Which of the Windows RE recovery tools can you use to achieve this? -Reset this PC -System Restore -System Image Recovery

System Restore -System Restore restores your computer to a previous point in time (restore point), so that it doesn't replace your computer's current operating system. System Restore also provides protection against accidental deletion of programs. When you add or remove programs, System Restore creates restore points, and keeps copies of application programs (file names with an .exe or .dll extension). If you accidentally delete an executable (.exe) file, you can use System Restore to recover the file by selecting a recent restore point prior to when you deleted the program.

An end user reports a problem with an app. To troubleshoot the issue, you examine the startup items to determine whether a particular program is causing problems after it starts. You also scan the processes for unresponsive apps. Which tool do you use to perform these troubleshooting steps? -Reliability Monitor -Task Manager -The Microsoft Diagnostics and Recovery Toolset

Task Manager - When a reliability problem first becomes apparent, you should use Task Manager to see if you can troubleshoot the issue. For example, you might examine the startup items to determine whether a particular program is causing problems after it starts and scan the processes for unresponsive apps.

Which Windows 11 feature provides users with a one-stop shop for notifications to see what's going on with apps and other programs from across their devices? -Group Policy -Focus Assist -The Action Center

The Action Center - The Action Center is your one-stop shop for notifications to see what's going on with apps and other programs from across your device. You can also get web notifications in your Action Center from Microsoft Edge sites. The Action Center is fully customizable. On the Notifications and actions tab, you can enable and disable what notifications you see in the Action Center, and select which quick actions are available.

Contoso is interested in using BitLocker to provide additional protection for their computers' operating systems and any data that's stored on those operating systems or in other volumes. Which of the following is a feature of BitLocker? -To install BitLocker, you must manually partition each computer's hard disk to enable the use of BitLocker -BitLocker requires a TPM chip -The BitLocker recovey password is required if you move a BitLocker encrypted drive to another computer

The BitLocker recovey password is required if you move a BitLocker encrypted drive to another computer -The BitLocker recovery password is a 48-digit password that unlocks a system in recovery mode. The recovery password is unique to a particular BitLocker encryption, and you can store it in AD DS. The recovery password will be required if you move the encrypted drive to another computer, or if changes are made to the system startup information.

A user installed a new hardware device and now is reporting problems. What's the most widely used Windows tool to perform initial hardware-related troubleshooting? -The System Information tool -The Reliability and Performance Monitor tools -The Device Manager tool

The Device Manager tool - Windows has several tools that you can use if you need to list installed devices, change device settings, or troubleshoot devices that don't work correctly. Device Manager is the most widely used tool for this purpose. It provides a list of all detected devices and the resources that they use.

The local storage needs upgrading for a 64-bit, Windows 10 laptop. The Windows 10 client runs on a motherboard with BIOS firmware and requires an MBR-partitioned system disk. The upgrade for the local storage for this laptop will be a 6 TB removable disk. You have decided to configure it as a GPT disk. Will you encounter any problems? -The GPT partition style can't be used on removable disks -You can't boot from GPT disks on BIOS systems running 64-bit Windows operating systems -The protective MBR doesn't protect GPT disks from previously released MBR disk tools, which makes them vulnerable to incidental data loss

The GPT partition style can't be used on removable disks - GPT disks address the limitations of MBR disks. However, you can't use the GPT partition style on removable disks.

Your organization has recently upgraded the network to support IPv6. Which of the following features is unique to IPv6 addresses? -Smaller, more efficient address space than IPv4 -The IPv6 address space is more efficient for routers -URL filtering

The IPv6 address space is more efficient for routers - The IPv6 address space is more efficient for routers due to its hierarchical addressing and routing infrastructure. This design means that even though there are many more addresses in IPv6 than IPv4, routers can process data much more efficiently because of address optimization.

As an IT Support professional, you share folders for your organization on a regular basis. The IT Manager has asked you to create a new shared folder on a Windows 10 computer. Given the sensitive nature of the files that will be stored in this folder, you have also been asked to assign an advanced share property to the folder that enables Server Message Block (SMB) encryption. Which of the following methods can be used to share the folder and assign this property? -The Shared Folders snap-in -Using Advanced Sharing -The Set-SmbShare PowerShell cmdlet

The Set-SmbShare PowerShell cmdlet -You can configure basic share properties in several ways, including Advanced Sharing, the Shared Folders snap-in, the net use Command prompt, and the New-SmbShare or Set-SmbShare Windows PowerShell cmdlets. However, if you want to modify more advanced share properties, such as by using access-based enumeration or Server Message Block (SMB) encryption, you can do that only by using the Set-SmbShare cmdlet.

As Northwind Traders' Desktop Administrator, you have been gradually upgrading the company's Windows 8.1 devices to Windows 11. In doing so, you noticed that many of the Control Panel functions in Windows 8.1 have been moved to a new location in Windows 11. Which Windows 11 feature replaces many of the configurable actions that were previously in the Control Panel? -System Center Configuration Manager -The Settings app -Orchestration groups

The Settings app -Windows 11 continues to use many of the same computer controls that previous Windows versions have included, such as the Control Panel. However, in Windows 11, many of the Control Panel functions are available in the Settings app. The Settings app contains several settings that you can use to configure your device.

Which feature of the Application Compatibility Toolkit monitors an application's installation process and identifies issues that relate to installation? -The Setup Analysis Tool (SAT) -The Update Compatibility Evaluator (UCE) -The Compatibility Administrator Tool

The Setup Analysis Tool (SAT) -This tool monitors an application's installation process and identifies issues that relate to installation.

As the Desktop Administrator for Fabrikam, Holly Spencer is investigating a laptop that has been experiencing program crashes that she feels are related to memory issues. When these crashes occur, Windows fails to start, and unpredictable Stop errors appear on blue screens. Holly has been unable to reproduce the issues, so the memory problems have been difficult to identify. What tool can Holly use to monitor this computer for defective memory and determine whether defective physical memory is causing the program crashes? -The Windows Memory Diagnostics tool -The System Configuration tool (MSConfig.exe) -The Boot Configuration Data Editing tool (BCDEdit.exe)

The Windows Memory Diagnostics tool -The Windows Memory Diagnostics tool monitors computers for defective memory. It also determines whether defective physical memory is causing program crashes. If the Windows Memory Diagnostics tool identifies a memory problem, Windows avoids using the affected part of the physical memory, so that the operating system can start successfully and avoid app failures.

Fabrikam's help desk staff has been conducting a high number of account resets due to users forgetting their new passwords and ultimately being locked out of their accounts. What's the probable cause of this situation? -User's failure to write down their new passwords on sticky notes -The company's account lockout threshold is set too low -Persistent drive mappings are used

The company's account lockout threshold is set too low - Setting the account lockout threshold too low can create excessive administrative burden, as the help-desk staff will be conducting many account resets. Remember that many users will forget that they changed their password recently, and might require a few attempts to sign in before they remember.

Sally is a member of the HR security group. You want to determine whether Sally can access the HR folder on an NTFS drive, so you open the Advanced Security Settings feature on the HR folder. From this feature, you can determine the permissions assigned to Sally and the effective access permissions Sally and the HR group have on the folder. What else can you determine from the Advanced Security Settings feature on the HR folder? -The permissions assigned to the HR group -The effective access to the device -How many times Sally has tried to access the folder

The effective access to the device -The Effective Access tab in the Advanced Security Settings for the HR folder enables you to view the effective permissions for a user, group, or device account.

Which of the following items is a benefit of using Universal Windows Platform (UWP) apps as compared to desktop apps (Win32 apps)? -UWP apps can be uninstalled without leaving artifacts like desktop apps typically do when they're uninstalled -UWP apps can be launched using an .msi file from either product media, network location share, or downloaded from a website -UWP apps can be launched as a package distributed from application management solution such as Endpoint Configuration Manager

UWP apps can be uninstalled without leaving artifacts like desktop apps typically do when they're uninstalled - UWP apps are distributed using a packaging system that installs the app that protects the user, device, and system. They are simple to install (usually one-click), and uninstall just as easily, without leaving "artifacts" that desktop apps typically do. The Microsoft Store is the most common place to find UWP apps.

You're working on a sales spreadsheet. Due to the sensitive nature of the file, it has explicitly assigned permissions. You decide to move the file to a different volume. What's the effect of this move on the file's permissions? -The file inherits the destination folder's permissions, but it doesn't retain the explicitly assigned permissions -The file inherits the destination folder's permissions and it retains the explicitly assigned permissions -The file loses all permissions

The file inherits the destination folder's permissions, but it doesn't retain the explicitly assigned permissions -When you move a file or folder to a different volume, the folder or file inherits the destination folder's permissions, but it does not retain the explicitly assigned or inherited permissions from the source location. When you move a folder or file between volumes, Windows copies the folder or file to the new location and deletes the original file from the source location.

As the Desktop Administrator for Wingtip Toys, Holly Spencer has been managing the storage resources on a laptop that seems to consistently run low on available disk space. The disk on this device uses NTFS-formatted volumes, so Holly has been taking advantage of NTFS folder compression. Holly recently copied several compressed files to an uncompressed folder within an NTFS partition. What happened to the compression state of the compressed files? -The files were automatically uncompressed after being copied to the target folder -The files remained compressed after being copied to the target folder -Nothing. Holly was prohibited from copying the files because their compression state didn't match the compression state of the target folder

The files were automatically uncompressed after being copied to the target folder -When copying a file or folder within an NTFS partition, the file or folder inherits the compression state of the target folder. For example, if copying a compressed file or folder to an uncompressed folder, the file or folder is uncompressed automatically.

Windows client supports three versions of FAT: FAT, FAT32, and exFAT. There are several differences between these versions. For example, one difference is the size of the largest supported volume. Another difference is the maximum file size. Which of the following items is another difference between these three FAT versions? -You can only convert exFAT to NTFS -The maximum number of files and folders that you can create on the volume -FAT32 is the only version of FAT that NTFS can be converted to

The maximum number of files and folders that you can create on the volume -The main difference between the three versions is the size of the largest supported volume, the default cluster size, and the maximum number of files and folders that you can create on the volume.

You're troubleshooting a problem with a peripheral wireless device. The problem doesn't appear to be with the actual device itself. When this situation occurs, what is often the source of the problem? -The peripheral device didn't provide a passcode to exchange with the computer -The device driver is outdated or corrupt -The problem is related to wireless connectivity

The problem is related to wireless connectivity - When you're troubleshooting wireless devices, problems that devices encounter are often due to wireless connectivity rather than with the actual devices. For example, many laptop computers allow users to disable the Wi-Fi and Bluetooth ports, primarily to conserve battery power. However, you must ensure that you enable all ports. Furthermore, for Bluetooth, you should ensure that you configure all ports to be discoverable during the process of pairing the device with the user's computer.

Using signed drivers ensures which of the following situations? -The driver will work with the installed hardware -The source of the driver is authentic -The driver will be compatible with the target operating system

The source of the driver is authentic -Signed drivers ensure the driver package came from the claimed source.

Gus is implementing Work Folders at your organization. Gus has created a sync share on the Work Folders server. What's the purpose of the sync share that Gus just created? -They contain users' Work Folders -They're used for setting quotas -They're used for managing volumes

They contain users' Work Folders -A sync share is a unit of synchronization between the Work Folders server and client devices. Sync shares contain users' Work Folders. You can create multiple sync shares on a Work Folders server, and each sync folder maps to the physical folder on the file server. Each user who uses Work Folders has a personal subfolder inside the sync share, and users can access and sync only the content of their subfolders.

Wingtip Toys wants to calculate performance baselines for its client computer environment. By doing so, the company can interpret real-time monitoring information more accurately. How can Wingtip Toys establish a baseline to use as a standard for comparison? -Evaluate each computer's workload -Use data collector sets -Monitor system resources

Use data collector sets -By using data collector sets, you can establish a baseline to use as a standard for comparison. You create a baseline when you first configure the computer, at regular intervals of typical usage, and when you make any changes to the computer's hardware or software configuration.

Tailspin Toys had several laptops that experienced system memory degradation due to static electricity issues. As the Desktop Administrator for Tailspin Toys, Alan Deyoung wants to implement static electricity guidelines for the company's IT staff to follow. These guidelines include initiating compulsory maintenance procedures and ensuring that staff use antistatic kits. What other step can Alan require when IT staff works with sensitive components? -They wear lead-free radiation aprons -They wear flak jackets -They wear grounding straps

They wear grounding straps -As a best practice, you should ensure that IT staff wears grounding straps when working with sensitive components. Grounding straps play a critical role in not only the well being of electrical devices, but also in the safety of the people operating those devices. Ground straps protect you from getting shocked by electrostatic discharge, like that of lightning and static electricity, that's emitted from electrical devices that don't have proper grounding. Grounding straps also protect the equipment itself from damage, especially with components like circuits. Ground straps prevent things such as short circuiting, overheated wires, system memory damage, and more.

Brexton is the Desktop Administrator for World Wide Importers. In the past, the company has employed a more traditional fixed storage allocation method, in which it allocated large pools of storage capacity that often remained unused. Brexton wants to change methodologies from this traditional method to one that optimizes the utilization of available storage. In other words, they only want the allocation of storage space to occur when datasets grow to require the storage. Which of the following provisioning schemes should Brexton employ? -Parity -Fixed provisioning space -Thin provisioning space

Thin provisioning space - Thin provisioning is a mechanism that enables the ability to allocate storage when the storage space needs it. The storage pool organizes the storage capacity into provisioning slabs. The allocation does not happen until the point when datasets grow to require the storage. As opposed to the traditional fixed storage allocation method, in which you might allocate large pools of storage capacity that remain unused, thin provisioning optimizes utilization of available storage.

What feature in Microsoft Defender for Endpoint enables it to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data? -Threat intelligence -Cloud security analytics -Endpoint behavioral sensors

Threat intelligence -Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data. These technologies, combined together, provide very efficient proactive monitoring of what happens on your client machines, servers and network. They perform automated investigations on well-known incidents and provide some actions even before an administrator is alerted.

A connection security rule forces authentication between two peer computers before they can establish a connection and transmit secure information. Windows Defender Firewall with Advanced Security uses IPsec to enforce configurable rules. Which type of connection security rule allows you to protect connections between gateway computers, and typically use it when you are connecting across the Internet between two security gateways? -Server to server -Tunnel -Isolation

Tunnel - A tunnel rule allows you to protect connections between gateway computers, and typically, you use it when you are connecting across the Internet between two security gateways.

Fabrikam recently purchased several new devices that had Windows 11 pre-installed by the hardware vendor, along with the vendor's preferred configuration. Fabrikam wants to reconfigure the device to a clean Windows 11 installation, providing an out-of-box experience while applying the company's desired configuration and applications. Which of the following deployment methods achieves this goal, while also being the easiest method for Fabrikam to implement? -Using Windows Autopilot -Side-by-side migration -Imaging

Using Windows Autopilot -Autopilot was first introduced in Windows 10. The concept behind autopilot was to reduce the need to reimage machines. Typically, when a new device is purchased, Windows is pre-installed on it by the hardware vendor, with the vendor's preferred configuration. Autopilot reconfigures the device to a clean Windows 10 or 11 install, providing an out-of-box experience while applying the organization's desired configuration and applications. Configuring a device using Autopilot is typically easier than creating and managing images.

Northwind Traders has recently been the victim of several cyber security attacks. The attackers have used eavesdropping and man-in-the-middle attacks to steal data in transit across the Internet. Which of the following defense mechanisms can help mitigate the risk of these attacks? -Intrusion detection -Domain Name System Security Extensions -VPNs and DirectAccess

VPNs and DirectAccess - It's important that users have the ability to connect to their organization's intranet from the Internet as securely as possible. The Internet is a public network, and data in transit across the Internet is susceptible to eavesdropping or MITM attacks. However, by using virtual private networks (VPNs) or DirectAccess, you can authenticate and encrypt connections between remote users and your organization's intranet. This can help to mitigate risk.

Your organization is in the process of migrating users to Microsoft 365 E3. You have a mix of Windows 10 editions deployed. You are required to provide conditional access and SSO from anywhere for the Microsoft 365 E3 users using Domain Join with Azure Active Directory. Which of the following Windows versions will support this requirement? -Windows 10 Home, Pro, and Enterprise -Windows 10 Pro and Enterprise -Windows 10 Enterprise only

Windows 10 Pro and Enterprise - The Pro edition includes Domain Join functionality, which allows computers to be joined to an Active Directory domain. It also includes the ability to join Azure Active Directory. This enables them to perform single sign-on across Windows, Microsoft 365, and other cloud-hosted apps and services. Since the Enterprise edition builds on the features of the Pro edition, it also includes these features, along with additional features that meet the needs of large enterprises.

As the Desktop Administrator for World Wide Importers, you're interested in a Windows 10 or later tool that will enable you to manage the company's servers. You also want to use a subset of the Server Manager features to manage Windows client PCs. For example, you want to display resources and resource utilization, manage certificates and devices, configure local users and groups, and edit the registry. Which tool in Windows 10 or later provides this combination of server and client management functionality? -Remote Desktop Services -Windows Remote Management service -Windows Admin Center

Windows Admin Center - Windows Admin Center is a locally deployed, browser-based management tool that lets you manage Windows clients and servers remotely over HTTPS. While it's primary function is manging servers, Windows Admin Center provides Desktop Administrators a subset of the Server Manager features for managing Windows client PCs.

As the Desktop Administrator for Lucerne Publishing, Patti Fernandez wants to allow incoming traffic for a specific desktop management tool when a computer is on the company's domain network, but block traffic when the computer connects to public or private networks. Which of the following tools should Patti use to provide this functionality? -Microsoft Defender for Endpoint -Windows Defender Firewall with Advanced Security -Block at first sight

Windows Defender Firewall with Advanced Security - Windows Defender Firewall with Advanced Security is an example of a network-aware app. You can create a profile for each network location type, and each profile can contain different firewall policies. For example, you can allow incoming traffic for a specific desktop management tool when a computer is on a domain network, but block traffic when the computer connects to public or private networks.

Your organization has a number of custom applications. You need additional time to test application compatibility before deployment of the next Windows build. Which Windows servicing option provides the ability to do this? -Windows Insider Program -General Availability Channel -Long-Term Servicing Channel

Windows Insider Program - For many IT pros, gaining visibility into feature updates early—before they're available to the General Availability Channel—can be both intriguing and valuable for future end-user communications as well as provide the means to test for application compatibility and any other issues on the next General Availability Channel release. Feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build.

Contoso is running Windows Enterprise on its 500+ devices. It wants to enable its users to quickly start an isolated, pristine Windows environment for temporary use scenarios, such as launching a downloaded executable they may not fully trust. It also wants a solution that's disposable, so that nothing persists on the device and everything is discarded once the user is finished using the temporary Windows environment. Which of the following virtualization technologies should Contoso deploy that satisfies these requirements? -Windows Sandbox -Client Hyper-V -Windows VM

Windows Sandbox - Windows Sandbox is a feature first introduced in Windows 10 that allows Windows clients to set up an isolated environment without the need to configure Hyper-V or create a Windows VM or set up a VHD. This enables the user to quickly start an isolated, pristine Windows environment for temporary use scenarios such as launching a downloaded executable that you may not fully trust. Sandbox also provides a disposable environment so that nothing persists on the device. When Sandbox is closed, everything is discarded.

As the Desktop Administrator for Fabrikam, Holly Spencer wants to obtain the updates that Windows Update determines are applicable to the devices at Fabrikam, perform additional testing and evaluation on the updates, and select the updates that Fabrikam wants to install. Which Microsoft feature provides Holly with this functionality? -Windows Update for Business -Windows Server Update Services -Configuration Manager

Windows Server Update Services -Windows Server Update Services (WSUS) provides extensive control over Windows updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. WSUS also provides IT administrators with an all or nothing way to specify when they want an approved update to be installed. Because IT administrators ultimately select and install most updates identified by Windows Update, the role of WSUS in many enterprises is to provide IT administrators with the additional time they need to gain confidence in the quality of updates prior to deployment.

Your organization requires that updates are controlled and deferred. You want to utilize the service updates with Windows. Which servicing tool will allow you to perform centralized management using Group Policy or Microsoft Intune? -Windows Update -Windows Update for Business -Windows Server Update Service

Windows Update for Business - You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines.

As the Desktop Administrator for Fabrikam, Holly Spencer installed a SCSI hard disk drive to one of the company's laptops. Windows selected a generic SCSI driver for the disk drive, but this resulted in limited device functionality and slower read/write performance. Why would Windows have selected a generic SCSI driver for the disk drive? -Because the disk drive included more than one logical device -Windows used a compatible identifier to select the device driver -Because Fabrikam didn't allow or deny all hardware identifiers for the disk drive

Windows used a compatible identifier to select the device driver - Windows uses compatible identifiers to select a device driver only if the driver store has no available drivers for any of the hardware identifiers that Windows retrieves from the device. These strings are optional, and Windows lists them in decreasing order of suitability if the hardware manufacturer provides them. Typically, the strings are generic and identify the hardware device at the component level, such as a Small Computer System Interface (SCSI) hard disk drive. This enables Windows to select a generic SCSI driver for the disk drive, but may result in limited device functionality and slower read/write performance.

In an effort to protect your organization's data, you enabled System Restore points on users' Windows 11 computers. Windows will automatically create System Restore points when which of the following actions occur? -You install a new application or driver -You change your password -You perform a backup

You install a new application or driver - After you enable System Restore points, Windows creates them automatically when any of the following actions occurs: 1) You install a new application or driver, 2) You install certain programs, or 3) You install updates.

BitLocker has entered a locked state on a user's computer in your domain environment. You need the recovery password to unlock the encrypted data on the volume. Locating a BitLocker password requires several conditions. Which of the following items is one of the conditions that must be met to locate the password? -You must be a domain administrator or have delegate permissions -The computer must be quarnteened from the network -BitLocker must be configured to store recovery information in AD DS

You must be a domain administrator or have delegate permissions - To locate a password, the following conditions must be met: 1) You must be a domain administrator or have delegate permissions, 2) The client's BitLocker recovery information is configured for storage in AD DS, 3) The client's computer has been joined to a domain, and 4) BitLocker must be enabled on the client's computer.

As the Desktop Administrator for Fabrikam, you are a local administrator on your Windows 11 computer. When you attempted to install a new application on your computer, you received a UAC prompt that asked for permission to complete the task. You granted the permission, at which time the task was performed by using full administrative rights. What happened next? -You received a prompt asking whether you wanted to retain full administrative rights -Your account reverted to a lower level of permission -Your account automatically retained full administrative rights

Your account reverted to a lower level of permission - When users with administrative permissions perform a task that requires administrative permissions, UAC prompts the user for permission to complete the task. When the user grants permission, the task is performed by using full administrative rights, and then the account reverts to a lower level of permission.

You are troubleshooting a Windows 10 computer. You decide to use the Reset this PC tool. Which of the following items is a characteristic of the "Just remove my files" and "Fully clean the drive" options? -These options remove all of your Windows Store apps, desktop apps, and the apps that the default Windows 10 installation includes -These options require special permissions to use -Your files, settings, and computer configuration settings are set to their initial, post-installation state

Your files, settings, and computer configuration settings are set to their initial, post-installation state -Your files, settings, and computer configuration settings are set to their initial, post-installation state. For example, a computer will have the name DESKTOP- name, and it will be in a workgroup.

What does BitLocker use to verify the integrity of a computer's startup process? -The BitLocker recovery password -a Trusted Platform Module chip -Windows Information Protection

a Trusted Platform Module chip - BitLocker uses a Trusted Platform Module (TPM) chip to verify the integrity of the startup process. TPM provides a method to verify that early boot file integrity has been maintained, and to help ensure that there has been no adverse modification of those files, such as with boot sector viruses or root kits. It also provides enhanced protection to mitigate offline software-based attacks, and it locks the system when it's tampered with.

Contoso is running Windows 11 on all its client devices. The company wants to disable user access to the Microsoft Store as a means of controlling application installations. What tool should it use to disable user access to the Microsoft Store? -Windows PowerShell -Command line prompt -regedit.exe

regedit.exe -To disable user access to the Microsoft Store, you should run rededit.exe. You will then navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore. From here, you will create a new DWORD value named RemoveWindowsStore, and change the value to 1. To finalize the process, you must restart the computer and sign back in.

As the Desktop Administrator for Lucerne Publishing, Patti Fernandez has a disk in a mirrored volume that failed. Patti wants to reestablish the redundancy in the mirrored volume by replacing the failed disk. What Windows tool can Patti use to remove the failed disk from the mirror and replace it with a new disk? -Windows RE Startup Repair -the disk and partition management tool (Diskpart.exe) -the Disk Management tool

the Disk Management tool - You can create several types of redundant storage in Windows, including using the Disk Management tool to create mirrored volumes and parity. The Disk Management tool can be used to remove a failed drive and replace it with a new drive.