Test Prep 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

You need to take remote control of an employee's computer to troubleshoot an issue. What should you send to the employee to initiate a remote session?

A Numeric Security Code

The Local Administrators group on each computer contains an enabled account named Local Admin. The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS) You need to sign in as LocalAdmin on Computer 11. What should you do?

(A) From the LAPS (Local Administrator Password Solution) UI tool, view the administrator account password for the computer object Computer 11

The branch office contains 25 Win 10 computers. The computers contain small hard drives that have very little free disk space. You need to prevent the computers in the branch office from downloading updates from peers on the network. What should you do?

(A) From the Settings app, modify the Delivery Optimization settings.

Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory tenant. Your company purchases a Microsoft 365 subscription. You need to migrate the Documents folder of users to Microsoft OneDrive for Business. What should you configure?

(A) OneDrive Group Policy settings In the GPO, click on OneDrive folder Select "Silently move Windows known folders to OneDrive"

You have a Win 10 computer named Computer1 that has an application named App1. You need to use Performance Monitor to collect data about the processor utilization of App1. Which performance object should you monitor?

(A) Process Process Monitor is another tool for Windows process performance monitoring that is primarily useful for real-time monitoring of process performance.

You have a Microsoft Azure Active Directory tenant. Some users sign in to their computer by using Windows Hello for Business. A user named User1 purchases a new computer and joins the computer to Azure AD. User1 attempts to configure the sign-in options and receives the error message shown in the exhibit. "some settings are hidden or managed by your organization. :) Windows Hello Sign in to Windows apps and services by teaching Windows to recognize you. Windows Hello isn't available on this device. You open Device Manager and confirm that all the hardware works correctly. you need to ensure that User1 can use Windows Hello for Business facial recognition to sign in to the computer. What should you do first?

(A) Purchase an infrared (IR) camera User1 has joined the computer to Azure AD. So the OS version supports Windows Hello for Business. Windows Hello face authentication utilizes a camera specially configured for near infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport.

Company buys 20 laptops that you deploy Win 10 in a test environment on the laptops. Some laptops frequently generate stop errors. You need to identify the cause of the issue. What should you use?

(A) Reliability Monitor Windows tracks application and system failures automatically and, though it's the same information you can see using the venerable Event Viewer, Reliability Monitor presents these failures in an easy-to-browse time-based view.

You have 200 Win 10 computers that joined to Active Directory domain. You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy. Which 3 actions should you perform?

(A) Set the Startup Type of the Windows Remote Management (WS Management) service automatic (B) Enable the Windows Firewall: Allow inbound remote administration exception setting. (C) Enable the Allow remote server management through WinRM setting.

You install a quality update that conflicts with a customer device driver. You need to remove the update from Computer1. Solution: From System Restore, you revert the system state to a restore point that was created before the update was installed. Does this meet the goal?

(A) Yes

You have a computer named Computer1 that runs Win 10. You test Windows updates on Computer1 before you make the updates available to other users at your company. You install a quality update that conflicts with a customer device driver. You need to remove the update from Computer1. Solution: From the elevated command prompt, you run the wusa.exe command and specify the /uninstall parameter. does this meet the goal?

(A) Yes wusa.exe /uninstall /kb:#######

You send a ping request and successfully ping the default gateway, the DNS servers, and the DHCP server. Which configuration on the computer causes the issue?

(A) the DNS servers The DNS Server address 131.107.10.60 This is why the user cannot access the internal corporate servers.

The computer contains a folder with sensitive data. You need to log which user reads the contents of the folder and modifies and deletes files in the folder. Solution: From Properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.

(A) Yes because "Audit Object Access" Successfully audits generate an audit entry when a user successfully access an object that has an appropriate SACL (System Access Control List) specified. The main part of the policy is "Audit Object Access" Audit Object Access determines whether to audit the event of a user accessing an object. Like a file, folder, registry key or printer that has its own System Access Control List (SACL) You can specify whether to audit successes, audit failures or not audit the event type at all. Successful audits generate an audit entry when a user successfully accesses an object that has an appropriate SACL specified.

User1 connects to a Azure VM named VM1. User1 creates a VPN connection to a partner organization. When the VPN is established, User1 cannot connect to VM1. When User1 disconnects from the VPN, the user can connect to VM1. You need to ensure that User1 can connect to VM1 while connected to the VPN. What should you do?

(B) From the properties of VPN1, clear the Use default gateway on remote network check box. Select Internet Protocol Version 4 and click properties Then Advanced tab Then Uncheck the "Use Default Gateway on Remote Network"

Your company has an isolated network used for testing. The network contains 20 computers that run Win 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup. You discover that none of the computers are activated. You need to recommend a solution to activate the computers without the connecting the network to the internet. What should you include in the recommendation?

(B) Key Management Services (KMS) Installing KMS host key on computer runnning Win 10 allows you to activate other computers running Win 10 against this KMS host and earlier versions of the client operating system, such as Win 8.1 or Win 7. To enable the KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the internet or by phone using Microsoft activation services.

You have a computer named Computer1 that runs Win 10. A service named Application1 is configured. You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop Computer1. The solution must use the principle of least privilege. Solution: On Computer1, you assign Service1 the "Deny log on as a service" user right. Does this meet the goal?

(B) No "Deny log on as a service" does not stop a user from logging on directly and deleting files.

You have a computer named Computer1 that runs Win 10. A service named Application1 is configured. You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop Computer1. The solution must use the principle of least privilege. Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the "Allow service to interact with desktop checkbox." You delete the Service1 account. Does this meet the goal?

(B) No "The solution must use the principle of least privilege" The LocalSystem account is a non-loggable administrator for services. So, its not the "principle of least privilege" The LocalSystem account is a predefined local account used by the service control manager. It has extensive privileges on the local computer, and acts as the computer on the network.

You manage devices that run Win 10. Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks. You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the internet. Solution: From Network & Internet in the Settings app, you set the network connections as metered connections. Does this meet the goal?

(B) No A metered connection is an Internet connection that has a data limit associated with it. Cellular data connections are set as metered by default. Wi-Fi and Ethernet network connections can be set to metered but aren't by default. Some apps might work differently on a metered connection to help reduce your data usage. Also, some updates for Windows won't be installed automatically. On the Creators Update, Microsoft now given Windows Update permissions to download critical security updates even if your connection is marked as metered. Microsoft has promised not to abuse this.

You manage devices that run Win 10. Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks. You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the internet. Solution: From Update & Security in the Settings app, you turn on Pause Updates. Does this meet your goal?

(B) No Pause updates gives you 7 days to pause updates. In this scenario the users will be at the location for 3 weeks. They need to go to Advanced options and extend the pause of updates.

You manage devices that run Win 10. Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks. You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the internet. Solution: From Network & Internet in the Settings app, you set a data limit. Does this meet the goal?

(B) No You're trying to prevent updates from downloading, not limiting data.

The computer contains a folder with sensitive data. You need to log which user reads the contents of the folder and modifies and deletes files in the folder. Solution: From the properties of the folder, you configure the Auditing setting from the Audit policy in the local Group Policy, you configure Audit Directory service access. Does this meet the goal?

(B) No because "Audit Directory Service Access" only looks at changes to objects in AD The part of the policy you need to look at is "Audit Directory Service Access" The Audit directory service access policy provides a low-level audit trail of changes to objects in AD. By using this policy, you can identify the object that was accessed. Audit directory access is the only way to track changes to OUs and GPOs.

You install a quality update that conflicts with a customer device driver. You need to remove the update from Computer1. Solution: From an elevated command prompt, you run the wmic qfe delete command. Does this meet the goal?

(B) No this doesn't meet the goal. This meets the goal: wmic qfe list wusa /uninstall /kb:######

Computer1 runs Win 7 Computer1 has a local user named User1 who has a customized profile. On Computer1, you perform a clean installation of Win 10 without formatting the drives. You need to migrate the settings of User1 from Win 7 to Win 10. Which two actions should you perform?

(B) Run loadstate.exe and specify the C:\Users subfolder (C) Run scanstate.exe and specify the C:\Windows.old subfolder

User: [email protected] Computer: Computer1 runs Win 10 You join Computer1 to Azure AD. You enable Remote Desktop on Computer1 [email protected] attempts to connect to Computer1 by using Remote Desktop and receives the following error message: " The logon attempt failed" You need to ensure that the user can connect to Computer1 by using Remote Desktop. What should you do first?

(B)From the local Group Policy, modify the Allow log on through Remote Desktop Services user right. "Allow log on through Remote Desktop Services" policy setting determines which users or groups can access the logon screen of a remote device through a Remote Desktop Services connection.

You have 20 Win 10 computers. You configure all the computers to forward all the events from all the logs to a computer named Computer1 that runs Win 10. When you sign in to Computer1, you cannot see any security events from other computers. You can see all the other forwarded events from the other computers. You need to ensure that the security events are forwarded to Computer1. What should you do?

(B)On each computer, add the NETWORK SERVICE account to the Event Log Readers group. Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. Add the Network Service account to the built-in Event Log Readers security group. This allows reading from secured event channel, such as the security event channel.

Your company uses Microsoft Deployment Toolkit (MDT) to deploy Win 10 to new computers. The company purchases 1000 new computers. You need to ensure that the Hyper-V feature enabled on the computers during the deployment. What are two possible ways to achieve this goal?

(C) Add a custom command to the Unattend.xml file (E) Add a task sequence step that runs dism.exe You can also use the Unattend.xml to enable components in Win 10, like the Telnet Client or Hyper-V client To add Hyper-V using dism.exe you would run the following dism command: DISM/Online/Enable-Feature/All/FeatureName:Microsoft-Hyper-V

When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings. You need to recommend a solution to configure the employee VPN connections. What should you include in the recommendation?

(C) Connection Manager Administration Kit (CMAK)

100 computer run Win 10 in a workgroup The computers have a low-bandwidth metered Internet connection. You need to reduce the amount of Internet Bandwidth consumed to download updates. What should you configure?

(C) Delivery Optimization Windows Delivery Optimization lets you get Windows Updates and Microsoft Store apps from sources besides Microsoft, like other PCs on your local network or PCs on the internet that are downloading the same files. Sharing this data between PCs helps reduce the Internet bandwidth that's needed to keep more than one device up to date or can make downloads more successful if you have limited or unreliable Internet connection.

You have a Win 10 computer named Computer1 You turn on System Protection and create a restore point named Point1. You perform the following changes: -Add four files named: File.txt, File2.dll, File3.sys and File4.exe -Run a configuration script that adds the following four registry keys: ~Key1 to HKEY_CURRENT_USER ~Key2 to HKEY_CLASSES_ROOT ~Key3 to HKEY_LOCAL_MACHINE\SYSTEM ~Key4 to HKEY_CURRENT_CONFIG You restore Point1. Which files and registry keys are removed? Choose 2

(C) File2.dll, File3.sys and File4.exe (H) Key1, Key2, Key3 and Key4 When using restore points, it only affects system files. Files like txt files are not removed or changed. This is why the txt file isn't removed in this situation.

You discover that Windows updates are failing to install on the computer. You need to generate a log file that contains detailed information about the failures. Which cmdlet should you run?

(C) Get-WindowsUpdateLog This cmdlet merges and converts Windows Update .etl files into a single readable WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs.

All employees have computers that run Win 10 Enterprise. All the computers are installed without Volume License Keys. Win 10 license keys are never issued. All the computes are encrypted by using Bitlocker Drive Encryption (Bitlocker). Bitlocker recovery information is stored in Active Directory and Azure AD. An employee reports that she must perform a Bitlocker recovery on her laptop. The employee does not have her Bitlocker recovery key but does have a Win 10 desktop computer. What should you instruct the employee to do from the desktopo computer?

(C) Go to https://account.activedirectory.windowazure.com and view the user account profile Win 10 fully supports Azure Active Directory. This is great for small and medium companies who don't have any on-premise infrastructure and heavily leveraged cloud. One of the great benefits for Azure Active Directory is the ability to store Bitlocker Keys online.

You need to configure User Account Control (UAC) to prompt administrators for their credentials Which setting should you modify?

(C) Security Options in Local Group Policy Editor Prompt for Credentials on the secure desktop When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If valid, the operation continues with the user's highest available privilege.

You need to recommend a solution to monitor update deployments. What should you include in the recommendation?

(C) the Update Compliance solution Azure log Analytics

You can start your Win 10 computer but cannot sign in. You need to start the computer into the Windows Recovery Environment (WinRE) What should you do?

(C)From the sign-in screen, hold the SHIFT key and then click Restart Windows Recovery Environment (WinRE) is a recovery environment that can repair common causes of unbootable operating systems. WinRE is based on Windows Preinstallation Environment (Windows PE) and can be customized with additional drivers, languages, Windows PE Optional Components and other troubleshooting and diagnostic tools.

From Event Viewer, you create a custom view named View1 that has the following filter: -User: User1 -Logged: Any time -Event Logs: System -Computer: LON-CL1 -Event IDs: 10000-11000 -Event level: Error, Verbose You open Event Viewer and discover that the event doesn't appear in View1. You need to ensure that the event appears in View1. What should you do?

(D) Modify the Computer setting in the filter Computer: LON-CL1 This filter must have fully qualified domain name: LON-CL1.Adatum.com. This is why the event didn't appear in View1

You enable Windows PowerShell remoting on the computers. You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least privilege. To which group should you add Admin1?

(D) Remote Management Users By default, only administrators can connect via PowerShell remoting. If you want to enable PowerShell for a single non-administrator, you can add the user account to the local Remote Management Users group.

You have a Win 10 computer that has Bitlocker Drive Encryption enabled on all volumes. You start the computer from Windows Recovery Environment (WinRE). You need to read the data on the system drive. What should you do?

(D) Run "manage-bde.exe" and specify the "-unlock" parameter

When users are on their lock screens, they see different backgrounds images everyday, along with tips of using different features in Win 10. You need to disable the tips and daily background image for all the Win 10 computers. Which Group Policy settings should you modify?

(D) Turn off all Windows Spotlight features Win 10 provides Group Policy and mobile device management (MDM) settings to help you manage Windows Spotlight on enterprise computers.

You plan to deploy Win 10 to 100 secure computers. You need to select a version of Win 10 that meets the following requirements: -Uses Microsoft Edge as the default browser -Supports joining Microsoft Azure Active Directory -Minimizes the attack surface on the computer -Only allows the installation of applications from the Microsoft Store What's the best version to achieve this goal?

(E)10 Pro in S Mode Although a Windows 10 S device cannot join an on-premises domain using Active Directory, it can via Azure Active Directory, Microsoft's cloud-based identity and access platform. And it can be managed by mobile device management software like Microsoft's Intune. -Uses Microsoft Edge as the default browser: Home, Pro, Enterprise -Supports joining Microsoft Azure Active Directory: Pro, Enterprise -Minimizes the attack surface on the computer: S Mode -Only allows the installation of applications from the Microsoft Store: S Mode

You have a Win 10 computer that belongs to a workgroup. The computer is used to provide visitors with access to the internet. You need to configure the computer to meet the following requirements: -Always sign in automatically as User1. -Start an application named App1.exe at sign-in. What should you use to meet each requirement?

Always sign in automatically as User1: -Registry Editor Start an Application named App1.exe at sign in: -Registry Editor - To sign in automatically as User1, open Registry Editor and find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon You are configuring Windows to automate the logon process by storing your password and other pertinent information in the registry database. This feature lets other users start your computer and use the account that you establish to automatically log on. - Start an Application named App1.exe at sign in open registry and find the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run For each program you want to start automatically create a new string value using a descriptive name, and set the value of the string to the program executable. For example, to automatically start Notepad add a new entry of: "Notepad"="c\windows\notepad.exe"

A user attempts to start a computer and receives the following error message: "Bootmgr is missing" You need to resolve the issue. You start the computer in recovery mode.

Bootrec /RebuildBcd Use the Bootrec.exe tool to troubleshoot a "Bootmgr is Missing" error. If rebuilding the BCD store doesn't resolve the startup issue, you can export and delete the BCD store and then run this option again. By doing this, you make sure that the BCD store is completely rebuilt. This option scans all disks for installations that are compatible with Windows Vista and above. Additionally, it lets you select the installations that you want to add to the BCD store. Use this option when you must complete rebuild the BCD store.

From Computer1, you plan to run a script that executes Windows PowerShell commands on the finance department computers. You need to ensure that you can run the PowerShell commands on the finance department from Computer1. What should you do on the finance department computers?

From the Windows PowerShell, run the Enable-PSRemoting cmdlet The Enable-PSRemoting cmdlet configures the computer to receive PowerShell remote commands that are sent by using the WS-Management technology.

You have 10 Win 10 computers. You have a Windows Server Update Services (WSUS) server. You need to configure the computers to install updates from WSUS. Which two settings should you configure?

In Group Policy Management Editor -Configure Automatic Updates -Specify intranet Microsoft update service location

Your company has a wireless access point that uses WPA2-Enterprise. You need to configure a computer to connect to the wireless access point. What should you do first?

Request and install a certificate

All Employees are assigned Microsoft 365 E3 licenses. All employees have computers running Win 10 Enterprise. All computers are installed without Volume License Keys. Win 10 license keys are never issued. User 10 reports that Computer 10 is not activated. You need to ensure that User10 can activate Computer10. What should you do?

Request that User10 perform a local AutoPilot Reset on Computer 10, and then activate Computer 10. This will restore the computer settings to a fully-configured or known IT-approved state. When User10 signs in to the computer after the reset, the computer should activate. You can use AutoPilot Reset to remove personal files, apps, and settings from your devices. The devices remain enrolled in Intune and are returned to a fully-configured or known IT-approved state. You can AutoPilot Reset a device locally or remotely from the Intune for Education portal.

15 computers run Win 10. Each computer has two network interfaces named Interface 1 and Interface 2. You need to ensure that network traffic uses Interface1, unless Interface1 is unavailable. What should you do?

Run the "Set-NetIPInterface -InterfaceAlias Interface1 -InterfaceMetric 1" command This command has "-InterfaceMetric 1" Adapters with lower InterfaceMetric numbers are prioritized over adapters that have a higher number. So this adapter having number "1" makes it first priority and will have the traffic run through unless Interface1 isn't available.

You need to reduce the amount of time it takes to restart Application1 when the application crashes. What should you include in the solution?

Tool to use: Event Viewer Task to perform: Attach a task to an event Windows 10 lets you "Attach a task to an Event" very smoothly. A Windows network admin knows the activity or change in regarding an event using "send and email and dislplay message" feature for the attached task.

All contractors have their own computer that runs Win 10. None of the computers are joined to Azure AD. Automate the configuration of the contractors' computers. The solution must provide a configuration file that the contractors can open from a Mircrosoft SharePoint site to apply the required configuration. You need to implement a solution to configure the contractors computers. what should you do?

Tool to use: Windows Configuration Designer File type to create: PPKG

You have Win 10 computer named Computer1 that is in a workgroup. Computer1 contains the folders shown in the following: Folder1 - Volume C - NTFS - Full Control to Everyone Folder2 - Volume C - NTFS - Full Control to Everyone Folder3 - Volume D - NTFS - Full Control to Everyone On Computer1, you create the users shown in the following table: User1 - Users User2 - Backup Operator, Users User3 - Cryptographic Operators, Users User4 - Administrators, Users User1 encrypts a file named File1.txt that is in a folder named C:\Folder1 What is the effect of the configuration?

Users who can move File1.txt to C:\Folder2 User1, User2, User3, and User4 Users who can move File1.txt to D:\Folder3 User1 only All users can move File1.txt to C:\Folder2 because its in the same volume. Users who can move File1.txt to C:\Folder3 is User1 only because only the creator can move the file from one volume to another.


Ensembles d'études connexes

Chapter 19---The menstrual cycle

View Set

Unit 6: Palliative Online Courses

View Set

Chapter 19, Documenting, Reporting, Conferring

View Set

Adult cognitive disorders Neuropsych assessment post brain injury

View Set

Chemistry 131 Chapter 3 & 4 Exam study guide

View Set

Antepartum/Intrapartum Period OB Scc 4th Quarter

View Set

Financial and Managerial Accounting Ch 18. (part 1)

View Set