Windows 7 Transcender Certification questions

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

How could you prevent Internet Explorer 8 from opening a *.jpg file when you click on the file in Windows Explorer?

Associate the .jpg file type with an application that is not IE 8

You are the administrator for the Metroil Corporation. You support mobile salespeople who require access to intranet resources when they travel. You plan to implement a DirectAccess network solution to provide secure network access to intranet resources. To do so, you upgrade all your servers to Windows Server 2008 R2 and upgrade all clients to Windows 7.

Create a Group Policy Object and link it to the domain. Configure Windows Firewall with Advanced Security rules that allow inbound and outbound ICMPv4 and ICMPv6 Echo Request messages.

You have a laptop that has Windows 7 installed. You want to conserve as much battery life as possible. Which of the following should you do? (Choose two. Each correct answer is part of the solution.)

Create a custom plan based on the Power Saver plan and configure the display to turn off after 4 minutes. Set the screen saver to (None).

You are the administrator of the Active Directory domain of the Metroil Corporation. You have a Windows Deployment Services (WDS) server that has Windows 7 images. You want to deploy Windows 7 images on computers that are not Pre-Boot Execution Environment (PXE)-enabled. What should you do to install the images from the WDS server?

Create a discover boot image

What utilities can you use to shrink a volume?

DiskPart issued from the command line and Disk Management issued from the GUI

What utility would you use to add a driver to a booted Windows PE image?

Drvload.exe

You are manager of several computers in a branch office. All servers in the branch office run Windows Server 2008 R2 and all client computers run Windows 7. You need to run commands in an interactive session on different computers in your office. What PowerShell cmdlet should you use?

Enter-PSSession

You are the administrator of the Verigon Corporation's network. You have purchased several USB flash drives that are 64 GB in size. A user wants to use a USB flash drive in her Windows 7 computer, and asks you what type of file system can be used to create a volume equal to the maximum size of the USB flash drive.

ExFAT and NTFS

You have moved an encrypted file from a Windows 7 computer named WKS1 to another Windows 7 computer named WKS2. A user, Ann, complains that she can no longer access the file, file.doc, on the new computer. She must be able to open the file. What should you do?

Export the EFS certificate and key from WKS1 and import the EFS certificate and key to WKS2 Explanation: You should export the EFS certificate and key from WKS1 and import the EFS certificate and key to WKS2. When a file is encrypted, the person who encrypted the file or the person with the Recovery Certificate can decrypt the file and access it. In Windows 7, you can add additional users who can decrypt the file by adding a certificate for the user. This is known as the EFS certificate. The user's certificate must be on the computer. If the user's certificate is not on the computer, you will have to export the certificate as follows: Opening Certificate Manager, double-clicking Personal, clicking Certificates and then highlighting the EFS certificate to export. On the Action menu, choose All Tasks and click Export. This action will open the Certificate Export Wizard. Click Next to go beyond the opening screen. Choose Yes, export the private key and click Next. Choose Personal Information Exchange and click Next. You must add a password for the key. When a user imports this file later on another computer, they will type in this password. Give the file a name and path. On WKS2, you can import the EFS certificate by doing the following: Open Certificate Manager and click Personal, certificate to export. On the Action menu, choose All Tasks and click Import. This action will open the Certificate Export Wizard. Click Next to go beyond the opening screen. Navigate to the path where you exported the file, choose the file and click Next. Type the password that set earlier. Choose Mark this key as exportable and click Next. Choose the option to Place all certificates in the following store. Choose the Personal store and click Next. You should not run CIPHER /E /H file.doc. CIPHER is command line utility that can be used to manage file encryption. The /E parameter encrypts specified files. The /H parameter displays files with the hidden or system attribute. In this scenario, you want to decrypt the file. You should not use the /E parameter because this parameter will encrypt, not decrypt. You should not run CIPHER /ADDUSER /USER:Ann file.doc. CIPHER can be used to add the EFS certificate of a user to a file. You must specify the /CERTHASH or /CERTFILE parameter along with /ADDUSER and /USERNAME parameter. The /CERTHASH parameter is used to search for a certificate with a SHA1 hash. The /CERTFILE parameter is used to specify the export file for the certificate. In this option, neither the /CERTHASH or /CERTFILE parameter is specified. You should not run CertReq -Submit -Username:Ann -Kerberos -binary. The CertReq utility allows you to submit certificate request to a Certificate Authority via the command line. In this scenario, you need to add an EFS certificate from WKS1. You do not need to request a new certificate. You should not run the Certutil utility. This utility is used to configure a certification authority (CA), backup and restore a CA, and to verify certificates, key pairs, and certificate chains. The certutil -renewcert -f -gmt -seconds -v -config Ann command will request a renewal CA certificate for a CA named Ann. The certutil -isvalid -gmt -seconds -v -config Ann command will verify the validity of a CA named Ann. You should not use the Icacls utility. This utility modifies or lists discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. The grant parameter grants permissions to a user or group. The Icacls utility will not add a user's Encrypting File System (EFS) certificate to the file. Objective: Configuring Access to Resources Sub-Objective: Configure file and folder access References: Windows Help and How-to > Troubleshoot encrypted files and folders

How do you prevent a particular update from being installed on the computer?

Hide the update

You are the administrator for the Verigon Corporation. Verigon has an Active Directory domain. All servers run Windows Server 2008 and all client computers use Windows 7. A salesperson travels to different offices. You want to ensure that when the salesperson prints reports in different offices that the salesperson automatically prints to the printer that was configured as the default printer for that office. What should you do?

In Devices and Printers, set Change my default printer when I change networks

What command can you run at your computer to request an IPv6 address from a DHCP server?

Issue ipconfig /renew6

You are the administrator for a branch office of the Verigon Corporation. Your branch office is also an Active Directory site called Site2. Site2 only has Windows 7 client computers. All other sites in the corporation use Windows Server 2008 R2 servers and Windows 7 workstations. You perform the following actions: You create a GPO named BranchCacheSite2. You enable \Computer Configuration\Policies\Administrative Templates\Network\BranchCache. You enable \Computer Configuration\Policies\Administrative Templates\Network\BranchCache\Turnon BranchCache -Distributed cache mode. You link BranchCacheSite2 to Site2.

Modify the client firewall to allow only incoming TCP port 80 and UDP port 3702. Explanation: You should modify the client firewall to allow incoming TCP port 80 and UDP 3702 traffic only. These firewall rules can be configured locally on the computer or in a GPO under \Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Inbound Rules. If the clients are operating in Distributed Cache mode, you need to allow both incoming WS-Discovery traffic and incoming HTTP traffic. The WS-Discovery traffic requires UDP port 3702 to be open, and HTTP traffic requires TCP port 80 to be open for Distributed Cache mode. If you run the netsh branchcache set service mode=DISTRIBUTED command to configure a client for Distributed Cache mode, then the command automatically configures the host firewall for Distributed Cache mode. You should not modify the client firewall to allow only incoming TCP port 80 and TCP port 3389. When clients operate in Hosted Cache mode, they must receive incoming HTTP traffic from the Hosted Cache server. You do not need to open TCP port 3389, which is used for Terminal Services traffic. You can use the command netsh branchcache set service mode=HOSTEDCLIENT LOCATION=<Hosted Cache name> to configure a client to use Hosted Cache mode. If you run this command, the command automatically configures the host firewall for Hosted Cache mode. You do not need to configure firewall exception rules for inbound and outbound traffic for local TCP port 80 and for inbound and outbound traffic for local UDP port 1701 on the Windows 7 computers in Site2. UDP port 1701 is used for L2TP. L2TP is used between endpoints and the data is encapsulated by IPSec. You do not need L2TP or IPSec for BranchCache. For Distributed Cache mode, you would need to configure firewall exceptions for inbound and outbound traffic for local TCP port 80 and for inbound and outbound traffic for local TCP 8443 for WS-Discovery traffic. You should not create a startup script in the BranchCacheSite2 GPO to run netsh winsock reset on the Windows 7 computers. This command resets the Winsock catalog back to its default setting or clean state. This command is useful in solving Internet access or networking problems after trying all other suggestions. This command will not improve the performance of applications that use one of the HTTP or HTTPs protocols or enable a Windows 7 client to use Distributed Cache mode. You should not create a startup script in the BranchCacheSite2 GPO to run netsh winhttp set proxy WIN7B. This command is used to specify a proxy server for a client, not a BranchCache server. A proxy server can improve performance by caching HTTP content, but does not cache SMB content. A requirement of this scenario was to increase the responsiveness of network applications at other branch offices. These applications may use applications layer protocols that run over TCP/IP, such as SMB and HTTP, to access resources at different locations. The SMB protocol is used for file sharing and other processes. You do not need to the BranchCacheSite2 GPO and configure the Set percentage of disk space used for client computer cache option on the Windows 7 computers in Site2. This option can change the default percentage of 5% of the total disk space to dedicate to caching retrieved content with BranchCache. You do not need to change the percentage of total disk space used to enable BranchCache. You should not set the logging settings to Log successful connections from the Windows Firewall with Advanced Security properties on the Windows 7 computers in Site2. This action will is displayed in the Windows Firewall with Advanced security, but is configured in Windows Firewall. Log successful connections will not configure BranchCache on a client computer. You should not set the Data Protection (Quick Mode) IPSec settings to Advanced from the Windows Firewall with Advanced Security properties on the Windows 7 computers in Site2. This action will configure IPSec settings on the computer. This action will not configure BranchCache. You do not need to configure IPSec settings to configure BranchCache. Objective: Configuring Access to Resources Sub-Objective: Configure BranchCache References: TechNet > TechNet Library > Windows > Windows 7 > Windows Technical Library Roadmap > Product Evaluation > Windows 7 and Windows Server 2008 R2 > BranchCache TechNet > TechNet Library> Windows > Windows 7 > Windows Technical Library Roadmap > Product Evaluation > BranchCache Early Adopter > Client Configuration

use the Install-WindowsImage.ps1 Windows PowerShell script or the ImageX.exe utility

Set Turn on Windows Firewall for the Public network location in Windows Firewall.

On which tab on the System Configuration utility should you edit to prevent programs from starting when you log in to your Windows 7 computer?

Startup

What option should you select in the System Recovery options to restore personal data after booting with a system repair disc?

System Image Recovery

When installing Windows 7 on a VHD on a new physical drive, what will be displayed for the DISK number assigned to the VHD?

Unallocated Space

What is the executable file that you can use to manage a WSUS server?

WSUSutil.exe

You are the administrator for the Verigon Corporation's domain. You plan to deploy Windows 7 to new computers in a branch office located in the same domain. You need to do the following: Create valid answer files for unattended installations Create and apply Windows images Apply updates and language packs to images Migrate user data from previous Windows operating systems to the Windows 7 computers You have currently installed one Windows Server 2008 R2 domain controller and a Windows 2008 member server in the branch office. What do you need to install to meet the requirements?6

Windows Automated Installation Toolkit (AIK)

How many partitions do you need on a portable computer running Windows 7 to support BitLocker encryption of the volume that contains the Windows operating system?

at least two partitions

You plan to install Windows 7 on several new computers in your company. You create an image named Install.wim from the reference computer that has Windows 7 Professional edition installed. The image is stored on the Z: shared network drive.

imagex /apply z:\Install.wim 1 c:\ /verify

What switch is used with slmgr.vbs to retrieve license information and the current KMS activation count from the KMS host?

slmgr.vbs /dlv

What directory contains a previous version of a Windows operating system after a custom installation?

the \Windows.old directory

What command is used to clear the contents of a BranchCache cache on a Windows 7 computer?

the netsh branchcache flush command

Subnet 1 is from the 136.0.0.0/22 network address range. The scope for Subnet 2 is from the 136.0.4.0/23 network address range. Exclusion ranges have been created consisting of the first ten addresses in each scope. All IP configurations are statically assigned to servers. Your company has decided to implement a new Windows 7 computer on Subnet 1 . You are responsible for configuring the appropriate static TCP/IP properties for this new computer. Drag the appropriate parameter on the right to each property shown in the Internet Protocol (TCP/IP) Properties exhibit.

(missing load data) Explanation: You should use these parameters for your new file and print server: The 136.0.0.3 or 136.0.0.4 IP address are the only Subnet 1 addresses that are available for designation to the new Windows 7 computer. The subnet mask designation /22 is the Classless Interdomain Routing (CIDR) notation for 255.255.252.0. CIDR is an IP address and routing scheme that reduces the number of routes stored on routers while increasing the number of available subnets. The default gateway is the local router interface on Subnet 1, or 136.0.0.1. This information is discerned from the exhibit. It is a common practice to use the first IP address in a network address range for this interface. When only one DNS server is available to network clients, you will identify this server as the primary DNS server in IP configurations. The IP address for DNS1 is 136.0.4.3. You cannot enter the same IP address in both DNS server areas. You should not assign either of the remaining Subnet 1 IP addresses to the new Windows 7 computer. The IP address 136.0.0.1 is statically assigned to the default gateway. The IP address 136.0.0.2 is statically assigned to DHCP1. No other Subnet 1 IP addresses are provided as possible solutions. You should not assign the new Windows 7 computer with any of the IP addresses from the 136.0.4.0 address range (136.0.4.1-4). The new server must be allocated an IP address from the subnet where it is located, which is Subnet 1. You should not assign any of the remaining subnet masks to the new Windows 7 computer. The mask 255.255.254.0 is represented using CIDR notation as /23. The mask 255.255.255.0 is represented using CIDR notation as /24. These masks are not the mask assigned to Subnet 1. If either of these subnet masks is specified, the new Windows 7 computer will be unable to communicate on Subnet 1. Objective: Configuring Network Connectivity Sub-Objective: Configure IPv4 network settings References: TechNet > TechNet Library > Books, Magazines, and Columns > Microsoft Press Books > Windows Server > Windows Server 2008 > Windows Server 2008 Inside Out > Chapter 21: managing TCP/IP networking > Installing TCP/IP networking TechNet > TechNet Library > Windows > Windows Server > Windows Server 2003 > Product Help > Windows Server 2003 Product Help > Network Services > Managing Core Network Services > TCP/IP Core Networking Services > TCP/IP Concepts > Using TCP/IP > Default gateways: TCP/IP TechNet > TechNet Library > Office > 2007 Microsoft Office System > Communication Server 2007 > Microsoft Office Communicator Web Access Guide > Lab Scenario 1 > Configuring the Client Computers TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Browse Windows Server Technologies > Networking > TCP/IP > TCP/IP (v4 and v6) Technical Reference > IP Version 4 (IPv4) > IPv4 Tools and Settings (TechRef)

You are the desktop support technician for the Metroil Corporation. You configure a computer for multi-boot configuration using both Windows 7 and Windows XP. Each operating system is installed on a separate hard disk partition. You want the Windows XP operating system to boot automatically if a manual choice is not made by the user within 30 seconds after startup.

bcdedit /default {ntldr} Explanation: You should type bcdedit /default {ntldr}. This action will ensure that Windows XP will be the default operating system if Windows 7 is not chosen from the list within 30 seconds of startup. {ntldr} is a unique codename that the system gives the OS Loader used by operating systems prior to Windows Vista. You could also use the Startup and Recovery dialog box from Control Panel in the Windows 7 OS to specify the default operating system. You can set the timeout value in the Startup and Recovery dialog box using following steps: Click Start > Settings > Control Panel (All Items view) > System. Click the Advanced system settings link. The System Properties dialog box is displayed. Select the Advanced tab. Under Startup and Recovery, click Settings. Use the droplist to configure the Default operating system and Time to display list of operating systems settings. You should not type bcdedit /displayorder {ntldr} /addfirst. This action will only ensure that the Windows XP operating system will be listed first in the display order. This action will not ensure that the Windows XP will be the default operating system. You will have to specify the bcdedit /default parameter to ensure that an operating system is chosen if another operating system is not chosen within the timeout period. You cannot type bootcfg /default or bootcfg /list to have Windows XP be the default operating system choice. The bootcfg utility is used to edit the boot.ini file. This utility can only be used with operating systems prior to Windows Vista. This utility cannot be used to change the boot order or set the default boot operating system in Windows 7. You cannot use the Deployment Image Servicing and Management tool (DISM) to have Windows XP be the default operating system choice. You can use the Deployment Image Servicing and Management tool (DISM) to modify offline Windows images and offline Windows Preinstallation Environment (Windows PE) images for Windows Vista SP1, Windows 7, and Windows Server 2008. The /Add-Package parameter of the DISM command is used to add packages to a Windows Vista SP1, Windows 7 or Windows 2008 image. The /Mount-Wim parameter mounts the windows image (WIM) file to specified directory. The /Name parameter specifies the image name, not the path. The /WimFile specifies the path to the image file. The /WimDir specifies the path to the Windows directory. You cannot use the PEImg utility to have Windows XP be the default operating system choice. PEImg.exe is a built-in diagnostic tool that can modify offline Windows PE images or create Windows PE images for Windows Vista. The /inf parameter installs an inf package such as a driver to a Windows PE image. The /prep optimizes the Windows PE image for size. The Deployment Image Servicing and Management Tool, DISM.exe, is the command-line tool that replaced PEImg.exe in Windows 7. The config.sys file was used in the MS-DOS operating system and Windows 9.x operating system. This file was not used in Windows XP. Objective: Installing, Upgrading, and Migrating to Windows 7 Sub-Objective: Perform a clean installation References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Windows Preinstallation Phases > Phase 4: Deploying Your Windows Image > Other Deployment Options > Modify the Boot Configuration Data Store during Deployment Windows 7 Forums > Seven Forums > Tutorials >BCDEDIT - How to Use Windows 7 Forums > Seven Forums > Tutorials > Default Operating System - Change Default Boot OS Microsoft TechNet > Windows Vista Technical Library > Windows Vista: Deployment > Windows Automated Installation Kit (Windows AIK) > Deployment Tools Technical Reference > Command-Line Tools Technical Reference > BCDEdit Command-Line Options

You are a tax professional who conducts audits of large businesses. You have a computer that runs Windows 7. The disk configuration for the computer is shown in the exhibit. (Click the Exhibit(s) button.) You have completed a tax audit for your client. You need to remove all tax files prior to 2004 from the computer's hard disk. You must also free up space on drive C: to install software for your next project. What actions should you take using the Disk Management snap-in?

choose Detach the VHD and then delete the VHD file on C: Explanation: You should delete the volume, detach the VHD, and delete the VHD file on the C: drive to delete old tax files and free up space for new applications. You can use the Disk Management snap-in or the DiskPart utility to create a VHD. The following shows how to create a VHD with the DiskPart utility. DISKPART CREATE VDISK FILE="c:\win7\win7.vhd" MAXIMUM=200000 SELECT VDISK FILE="c:\win7\win7.vhd" ATTACH VDISK CREATE PARTITION PRIMARY ASSIGN LETTER=0 FORMAT QUICK LABEL="2002 State Tax Files" EXIT To remove the VHD that is already attached, you must first detach the VHD and then delete the VHD from the hard drive. In this case, the VHD file is on the only partition on Disk 0 in the C: drive. You cannot choose to delete the partition, delete the disk, or de-initialize a disk. These options do not exist in Disk Management. You should not choose to format the volume. Formatting the volume may delete the files in the VHD, but the VHD file will still remain on drive C: Objective: Deploying Windows 7 Sub-Objective: Configure a VHD References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Virtual Hard Disks in Windows Server 2008 R2 and Windows 7 > Getting Started With Virtual Hard Disks > How to Perform Common Tasks

You are the administrator for the Verigon Corporation. All sales people have new laptops with Windows 7 installed. Each laptop has a proprietary application installed. Help desk employees support the applications on the sales people's laptop. All computers that Help desk employees have run Windows XP with Service Pack 3. You want to ensure that salespeople can ask for remote assistance when they need help while traveling out of the office. You do not want salespeople to ask for remote assistance when they are in the office. What should you configure on each sales person's laptop? (Choose four. Each answer is part of the solution.)

(missing picture # 2) In the System Properties, set Allow Connections from computers running any version of Remote Desktop In the System Properties, Allow Remote Assistance connections to your computer Disallow Remote Desktop and Remote Assistance for the Private network Profile Allow Remote Desktop and Remote Assistance for the Public network Profile Explanation: You should do the following: In the System Properties, Allow Remote Assistance connections to your computer In the System Properties, set Allow Connections from computers running any version of Remote Desktop Allow Remote Desktop and Remote Assistance for the Public network Profile Disallow Remote Desktop and Remote Assistance for the Private network Profile You should first ensure that Remote Assistance is enabled for each salesperson laptop. You should also enable Allow Connections from computers running any version of Remote Desktop . This setting will support older client workstations such as Windows XP. Even with Service Pack 3 on Windows XP, Network Level Authentication is disabled. You would have to turn on the Credential Security Service Provider (CredSSP) to enable Network Level Authentication on a Windows XP computer with Service Pack 3. You should ensure that Remote Desktop and Remote Assistance are blocked on the Home/Work network profile and enabled in the Public Network profile in Windows Firewall. Windows Firewall can block or allow programs based on a network profile. You should not create an Outbound rule to block TCP port 3389 for the Public network Profile. TCP port 3389 is used by remote desktop. You should have an Inbound rule because the help desk personnel will be connecting to the salespeople's laptop. The salespeople will not be initiating a connection to the help desk personnel. You should not create an Inbound rule to allow TCP port 3389 for the Private network Profile. You should not have all help desk personnel to initiate a remote desktop connection to a salesperson's laptop on the Private network. A remote desktop connection should only be made when the laptop is using the Public network profile. Objective: Configuring Network Connectivity Sub-Objective: Configure remote management References: TechNet > TechNet Library > Windows > Windows XP > Maintain Windows XP > Step-by-Step Guide to Remote Assistance Windows > Windows Firewall Microsoft Help and Support > Description of the Credential Security Service Provider (CredSSP) in Windows XP

You are the administrator for the Verigon Corporation's domain. All laptop computers use the Windows 7 operating system. A sales person gives a presentation from his laptop to a network projector. He complains that the display turns black during the presentation and he cannot adjust the volume. What should you tell him so that his laptop stays awake?

(missing picture 2) Turn on the presentation settings. Explanation: He should turn on the presentation settings to ensure his mobile PC stays awake during presentation and the screen does not go black. You can turn on presentation settings when you connect your mobile PC to the network projector. When presentation settings are turned on, the laptop stays awake and system notifications are turned off. You can connect to a network projector by clicking All Programs, clicking Accessories, and then clicking Connect to a Network Projector. You can also use the NetProj.exe utility to connect to a network projector. When you attempt to connect to a network projector either through the GUI or with the NetProj.exe utility, you may receive the following message: You will have to configure Windows Firewall to allow specific ports to open on your Windows 7 computer to establish a connection between your computer and a network projector. The user should also choose to turn off the screen saver and adjust the speaker volume in the presentation settings. If he is not receiving audio during playback, this is where he should enable the sound and adjust the volume. His settings are automatically saved and applied every time he gives a presentation, unless he manually turns them off. He should not turn off the presentation settings to ensure that his laptop stays awake during the presentation. Presentation settings automatically turn off when a user disconnects a laptop from a network projector or when a user shuts down or logs off from the laptop. You can also manually turn off presentation settings under the Windows Mobility Center. He should not change the power plan to the default power plan to ensure that his laptop stays awake during the presentation. A power plan is a collection of hardware and system settings that control how your mobile PC manages power. These settings include power-saving measures, such as switching to a power-saving state when you are not using your mobile PC. The default plan will not allow the PC to stay awake during presentations. He should not turn off the network projector and restart the projector to ensure that his laptop stays awake during the presentation. It may be necessary to turn off and restart the network projector if your mobile PC is unable to connect to the network projector during the setup phase.

You have received several laptops from employees who were recently laid off. The laptops have Windows XP SP3 and Microsoft Office 2007 installed. You must install Windows 7 on these computers, but you want to retain all files, settings, and programs from the previous users and applications. What should you do? Choose the correct steps on the left, and place them in the correct order on the right. Not all steps given may be used.

(missing pictures 1-2 from answer) There is no direct upgrade from Windows XP to Windows 7. You can upgrade the Windows XP operating system to Windows Vista. First, you must add Service Pack 1 to Windows Vista, because you must have SP1 before upgrading Windows Vista to Windows 7. Next, upgrade the Windows Vista operating system to Windows 7. By upgrading each operating system, you will retain your files and program settings. You can upgrade from Windows XP to Windows Vista by booting from the Vista DVD and choosing the Upgrade option . You can then upgrade from Windows Vista to Windows 7 by booting from the Windows 7 DVD and choosing the Upgrade option . You also can use the Easy Transfer Wizard to transfer all Desktop items, shared documents, shared music, shared pictures, shared videos, program settings, Windows settings, and other files to an external hard drive, USB flash drive, or network drive before installing Windows 7 on the laptop. After installing Windows 7 on the computer, you can use the Easy Transfer Wizard to copy files and settings to the new operating system. You use the migsetup.exe file in the \Support\Migwiz directory on the Windows 7 DVD to start the Easy Transfer Wizard. You cannot run the etfsboot.com to transfer files, settings, and programs. The etfsboot.com file is not the file that starts the Easy Transfer Wizard. It creates a CD boot sector for an embedded recovery CD You would use the migsetup.exe file in the \Support\Migwiz directory on the Windows 7 DVD to start the Easy Transfer Wizard. You should not choose Custom when you boot laptop with either the Windows Vista DVD or Windows 7 DVD. The custom installation will install a new copy of Windows. This installation type will not keep pre-existing files, settings, or programs, which was a requirement of this scenario. The following image displays the two types of installation that you can perform with Windows 7: Objective: Installing, Upgrading, and Migrating to Windows 7 Sub-Objective: Upgrade to Windows 7 from previous versions of Windows References: TechNet > TechCenters > Windows Client TechCenter > Home Windows Client Video Library > Windows 7 Feature Walkthroughs > Windows XP Migration > Migrating from Windows XP to Windows 7 TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Step-by-Step: Windows 7 Upgrade and Migration

You have a computer with the Windows 7 operating system. You open the Internet Protocol Version 6 (TCP/IPv6) Properties window of your network adapter to find the address. You find the following: How can you find the IPv6 address of your computer? (Choose three.)

(missing pictures 1-2) netsh route netstat Explanation: You can use netsh, route, or netstat to find the IPv6 address of your computer. Another option would be to run the ipconfig /all command to find the address of your computer. You can use the netsh command to configure or display information about a network adapter. You can use either one of the following netsh interface ipv6 commands to display IPv6 configuration information: netsh interface ipv6 show address - shows the IPv6 address of all interfaces on the computer netsh interface ipv6 show route - shows the route table of the computer and displays the IPv6 addresses of the IPv6 addresses of the adapters. You can use the route print and netstat -r commands to display the route table of the computer. When the route table is displayed, you can see the IPv6 addresses of the adapters. The output of these commands is similar to netsh interface ipv6 show route. The following is the output of netstat -r. This command shows both the IPv4 route table and the IPv6 route table. All other answers are incorrect because they do not display the IPv6 address of a computer. The nbtstat utility displays NetBios statistics. The net computer utility is used to add or delete a computer to a domain. The rpcping utility is used to ping a computer based on an IP address and display RPC statistics. You should not use IPHelper. IPHelper is a service that provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. This service is started and set to automatic by default. When the service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. Objective: Configuring Network Connectivity Sub-Objective: Configure IPv6 network settings References: TechNet > TechNet Library > Network and Messaging > Networking > Internet Protocol Version 6 (IPv6) > Using Windows Tools to Obtain IPv6 TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 and Windows Server 2008 R2 (Release Candidate) > Browse Windows Server Technologies > Networking > TCP/IP > TCP/IP (v4 and v6) Technical Reference > IP Version 6 (IPv6) > IPv6 Tools and Settings (TechRef) TechNet > TechCenters > TechNet Magazine > Home > Issues > 2009 > July > The Cable Guy: Support for IPv6 in Windows Server 2008 R2 and Windows 7

You work for a company that manufactures hand-held music players. You need to create a training lab with computers that run Windows 7. The computers in the lab do not currently have the same hardware. You use one of the computers to create a Windows 7 reference computer. You need prepare the reference computer for imaging. You want to make sure that training computers have customized Windows images, additional device drivers, and additional applications. You want to test the validity of the installation before applying the image to the reference computer. Which Sysprep switch must you use?

/audit

Which Sysprep switch enables you to automate the mini-setup wizard so the computer name and other information can automatically be prepared?

/unattend

You are the administrator for a branch office of the Verigon Corporation. You have servers that run Windows Server 2008 R2 at the main office and branch offices that have support for a Teredo server. You need to have a Teredo client installed on the Windows 7 computers in the branch office. The Windows 7 computer needs an IPv6 address so that unicast packets are sent through the Internet from a client to a Teredo server. What address should you assign to the station?

2000:1234:5678:9ABC:1234:5678:9ABC:1111

You are the administrator of the Verigon Corporation's Active Directory domain. You want to remotely collect events from a Windows 7 computer named MW55 that is located in the office. All information will be stored on a Windows Server 2008 R2 computer named SRV1. On SRV1 you start the Windows Event Collector service and configure its start mode to Automatic. You start the Windows Remote Management (WinRM) service on MW55. You receive the -2144108183 0x80338169 error.

A WinRM firewall exception was not set for the network connection type of Domain on MW55 to allow port 5986. Explanation: You must set a WinRM firewall exception was not set for the network connection type of Domain on MW55. You can use the Windows Firewall to set an exception for different network connection types, including Home/Work(Private) or Public. You can use the Windows Firewall with Advanced Security to configure an Outbound rule or Inbound rule to include a connection type of Domain. You should set the default HTTP/HTTPS ports for Windows Remote Management (WinRM) to 5985/5986 for Windows 7. If you run winrm quickconfig to start the WinRM service, the firewall will be checked to see if the WinRM service will pass through. If an exception is not made for the WinRM server, you may see the following error: You should not allow an exception for port 1433. An instance of SQL Server 2005, 2008 or 2012 uses TCP port 1433. For a client to search the name of the SQL Server, the SQL Server Browser service must be running on the SQL Server and UDP port 1434 must be open on the firewall. In this scenario, you do not need to open TCP port 1433 or UDP port 1434 because you do not need access to a SQL server. The error was not caused because a WinRM firewall exception was not set for the network connection type of Public on MW55. Since MW55 is on the domain, you set the connection type to either Private or Domain. All other options are incorrect. The error occurred on MW55, not on SRV1. Configuring an exception on the firewall of SRV1 may be necessary, but it is not the source of the error. The WinRM requires configuration on both MW55 and SRV1 computer. Objective: Configuring Network Connectivity Sub-Objective: Configure remote management References: Windows Networking > How WinRM & WinRS can help you, how to enable then, and examples of how you can use them. TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap >What's Changed in This Release Candidate of Windows 7

You are the administrator of the Nutex Corporation's Active Directory domain. Your users have Windows Vista and Windows 7 computers. Members of the Sales department frequently travel. While out of the office, they connect to the network through the VPN. Several of the sales people complain that they cannot connect to the FQDNs of appv6.nutex.com and sql22.nutex.com. The IP addresses of the servers are registered in the DNS. The same users can connect to these servers by FQDN while in the office, but they can only connect to the servers if they enter the IP addresses when connecting through the VPN. You plan on developing a new strategy for remote access, but that will not be implemented until next quarter. What can you do to ensure that sales people can connect to the servers in the Nutex domain while out of the office?

Add all IP addresses of the servers to the local HOSTS file on the sales people's laptops. Explanation: You should add all IP addresses of the servers to the local HOSTS file on the sales people's laptops. A HOSTS file can be used to resolve the host names of servers that have an A (IPv4 host record) or AAAA (IPv6 host record) in DNS. An example of a HOSTS file could be the following: 2001:db8::10:2aa:ff:fe21:5a88 appv6.nutex.com appv6 2001:db8::10:2aa:ff:fe21:5b28 fsv6.nutex.com appv6 10.88.16.200 fs12.nutex.com fs12 10.88.16.210 sql22.nutex.com sql22 A HOSTS file can aid in name resolution for the sales people when they are outside the office. When a user attempts to resolve a name, the computer will first look in its cache to resolve the query. Next, the local HOSTS file is searched, and then the request is sent to the preferred DNS server. If the preferred DNS server does not answer, it will send a request to the alternate DNS server. If the preferred DNS server does return an answer or returns the wrong answer, the computer will not send a request to the alternate DNS server. If the user cannot connect to any of the DNS servers, the HOSTS file can provide name resolution. There is not a separate HOSTS file for IPv6 addresses. A HOSTS file can be used to specify the IPv6 addresses of a server as well as the IPv4 addresses of a server. You should not add the IP addresses to the SERVICES file. The SERVICES file identifies the services and ports that are used by those services on the computer. The SERVICES file does not resolve host records. There is not a separate SERVICES file for IPv6 services. Objective: Configuring Network Connectivity Sub-Objective: Configure IPv6 network settings References: TechNet > TechNet Library > Network and Messaging > Networking > Evaluate and Plan > TCP/IP Fundamentals for Windows > Chapter - Host Name Resolution

You are an administrator for the Metroil company. The company has purchased several new Windows 7 computers for the Accounting department. After upgrading to the new hardware, all users in the Accounting department complain that they cannot view the site to post end of the month records. The users in the Accounting department can view all other Web sites. Users who still have computers with Windows XP SP2 or Windows Vista can view the Web site and post records. What should you do to allow the Windows 7 users in the Accounting department to view the site?

Add the Web site to the Compatibility View Settings in Internet Explorer 8 on the Windows 7 computers. Explanation: You should add the Web site to the Compatibility View Settings in Internet Explorer 8. Compatibility View Settings is a new feature of Internet Explorer 8 on the Windows 7 computers. If a user connects to a page that may be blank or distorted, the problem may be that the page may not be able to use the browser. You can add the Web site to the Compatibility View Settings as displayed in the following screenshot. You should not right-click iexplore.exe, open the Properties window, and set the compatibility level to Windows XP SP2. You can set the compatibility level of a program that may not work in Windows 7, but will work in a previous version of the operating system. In this scenario, Internet Explorer is working. The Accounting users can see all Web sites except the http://accounting.metroil.net site. You should not change the compatibility level of iexplore.exe, but rather change the Compatibility View Settings of IE 8. You should not add the appropriate accelerator to browsers on the Windows 7 computers. Internet Explorer 8 allows you to add accelerators to the browser to help you perform tasks such as finding addresses and defining words. You can add accelerators in Internet Explorer 8 by clicking the Manage Add-ons under the Tools menu. In this scenario, you are not trying to speed up a task in the browser or simplify a task in the browser. You need to have the browser handle a web page that is compatible with a previous version of the browser. An Accelerator will not allow you to handle a web page that is compatible with a previous version of the browser. You should not add the Web site in the SmartScreen Filter in Internet Explorer 8 on the Windows 7 computers. The SmartScreen Filter is replacement for the Phishing Filter that was introduced in Internet Explorer 7. SmartScreen can be used to determine if a website is using a spoofed Web address in a phishing scam. SmartScreen offers Anti-Malware support and improved Group Policy support. SmartScreen will not allow you to handle a Web page that is compatible with a previous version of the browser. Objective: Configuring Hardware and Applications Sub-Objective: Configure application compatibility References: Microsoft Help and Support > Description of the Compatibility View list in Windows Internet Explorer 8 Windows Help and How-to > Why don't some websites display correctly in Internet Explorer 8?

You are an administrator for the Verigon Corporation. Your users have recently been upgraded to Windows 7 computers. You want to ensure that your users can retrieve data more quickly with Internet Explorer, conveniently map street addresses before visiting client sites, and perform language translation. What should you do?

Add the appropriate accelerator in Internet Explorer You should add the appropriate accelerator in Internet Explorer. Accelerators speed up the Web browsing experience. Accelerators provide fast access to functions that normally take longer to access. You can add-on accelerators to map addresses, find and preview items on auction sites, translate words and other functions. You should not increase the virtual page file. Increasing the virtual page file allows the computer to use more of the hard disk as memory. This may cause the computer to perform sluggishly, since you are using disk space for memory. Increasing the virtual page file will not allow your browser to perform better. You should not add the appropriate search provider in Internet Explorer. A search provider is used to search the Internet for information. Switching from one search provider to another may improve the results of the search, but will not provide fast access to functions that normally take longer to access such as mapping addresses. You should not set the browser to use InPrivate Browsing. InPrivate Browsing helps prevent cookies, temporary internet files, form data and passwords, or history from being stored on the workstation. Any toolbars and extensions are disabled with InPrivate Browsing. InPrivate Browsing will not allow you to improve to conveniently map addresses and perform language translation. Objective: Configuring Hardware and Applications Sub-Objective: Configure Internet Explorer References: TechNet > TechNet Library > Internet Explorer > Internet Explorer 8 > Internet Explorer 8 Deployment Guide > Part 1: New Features in Internet Explorer 8 > Features For Users ghacks.net >10 Useful Internet Explorer 8 Accelerators Internet Explorer 8 > Add-ons Gallery: Accelerators

You have a computer that runs the Windows 7 operating system. You have an application that continues to fail. You have confirmed that the application runs flawlessly on other computers with the same operating system and configuration. You need to test if your computer may have faulty RAM chips. What can you do to evaluate the memory of the computer?

Boot from a Windows installation disc and access the System Recovery Options Explanation: You should boot from a Windows installation disc and access the System Recovery Options menu. In the System Recovery options, you can run the Windows Memory Diagnostic tool. This tool can run three different tests on physical memory: Basic - runs a standard number of tests Standard - runs several more tests than Basic Extended - runs more tests than Standard. Will take several hours to complete. To access the Windows Memory Diagnostic tool you need to boot from a Windows Installation Disc or a System Repair disc. You need to have your computer's BIOS setting configured to have the computer to boot from a CD/DVD drive. You should do the following: Insert the Windows 7 installation disc. Restart the computer. If prompted, press any key to start Windows from the installation disc. Choose your language settings. Choose Repair your computer. Select the Windows installation to repair. On the System Recovery Options, choose Windows Memory Diagnostic. You should not run mem.exe or verifier.exe from the administrator command prompt. The mem.exe utility displays the amount of used and free memory in your system. The verifier.exe utility is used to verify drivers on your computer. Neither utility will determine if you have bad RAM chips in your computer. You should not boot with a USB flash drive inserted and use ReadyBoost. ReadyBoost allows the Windows Operating system to use the capacity of the USB flash drive as extra memory in the computer. Simply booting from the USB flash drive will not determine if you have bad RAM chips in your computer. Objective: Configuring Backup and Recovery Options Sub-Objective: Configure system recovery options References: Tech Republic > Investigate RAM problems with Vista's Windows Memory Diagnostic Tool TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Browse Windows Server Technologies > Backup and recovery > Backup and Recovery Overview for Windows Server 2008 R2

You are the administrator for the Verigon Corporation. You support salespeople that are mobile and require access to intranet resources when they travel. You plan to implement a DirectAccess network solution to provide secure network access to intranet resources. You upgrade all your servers to Windows Server 2008 R2 and upgrade all clients to Windows 7. You create a GPO and link it to the OU that contains all the salespeople's laptops. You want to add an entry into the GPO to ensure all client stations are Teredo clients to the Teredo server. You are the administrator for the Verigon Corporation. You support salespeople that are mobile and require access to intranet resources when they travel. You plan to implement a DirectAccess network solution to provide secure network access to intranet resources. You upgrade all your servers to Windows Server 2008 R2 and upgrade all clients to Windows 7. You create a GPO and link it to the OU that contains all the salespeople's laptops. You want to add an entry into the GPO to ensure all client stations are Teredo clients to the Teredo server. What branch of the policy must you use to set the appropriate setting?

Computer Configuration\ Policies\ Administrative Templates\ Network\ TCPIP Settings\ Ipv6 transition Technologies Explanation: You can use a GPO to configure Windows 7 computers as clients to Teredo servers. To do so, enable the Computer Configuration \ Policies \ Administrative Templates \ Network \ TCPIP Settings \ Ipv6 transition Technologies \ Teredo State=Enterprise Client. You should enable the above setting in a GPO and link the GPO to the domain, a site, or an OU that contains the clients. You can also run the following netsh command on a Windows 7 computer to enable it as a client of a Teredo server: netsh interface ipv6 set teredo enterpriseclient <DNS name or IPv4 address of Server> All of the other answers are incorrect. You do not have to enable a setting under the path of Computer Configuration \ Policies \ Network \ Network Connections \ Windows Firewall in a GPO to enable a Windows 7 computer to be a client of a Teredo server. However, you should allow inbound and outbound ICMPv4 and ICMPv6 traffic to pass through the client's firewall. You do not have to set any settings under the path of Computer Configuration \ Policies \ Network \ Background Intelligent Transfer Services. Background Intelligent Transfer Services is not needed to configure a Teredo client or server. You do not have to set any settings under the path of Computer Configuration \ Policies \ Network \ Microsoft Peer-to-Peer Networking Services. Microsoft Peer-to-Peer Networking Services is not needed to configure a Teredo client or server. Objective: Configuring Mobile Computing Sub-Objective: Configure DirectAccess References: TechNet > TechNet Library > Windows > Window 7 > Windows 7 Technical Library Roadmap > Product Evaluation > DirectAccess Early Adopters Guide > Appendix D - Scripted and Group Policy DirectAccess Client Installation Instructions Windows Server 2008 R2 > Windows 7 >Step By Step Guide: Demonstrate DirectAccess in a Test Lab TechNet > IPv6 Blog > New Technical Resources for DirectAccess TechNet > TechNet Library > Using DirectAccess to Provide Secure Access to Corporate Resources from Anywhere TechNet > TechCenters > TechNet Magazine > Home > Issues > 2009 > May > Cable Guy DirectAccess and the Thin Edge Network

You are the administrator for the Metroil Corporation. You support salespeople who are mobile and require access to intranet resources when they travel. You plan to implement a DirectAccess network solution to provide secure network access to intranet resources. You upgrade all your servers to Windows Server 2008 R2 and upgrade all clients to Windows 7. You want to make sure all client stations are Teredo clients to the Teredo server named srv2.metroil.com. The server has an IPv4 address of 192.168.1.32. What must you do to ensure that an Enterprise Teredo client is configured correctly?

Create a GPO that runs a script that contains the command netsh interface ipv6 set teredo enterpriseclient 192.168.1.32. Link the GPO to the OU that contains all of the mobile clients. Explanation: You should create a GPO and link the GPO to the OU that contains all the clients. The GPO should run a script that contains the following command: netsh interface ipv6 set teredo enterpriseclient 192.168.1.32 The above command can be use to configure a Windows 7 computer as a Teredo client to a Teredo server. You can specify either the name of the Teredo server or the IPv4 address of the Teredo server, as in this example. You can also use a GPO to configure Windows 7 computers as clients to Teredo servers. To do so, you would enable Computer Configuration| Policies \ Administrative Templates \ Network \ TCPIP Settings \ Ipv6 transition Technologies \ Teredo State=Enterprise Client. You should enable the above setting in a GPO and link the GPO to the domain, a site, or an OU that contains the clients. All other answers are incorrect. You do not have to enable Computer Configuration \ Policies \ Network \ Network Connections \ Windows Firewall \ Standard Profile \Windows Firewall: Allow ICMP exceptions\ Allow redirect in a GPO. Enabling an ICMP exception for Allow redirect is not necessary. You do not have to enable Computer Configuration \ Policies \ Network \ Network Connections \ Microsoft Peer-to-Peer Networking Services \ Turn off Microsoft Peer-to-Peer Networking Services. This setting turns off peer-to-peer protocols on your computer. This action is not necessary in this scenario. The netsh interface ipv6 set teredo client port 1055 srv2.metroil.com command is syntactically incorrect. The netsh interface ipv6 set teredo client port command is used to set the client port over which the client communicates with the server. The command does not set the Teredo server. Objective: Configuring Mobile Computing Sub-Objective: Configure DirectAccess References: TechNet > TechNet Library > Windows > Window 7 > Windows 7 Technical Library Roadmap > Product Evaluation > DirectAccess Early Adopters Guide > Appendix D - Scripted and Group Policy DirectAccess Client Installation Instructions Windows Server 2008 R2 > Windows 7 >Step By Step Guide: Demonstrate DirectAccess in a Test Lab TechNet > IPv6 Blog > New Technical Resources for DirectAccess TechNet > TechNet Library > Using DirectAccess to Provide Secure Access to Corporate Resources from Anywhere TechNet > TechCenters > TechNet Magazine > Home > Issues > 2009 > May > Cable Guy DirectAccess and the Thin Edge Network

You are the administrator for the Metroil Corporation. You support salespeople who are mobile and require access to intranet resources when they travel. You plan to implement a DirectAccess network solution to provide secure network access to intranet resources. You upgrade all your servers to Windows Server 2008 R2 and upgrade all clients to Windows 7. You want to make sure all client stations are Teredo clients to the Teredo server named srv2.metroil.com. The server has an IPv4 address of 192.168.1.32. What must you do to ensure that an Enterprise Teredo client is configured correctly?

Create a GPO that runs a script that contains the command netsh interface ipv6 set teredo enterpriseclient 192.168.1.32. Link the GPO to the OU that contains all of the mobile clients. Explanation: You should create a GPO and link the GPO to the OU that contains all the clients. The GPO should run a script that contains the following command: netsh interface ipv6 set teredo enterpriseclient 192.168.1.32 The above command can be use to configure a Windows 7 computer as a Teredo client to a Teredo server. You can specify either the name of the Teredo server or the IPv4 address of the Teredo server, as in this example. You can also use a GPO to configure Windows 7 computers as clients to Teredo servers. To do so, you would enable Computer Configuration| Policies \ Administrative Templates \ Network \ TCPIP Settings \ Ipv6 transition Technologies \ Teredo State=Enterprise Client. You should enable the above setting in a GPO and link the GPO to the domain, a site, or an OU that contains the clients. All other answers are incorrect. You do not have to enable Computer Configuration \ Policies \ Network \ Network Connections \ Windows Firewall \ Standard Profile \Windows Firewall: Allow ICMP exceptions\ Allow redirect in a GPO. Enabling an ICMP exception for Allow redirect is not necessary. You do not have to enable Computer Configuration \ Policies \ Network \ Network Connections \ Microsoft Peer-to-Peer Networking Services \ Turn off Microsoft Peer-to-Peer Networking Services. This setting turns off peer-to-peer protocols on your computer. This action is not necessary in this scenario. The netsh interface ipv6 set teredo client port 1055 srv2.metroil.com command is syntactically incorrect. The netsh interface ipv6 set teredo client port command is used to set the client port over which the client communicates with the server. The command does not set the Teredo server. Objective: Configuring Mobile Computing Sub-Objective: Configure DirectAccess References: TechNet > TechNet Library > Windows > Window 7 > Windows 7 Technical Library Roadmap > Product Evaluation > DirectAccess Early Adopters Guide > Appendix D - Scripted and Group Policy DirectAccess Client Installation Instructions Windows Server 2008 R2 > Windows 7 >Step By Step Guide: Demonstrate DirectAccess in a Test Lab TechNet > IPv6 Blog > New Technical Resources for DirectAccess TechNet > TechNet Library > Using DirectAccess to Provide Secure Access to Corporate Resources from Anywhere TechNet > TechCenters > TechNet Magazine > Home > Issues > 2009 > May > Cable Guy DirectAccess and the Thin Edge Network

You are the administrator for a domain in the Metroil Corporation. You have created some *.avi files that contain training lessons from the Human Resources department. It is mandatory that department employees view and pass a test based on the training lessons. The *.avi files do not work with older versions of Windows Media Player. Users should use version 12.0.0.1 or above of Windows Media Player to view the training lessons.

Create a Group Policy Object linked at the domain, and create an executable rule to deny department employees from using version 12.0.0.0 or below of Windows Media Player. Filter the GPO by department. Explanation: You should create a Group Policy Object and use it to create an executable rule to deny Human Resources department employees from using version 12.0.0.0 or below of Windows Media Player. With AppLocker, you can create an executable rule that prevents a user or group from running older versions of an executable. In this scenario, you could create an executable rule that applies only to the department users that prevents a user from running a version of wmplayer.exe that is older than version 12.0.0.1. You can create this executable rule in either the local security policy on the computer, or a Group Policy Object (GPO). A GPO can be linked at the domain level, site level, or Organizational Unit (OU) level. When a GPO is applied at a particular level, it is applied to all users and computers in that level and below by default. You can filter a GPO to ensure that a GPO only applies to certain users or certain computers. Creating a GPO at the domain level will apply the settings of the GPO to all users and computers in the domain. However, if you filter the GPO only by the computers in a particular department, the GPO will only apply to the computers in that department. In this scenario, you could place all Human Resources department computers in a group and specify the group as the filter for the GPO. You could also create an OU that contains only the department users and computers, and link the GPO at the OU level. You should not use the local security policy to create an executable rule to deny department employees from using version 12.0.0.0 or below of Windows Media Player. The local security policy only applies to a single computer. You would have to repeat this task on each of the department's computers. You could easily apply these settings via GPO applied at the domain or OU level. You should not use a local security policy or a GPO to create a hash rule for wmplayer.exe on each department employee's computer and specify the 12.0.0.1 version of wmplayer.exe. A hash rule would only allow a user to use the 12.0.0.1 version of wmplayer.exe. This option would not allow a user to use a future update of wmplayer.exe. A hash rule only applies to a specific version of a file. Objective: Configuring Access to Resources Sub-Objective: Configure authentication and authorization References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Security and Protection > AppLocker Step-By-Step Guide > What Is AppLocker? TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Product Evaluation > Windows 7 AppLocker Executive Overview Windows Seven Forums > How to Create New Rules in Windows 7 AppLocker Copyright © 2015 Transcender, A Kaplan Professional Company. All Rights Reserved Go to previous itemGo to next item View exhibit(s) for this item Instructions - Advanced Print - Print Page Email Feedback

You are the administrator of an Active Directory domain. All servers run Windows Server 2008 R2 and all client computers run Windows 7. You want to find who has changed Windows registry keys on the computers in the domain. What should you do?

Create a Group Policy object and link it to the domain. Enable Audit objectaccess under Audit Policy. Explanation: You should create a Group Policy object (GPO), link it to the domain, and enable Audit object access under Audit Policy. The Audit object access policy allows you to enable auditing on files and registry keys. To enable auditing for files, you must have Audit object access policy enabled in a GPO or local security policy and you must enable auditing on the file, directory, or volume. You should not enable Audit policy change under Audit Policy. This policy audits attempts to change user rights assignment policy, audit policy, account policy or trust policy. This policy will not audit attempts to the registry. You should not enable Audit privilege use under Audit Policy. This policy audits each instance of a user exercising a user right. This policy will not audit attempts to the registry. You should not edit the Default Domain Controllers policy. This policy will only affect the computers that are contained in the Default Domain Controllers Organizational Unit (OU). These computers are domain controllers, not client computers. Objective: Monitoring and Maintaining Systems that Run Windows 7 Sub-Objective: Monitor systems References: TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Browse Windows Server Technologies > Security and Protection > Security Auditing > Security Audit Policy Reference > Audit Policy Settings Under Local Policies\Audit Policy Copyright © 2015 Transcender, A Kaplan Professional Company. All Rights Reserved Go to previous itemGo to next item

You are the administrator of the Verigon Corporation. You want to make sure that all of the computers in the Accounting Organizational Unit (OU), which all run Windows 7 Enterprise Edition, use a signed application that is file version 2.0.4 or higher. Users have been resistant to using the new version. Some of the Accounting users have been using Remote Desktop to connect to a server in the Tax OU that has the 2.0.3 version of the application. Several of the computers in the Accounting OU will be replaced in a week when their lease runs out. What should you do to prevent accounting users from using a version of the application below 2.0.4?

Create a Group Policy that specifies an application control policy on the computers. Link the GPO to the Accounting OU and the Tax OU.

You are the administrator of a company that has offices in the cities of Birmingham, Atlanta, and Charlotte. Managers in each office need specific configurations for their Windows 7 computers. Each manager has created specific images for their office. Each office has a DHCP server with an active scope with plenty of available IP addresses. You want to ensure that managers in different offices do not deploy images that are not meant for their office. What should you do?

Create image groups for each office in Windows Deployment Services. Grant the managers the appropriate permissions to their respective image groups. (missing pictures 2-4) You should create image groups for each office in Windows Deployment Servers. You should grant permissions to each manager for the respective image group. This will allow the appropriate managers access to their own images, and not allow all other managers to use images that are not for their office. All other options are incorrect. You cannot use any of the tabs on the Properties page of Windows Deployment Services to grant managers the permissions to create images in their own OUs. The Directory Settings tab can be used to specify a client name policy for a computer and a location in Active Directory where a computer can be installed. These settings apply to computers that connect to the WDS server via PXE. The Advanced tab can be used to specify the ports that can be used to connect to the WDS server. The Advanced tab is used to specify which domain controller and global catalog server the WDS server will use. You can also specify whether a WDS server will be authorized in this tab. The Network Settings tab can be used to specify the multicast address range and the port range used by the WDS server. Objective: Deploying Windows 7 Sub-Objective: Deploy a system image References: Windows Deployment Services Configuration for Zero Touch TechNet > TechNet Library > Windows > Windows7 > Windows 7 Technical Library Roadmap > Planning and Architecture > Choosing a Deployment Strategy > Zero-Touch, High Volume Deployment Internet Information Services > Preparation Activities for WDS TechNet > TechNet Library > Deployment > Server Deployment > Information Center:Documentation > Deployment Process > Microsoft Deployment > Preparing the Windows Deployment Services Server Microsoft Help and Support > How to edit a Windows Imaging Format file on a Windows Server 2003 Service Pack 1 (SP1)-based computer that is running Windows Deployment Services

You plan to install Windows 7 on a new computer. You boot the computer with a Windows PE image. You notice that some of the out-of-box drivers are not included in the Windows PE image. For the software you are using, the driver .inf file and the driver .sys file do not require reboots. Which utility can you use to add the driver to the booted Windows PE image?

Drvload Explanation: You should run the Drvload utility. Drvload.exe is a built-in diagnostic tool in Windows PE that can be used to troubleshoot Windows 7. The Drvload.exe tool can be used to install device drivers to a booted Windows PE image. For example, if the Windows 7 Setup is unable to initialize a network adapter the computer, it may be possible that the driver for the network adapter is not installed. If the appropriate drivers for the network adapter are not installed, then Setup will not be able to find the network adapter. In this case, you could run the drvload command to install the driver for the network adapter. Another solution would be to select the Load Driver option on the Where do you want to install Windows page to install the driver for the network adapter. PEImg.exe is a built-in diagnostic tool that can modify offline Windows PE images or create Windows PE images in Windows Vista, but not in Windows 7. The Deployment Image Servicing and Management Tool (DISM) is the command line tool that replaces PEImg.exe in Windows 7. In this scenario, you wanted add the new drivers to the Windows PE image while the Windows PE image is online. You will need to use the drvload command to install the driver to the online Windows PE image. If the driver .sys file required a reboot, you would not be able to use Drvload. You would have to use DISM. If it were a Windows Vista machine, you would use PEImg. In this scenario, however, no reboot was required. You should not run Oscdimg. Oscdimg.exe is a tool that is used to create an image file for Windows PE in Windows 7. In this scenario, you do not have to create a new Windows PE image, but modify an existing in Windows PE image. You should not run Bootsect. Bootsect.exe updates the master boot code for disk partitions. In this scenario, you need to update a Windows PE image, not the master boot code of a disk partition. Objective: Deploying Windows 7 Sub-Objective: Prepare a system image for deployment References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Windows PE Technical Reference > Windows PE Tools TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Windows PE Technical Reference > What Is Windows PE? TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Windows PE Technical Reference > Windows PE Tools > Drvload Command-Line Options Windows Networking.com > Deployment Windows 7 - Part 1: Windows AIK 2.0 Enhancements Windows Networking.com > Deployment Windows 7 - Part 2: Windows AIK 2.0 Enhancements

You are the administrator for a small branch office of the Verigon Corporation. You want your users to execute files that have a public key infrastructure (PKI) signature before the application requests elevation of privilege. You want to enforce the PKI certification path validation for executable files before they run on the computer. What should you configure?

Enable User Account Control: Only elevate executable files that are signed and validated in the Local Security Policy on the computer. Explanation: You should enable User Account Control: Only elevate executable files that are signed and validated in the Local Security Policy on the computer. This policy option enforces a PKI certification path validation for an executable that is run on the computer. If an application is not signed and validated, the application will not run. Although this policy can be set in the local security policy, it can also be set in a Group Policy object (GPO) linked at an Active Directory Site, Domain, or OU. This policy option can give an Enterprise administrator control of the applications that are allowed to run. Certificates would have to be added to the Trusted Publishers certificate store on local computers that are affected by this policy. It would be easier to set this option in a GPO and link it to an OU that contained all computers in the branch office. You should not enable User Account Control: Only elevate UIAccess applications that are installed in secure locations on a Group Policy linked at an OU that contains the branch office. This option ensures that applications that run with a User Interface Accesibility (UIAccess) integrity level must be stored in a secure location in the file system such as \Program Files or \Windows\System32. This option will not enforce the PKI certification path validation for executable files before they run on the computer. You should not enable User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop in the Local Security policy on the computer. This policy setting controls UIAccess programs ability to disable the secure desktop for elevation prompts used by a standard user. This option will not enforce the PKI certification path validation for executable files before they run on the computer. You should not enable User Account Control: Switch to the secure desktop when prompting for elevation on a Group Policy linked at an OU that contains the branch office. This option controls the behavior of how the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. This option will not enforce the PKI certification path validation for executable files before they run on the computer. Objective: Configuring Access to Resources Sub-Objective: Configure user account control (UAC) References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Security and Protection > User Account Control Technical Reference > UAC Group Policy Settings

You are manager of several computers in a branch office. All servers in the branch office run Windows Server 2008 R2 and all client computers run Windows 7. You need to run commands in an interactive session on different computers in your office. What PowerShell cmdlet should you use?

Enter-PSSession Explanation: You can use the Enter-PSSession cmdlet to begin an interactive session on another computer. Once the session has been initiated, commands will run on the remote computer. You can specify the computer name of the remote computer in the cmdlet. You can also use the New-PSSession cmdlet to create an interactive session on a remote computer. With the New-PSSession cmdlet, you will create a persistent connection to the remote computer. You should not use Enable-PSRemoting. This cmdlet configures a Windows computer to receive remote commands. This cmdlet will not run commands in an interactive session on different computers in your office. You should not use Push-Location or Pop-Location. Push-Location moves the current location whether it is a directory path or registry path to the top of the location stack. Pop-Location changes the current location to the last location that was put onto the stack. Neither cmdlet can run commands in an interactive session on different computers in your office. Objective: Configuring Network Connectivity Sub-Objective: Configure remote management References: TechNet > TechNet Library > Scripting > Windows Powershell > Windows PowerShell Core > Windows PowerShell Cmdlet Help Topics > Enter-PSSession

You have a laptop that has the Windows Vista operating system. You want to transfer files and settings to another laptop that is running the Windows 7 operating system. Which of the following methods can you use to transfer files and settings? (Choose all that apply. Each correct answer is a separate solution.)

Explanation: You can use a network connection or an Easy Transfer cable to transfer files and settings from one computer running Windows to another. Microsoft recommends using the Windows Easy Transfer wizard to for transferring files and settings. The Windows Easy Transfer wizard supports the use of a USB flash drive (UFD), a network connection, or an Easy Transfer cable. An Easy Transfer cable can be used to transfer files and settings from one computer to another by utilizing the USB ports on the source and destination computer. You cannot use a regular USB cable, serial cable, or IEEE 1284 cable to transfer files with the Windows Easy Transfer wizard. None of these cable types is supported by the Windows Easy Transfer wizard. Objective: Installing, Upgrading, and Migrating to Windows 7 Sub-Objective: Migrate user profiles References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Step-by-Step Windows 7 Upgrade and Migration TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Windows Preinstallation Phases > Phase 1: Planning Your Deployment > Preinstallation Concepts > Understanding Upgrade and Migration

You are the administrator for a small branch office of the Verigon Corporation. You want to ensure that users are not bothered with prompts when they make changes to Windows settings on their Windows 7 computers. You want to be prompted if another third party program makes changes to Windows settings. You want the user to be able to interact with the desktop while a prompt is active. How should you configure the User Account Control Settings?

Explanation: You should choose the Notify me only when programs try to make changes to my computer (do not dim my desktop) option. With this option: You will be prompted when a program attempts to make changes to your operating system that require an administrator's permission. You are not prompted when you attempt to make a change to your operating system that require an administrator's permission. You will be prompted if a third-party application attempts to make changes to a Windows setting This option is different than the default option of Default - Notify me only when programs try to make changes to my computer. The Default option will dim the desktop when prompted. A user will not be able to interact with the desktop when a prompt is active. You wanted to ensure that users could interact with the desktop when a prompt was active. Therefore you should select the Notify me only when programs try to make changes to my computer(do not dim my desktop) option. The Default option is more secure than the Notify me only when programs try to make changes to my computer (do not dim my desktop) option. The Default option eliminates the risk that other programs might be able to interfere with the prompts visual appearance. A malicious program could exploit this risk if set the Notify me only when programs try to make changes to my computer (do not dim my desktop) option. You should not select the Always notify me when: option. This option is the most secure setting. This option will not let a user interact with the desktop while a prompt is active. You should not select the Never notify me when: option. This option is the least secure setting. This option will allow a user to interact with the desktop while a prompt is active, but will not prompt a user if another third party program makes changes to Windows settings. Objective: Configuring Access to Resources Sub-Objective: Configure user account control (UAC) References: TechNet > TechCenters > TechNet Magazine > Home > Issues > 2009 > July > User Account Control > Inside Windows 7 User Account Control

You are the administrator of the Verigon Corporation. A user named Jane connects on a daily basis to an intranet site from her Windows XP workstation with her user account and a certificate. Tomorrow Jane will be receiving a new computer installed with Windows 7 and Internet Explorer 8 (IE 8). What should you do to ensure that Jane can continue to connect to the intranet site from the Windows 7 computer?

Export the certificate from the source computer. Access the Content tab of Internet Options in IE 8 to import the certificate to the Windows 7 computer. Explanation: You should export the certificate from the source computer, which is the old workstation, and then access the Content tab of Internet Options in Internet Explorer 8 to import the certificate to the Windows 7 computer. In this scenario, the Web site is using a two-factor authentication that consists of the user account and a certificate. You must export the certificate from the source computer to a PKCS #7 file, a DER-encoded file, or a Base64-encoded file. You can then use the Certificates snap-in or Internet Explorer 8 on the destination computer to import the file. If you use Internet Explorer 8, the certificate import can be accessed from the Content tab of Internet Options. Click Certificates to open the Certificates window and choose Import. Browse to the exported certificate file and import it. You should not access the Security tab in Internet Options to import the certificate. There is no option on the Security tab to view, export, or import certificates. You must use the Content tab of Internet Explorer 8 to import a certificate. You should not add the Web address of the intranet site into the Trusted sites list in Internet Explorer 8 on the Windows 7 computer. The trusted sites zone contains Web sites that you trust. Normally these Web sites are not part of the intranet. Adding the Web site to the Trusted sites zone will not allow proper authentication to occur. You must have the client certificate for the Web site imported into the browser. You should not add the Web address of the intranet site into the Local intranet site list in Internet Explorer 8 on the Windows 7 computer. The local intranet zone is used for all Web sites found on your intranet. While you may want to add the Web site to this zone, you must first import the certificate into the browser so the proper authentication may occur. Objective: Configuring Hardware and Applications Sub-Objective: Configure Internet Explorer References: Microsoft Help and Support > How to Remove, Import, and Export Digital Certificates

You are the administrator for your domain. You want a user named Alice to be able to restore backups to a Windows 7 computer named WKS55. What should you do?

Give Alice user rights on WKS55 to restore files and directories via the local security policy. Explanation: You should give Alice user rights on WKS55 to restore files and directories via the local security policy. You can assign users individual rights on a computer via the local security policy or through a group policy object (GPO). The restore files and directories permission is given to the Administrators and Backup Operators groups. You could also assign Alice membership in the Administrators or Backup Operators groups on WKS55 to restore backups on WKS55. View the following link to see the solution: http://vmstt100.alpha.kaplaninc.com/productdev/launcher.html?lessonname=AssignRestoreFilesRight&modename=preview&doall=false&ignorelm=true You should not add Alice to the Power Users group on WKS55. This group has the ability to share directories and create printers, but does not have the ability to back up or restore files. You should not add Alice to either the Backup Operators group or the Server Operators group on the domain controller for the domain. Both the Backup Operators group and the Server Operators group have the ability to back up and restore files to a computer. However, assigning Alice membership to these groups on the domain controller will allow her to back up and restore files on the domain controller, not WKS55. You would have to add Alice to the Backup Operators group on WKS55. You cannot add Alice to the Server Operators group on WKS55 because the Server Operators group only exists on a domain controller. Objective: Configuring Backup and Recovery Options Sub-Objective: Configure backup References: TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Windows Server 2008 R2 Content by Category > Installed Help for Windows Server 2008 R2 > Active Directory Domain Services > Local Users and Groups > Concepts > Understanding Local Users and Groups > Default local groups TechNet > TechNet Library > Windows Server > Windows Server 2003 > Product Help > Administration and Scripting Tools > Configuration and Management Tools > Local user and Groups > Default local groups Microsoft Help and Support > How to use the backup feature to back up and restore data in Windows Server 2003

You are the administrator for your domain. You want a user named Alice to be able to restore backups to a Windows 7 computer named WKS55. What should you do?

Give Alice user rights on WKS55 to restore files and directories via the local security policy. Explanation: You should give Alice user rights on WKS55 to restore files and directories via the local security policy. You can assign users individual rights on a computer via the local security policy or through a group policy object (GPO). The restore files and directories permission is given to the Administrators and Backup Operators groups. You could also assign Alice membership in the Administrators or Backup Operators groups on WKS55 to restore backups on WKS55. View the following link to see the solution: http://vmstt100.alpha.kaplaninc.com/productdev/launcher.html?lessonname=AssignRestoreFilesRight&modename=preview&doall=false&ignorelm=true You should not add Alice to the Power Users group on WKS55. This group has the ability to share directories and create printers, but does not have the ability to back up or restore files. You should not add Alice to either the Backup Operators group or the Server Operators group on the domain controller for the domain. Both the Backup Operators group and the Server Operators group have the ability to back up and restore files to a computer. However, assigning Alice membership to these groups on the domain controller will allow her to back up and restore files on the domain controller, not WKS55. You would have to add Alice to the Backup Operators group on WKS55. You cannot add Alice to the Server Operators group on WKS55 because the Server Operators group only exists on a domain controller. Objective: Configuring Backup and Recovery Options Sub-Objective: Configure backup References: TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Windows Server 2008 R2 Content by Category > Installed Help for Windows Server 2008 R2 > Active Directory Domain Services > Local Users and Groups > Concepts > Understanding Local Users and Groups > Default local groups TechNet > TechNet Library > Windows Server > Windows Server 2003 > Product Help > Administration and Scripting Tools > Configuration and Management Tools > Local user and Groups > Default local groups Microsoft Help and Support > How to use the backup feature to back up and restore data in Windows Server 2003

How would you run an executable as another user through Windows Explorer?

Hold the [Shift] key down, right-click the mouse and choose Run As Different User

You are the administrator for the Metroil Corporation. You administer a Hyper-V server with several virtual machines (VMs). You have recently replaced several older computers with new computers running Windows 7. The new Windows 7 client computers have difficulty accessing any of the VMs on the Hyper-V server. The new computers get the following certificate error: The remote computer could not be authenticated due to problems with its security certificate. It may be unsafe to proceed. The following errors were encountered while validating the remote computer's certificate: The certificate is not from a trusted certifying authority. You cannot proceed because authentication is required. The older Windows computers are able to access the VMs and do not get the above error. What should you do?

Import the root CA certificate into each client computer's Trusted Root Certification Authorities machine certificate store. Explanation: You should import the root CA certificate into each client computer's Trusted Root Certification Authorities machine certificate store. Before a client can successfully negotiate a secure link with the Hyper-V server, the Hyper-V client must trust the certificate authority issuing the certificate for the service on the Hyper-V server. The client computer needs the root CA certificate in its Trusted Root Certification Authorities. To receive the root CA, you can export the root CA and import the certificate using the Certificates snap-in on the clients. You can also add the root certificate to the Trusted Root Certification Authorities machine certificate store via Group Policy. You can use the Certificate Import Wizard to import a root certificate and install it as a trusted root certificate authority CA for a GPO. You do not have to import the root CA certificate to the Hyper-V server's Trusted Root Certification Authorities machine certificate store. The Hyper-V server needs to have a certificate issued on behalf of the root and also needs to trust the root CA. Older Windows clients are able to connect to the Hyper-V server and do not have any authentication issues. The Windows 7 clients must have the root certificate in the Trusted Root Certification Authorities machine certificate store. You should not create an entry in Credential Manager on each Windows 7 server for the Hyper-V name, the correct user account, and the password. Credential Manager allows you to create persistent connections to servers by storing the credentials needed to connect to the requested server. In this scenario, the error is not due to credentials, but because the trusted certificate authority cannot be verified. You do not have to request user certificates for the Hyper-V server equal to the number of maximum concurrent users. User certificates are used to authenticate users. In this scenario, you do not have to authenticate each user, but rather validate the server certificate. Objective: Configuring Access to Resources Sub-Objective: Configure authentication and authorization References: TechNet > TechNet Library > Windows Server > Windows Server 2003 > Product help > Windows Server 2003 Product Help > Security > Security Configuration Manager > Security Configuration Manager > Using Security Configuration Management > Public Key Policies > Public Key Policies How to > Add a trusted root certification authority to a Group Policy object How to Import the Root CA Certificate into Email Client Certificate Stores

You have a Windows Vista computer that has 19 GB of free disk space. You plan to upgrade the computer to Windows 7. Click the Exhibit(s) button to see the current settings for the Windows Vista computer. You run the Windows 7 Upgrade Advisor. What does the Upgrade Advisor suggest you change?

Install the latest Service Pack

You create a new standard user account for a Troy on a computer running Windows 7. Troy reports that when he attempts to run defrag c: /v /u from a command prompt, he receives the following error message: What should you do to ensure that Troy can run the command without receiving any error message?

Instruct Troy to open the Administrator Command Prompt. Explanation: You should instruct Troy to open the Administrator Command Prompt. Windows 7 supports two levels of users: standard users and administrators. The standard user and administrator user accounts specify the level of access the user has over core, protected areas of a computer running Windows 7. Even a user with administrative privileges is logged on to a Windows 7 computer as a standard user. UAC limits administrator-level access to authorized processes by requiring all users to run applications and tasks with a standard user account. The standard users are members of the Users group and cannot install any applications or make system changes. When a standard user attempts to run utilities, such as Defrag, Chkdsk or IPConfig, he receives an access denied message stating that this task requires elevation. To enable a standard user to run command-line utilities that will enable him to make system changes, you should instruct the user to open the Administrator: Command Prompt. You can open an Administrator: Command Prompt by right-clicking the command prompt application, selecting the Run as administrator option, and providing administrative credentials. By using an Administrator: Command Prompt, a user can run command-line utilities such as Defrag and Chkdsk to fix disk problems, and IPConfig to release and renew the IP address of the system. You should not add Troy to the Power Users group. The Power Users group primarily provides backward compatibility for running non-certified applications or legacy applications. The members of the Power Users group can modify computer-wide settings with some restrictions. However, a standard user who is member of the Power Users group cannot run the Defrag utility in Windows 7. You should not add Troy to the Network Configuration Operators group. This group allows the user to have delegated privileges to manage network configuration features such as issuing IPCONFIG /RELEASE or IPCONFIG /RENEW commands, enable or disable a LAN connection and modify TCP/IP properties of the LAN connection. A standard user who is a member of the Network Configuration Operators group cannot run the Defrag utility in Windows 7. You should not add Troy to the Backup Operators group. This group allows a user that is a member to backup files and directories that the user may have or may not have permission to. However, a standard user who is member of the Backup Operators group cannot run the Defrag utility in Windows 7. Objective: Configuring Access to Resources Sub-Objective: Configure user account control (UAC) References: TechNet Home > TechNet Magazine > November 2006 > Windows Vista > Achieve the Non-Admin Dream with User Account Control Microsoft Help and Support Home, article ID 297938, A Description of the Network Configuration Operators Group

Joe has encrypted a file named file.doc on a Windows 7 computer named WKS1. Joe moves the file to another Windows 7 computer named WKS2. Sara needs to have access to the file on WKS2. What should be done to allow Sara access to the file?

Joe needs to add Sara's Encrypting File System (EFS) certificate to file.doc on WKS2 Explanation: Joe should add Sara's Encrypting File System (EFS) certificate to the file. Joe would first have to export the EFS certificate and key from WKS1 to WKS2. Joe would not be able to access the file on WKS2 without the key. For Sara to access the file on WKS2, Joe would have to add Sara's certificate to the file. You should not have Sara add her Encrypting File System (EFS) certificate to the file. The file has been encrypted by Joe. Joe would have to export the EFS certificate from WKS1 and import the certificate to WKS2. Joe would also have to add Sara's EFS certificate to the file before she could access it. The file would be encrypted for Sara until Joe adds her EFS certificate to the file. You should not have Sara run CIPHER /ADDUSER /USER:Sara file.doc on WKS2. You can use CIPHER /ADDUSER to add a user's Encrypting File System (EFS) certificate to a file. The user who encrypted the file, Joe, would need to add Sara's certificate to file before she could access it. Sara would not be able to add her certificate to the file because the file is encrypted. Joe would need to run the CIPHER command. This command fails to include the /CERTHASH or /CERTFILE parameter which is used to specify the certificate. You should not have Joe run CIPHER /ADDUSER /USER:Sara file.doc on WKS2. You can use CIPHER /ADDUSER to add a user's Encrypting File System (EFS) certificate to a file. The user who encrypted the file, Joe, would need to add Sara's certificate to file before she could access it. This command fails to include the /CERTHASH or /CERTFILE parameter which is used to specify the certificate. You should not run CertReq -Submit -Username:Joe -Kerberos -binary or CertReq -Submit -Username:Sara -Kerberos -binary. The CertReq utility allows you to submit certificate request to a Certificate Authority via the command line. This action will not add a user's Encrypting File System (EFS) certificate to the file. You should not use the Certutil.exe utility. This utility allows you to back up and restore CA components, configure Certificate Services, display certification authority (CA) configuration information, as well as, verify certificates, key pairs, and certificate chains. The store parameter displays the certificates that are stored in a specified certificate store. The user parameter does not specify a particular user, but uses the HKEY_CURRENT_USER keys or certificate store to display the certificates. The Certutil.exe utility will not add a user's Encrypting File System (EFS) certificate to the file. You should not use the Icacls utility. This utility modifies or lists discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. The grant parameter grants permissions to a user or group. The Icacls utility will not add a user's Encrypting File System (EFS) certificate to the file. You should not use the syskey utility. This utility is used to encrypt the accounts database on a computer. The syskey utility will not add a user's Encrypting File System (EFS) certificate to the file. Objective: Configuring Access to Resources Sub-Objective: Configure file and folder access References: Windows Help and How-to > Troubleshoot encrypted files and folders

You are the administrator of a small branch office for the Verigon Corporation. You have four computers in your office that run Windows 7 Enterprise Edition. You want users to be able to read information from USB drives and DVD drives, but you want to prevent users from copying information from the network onto USB drives. Which policy settings should you configure on the Windows 7 computers?

Navigate to Computer Configuration \ Administrative Templates \ System \ Removable Storage Access. Enable the Removable Disks: Deny write access setting.

You are the administrator of a network that contains several Windows 7 computers. A partial diagram of the network is as follows: You change the IP address of Workstation2 to a valid IP address, mask, default gateway and register the A and PTR records for Workstation2 in the DNS server. A user at Workstation4 can access a share on Workstation2 and a share on Workstation1, but a user on Workstation1 cannot access the share on Workstation2.

On Workstation1, run ipconfig /flushdns Explanation: You should run ipconfig /flushdns on Workstation1. In this scenario, a user from Workstation4, which is on another subnet, is able to access a share on Workstation2. This tells you that Workstation2 is registered with the DNS server and that Workstation4 uses the DNS server to retrieve the address of Workstation2 to access it. Since Workstation4 can access Workstation2, the IP address that was assigned to Workstation2 to replace the APIPA address is valid. Workstation4 can also access a share on Workstation1. This tells you that Workstation1 is registered with the DNS and that Workstation1 has a valid default gateway since Workstation4, which is on another subnet, can communicate with it. Workstation1, which is on the same subnet as Workstation2, cannot communicate with Workstation2. Since Workstation2 has a valid IP address and is registered in DNS, Workstation1 should be able to communicate with Workstation2 since they are on the same subnet. Workstation1 will first check its local resolver cache for the IP address of Workstation2. If Workstation1 still has the old address of Workstation2 in cache, it will not check the host file or DNS for the address. For Workstation1 to communicate with Workstation2, you should use ipconfig /flushdns on Workstation1 to flush the resolver cache of Workstation1. You do not have to run ipconfig /renew on Workstation1. Workstation4 can communicate with Workstation1. Because Workstation1 is registered in the DNS and has a valid IP address, there is no need to run ipconfig /renew. You do not have to run ipconfig /renew on Workstation2. Since Workstation4 can communicate with Workstation2, Workstation2 has a valid IP address and is registered in the DNS server. You do not have to run ipconfig /flushdns on Workstation2. The Workstation1 machine needs to communicate with Workstation2. Workstation1 needs to resolve the name of Workstation2, but Workstation2 does not have to resolve the name of Workstation1. You should not run ipconfig /allcompartments on either computer. The /allcompartments parameter shows all information of a compartment of the adapter. This switch is very similar to ipconfig /all. Objective: Configuring Network Connectivity Sub-Objective: Configure networking settings References: TechNet > TechNet Library > Windows > Windows Server > Windows 2000 Server > Resource Kits > Distributed Systems Guide > Desktop Configuration Management > Active Directory > Active Directory Diagnostics > Diagnosing and Troubleshooting Active Directory TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 and Windows Server 2008 R2 (Release Candidate) > Browse Windows Server Technologies > Networking > DNS Server > Operations > DNS Server Operations Guide > Administering DNS Server > Managing DNS Clients > Managing the DNS Client Resolver Cache > Flush and Reset the DNS Client Resolver Cache

You work for a company that owns a chain of automotive service franchises. All of the computers in each franchise are the same build with the same software. You create a reference computer that has Windows 7, Microsoft Office 2007, and all other necessary applications installed. You test the reference computer to ensure all applications and drivers work. You want to ensure the following actions are performed automatically when the franchise deploys the image onto their computers: The \sysprep folder is deleted after Windows 7 is installed. The Mini-setup wizard is automated for the franchisee. Additional applications are installed after Windows 7 is installed. A custom Windows script is run to make modifications to the computer before a user logs on. What should you do? Choose all that apply.You work for a company that owns a chain of automotive service franchises. All of the computers in each franchise are the same build with the same software. You create a reference computer that has Windows 7, Microsoft Office 2007, and all other necessary applications installed. You test the reference computer to ensure all applications and drivers work. You want to ensure the following actions are performed automatically when the franchise deploys the image onto their computers: The \sysprep folder is deleted after Windows 7 is installed. The Mini-setup wizard is automated for the franchisee. Additional applications are installed after Windows 7 is installed. A custom Windows script is run to make modifications to the computer before a user logs on. What should you do? Choose all that apply.

On the reference computer, type sysprep /generalize /oobe /shutdown /unattend:unattend.xml Create a %WINDIR%\Setup\Scripts\SetupComplete.cmd file on the reference computer

You are the administrator for the Verigon Corporation's domain. All the client computers in your domain use Windows 7. A user named Lisa has installed several programs on her computer. When she clicks on a music file with an .mp3 extension, a third-party program plays the music file instead of Windows Media player, which is not the desired behavior. How should she associate Windows Media player with any file that has a .mp3 extension?

Open Default Programs in Control Panel and choose Set your default programs (missing 2-4) Explanation: You should open Default Programs in Control Panel and choose Set your default programs. This option will make a program the default for all file types and protocols served by that program. Under Set your default programs, you should select Choose defaults for this program. You can place a check mark by the .mp3 file extension to associate the file type with Windows Media Player instead of the MP3play application, which is the currently formatted option. You can also open Default Programs in Control Panel and choose Associate a file type or protocol with a program to associate a .mp3 file with Windows Media Player. You should not open Default Programs in Control Panel and choose Set program access and computer defaults. This option allows you to set the programs to be the default Web browser, default e-mail program, default media player, default instant messaging program and default virtual machine for Java. You can use the Set program access and computer defaults. option to specify a specify application for a specific file extension. You cannot open Programs and Features and choose Set your default programs or open Programs and Features and choose Associate a file type or protocol with a program. None of these options are available under the Programs and Features applet in Control Panel. The Programs and Features applet is used to view installed updates and to turn on Windows features. Objective: Configuring Hardware and Applications Sub-Objective: Configure application restrictions References: Windows > Change which programs Windows uses by default

You are the administrator of a medium sized company. You plan to create a Windows PE media that you will use to prepare new computers for Windows 7. You run the Copype.cmd script from the command-line window to create a local Windows PE build directory. You also create a wimscript.ini configuration file and save it in the Windows PE build directory with the ImageX tool. You need to create the winpe.iso image file. Which tool should you use?

Oscdimg.exe Explanation: To create the winpe.iso image file, you should run the Oscdimg tool. When creating the image file, you must open the Deployment Tools command prompt and run the Oscdimg tool and etfsboot.com. These tools are only available in the Windows PE toolkit or the OEM Preinstallation Kit (OPK). Oscdimg.exe will create the winpe.iso file, and etfsboot.com will be used to create the CD boot sector. If you use other software to create the winpe.iso image, the CD will not boot. Once you have created the winpe.iso file, you can burn the image onto a blank CD. You will then use the Windows PE media and ImageX tools to create an image of the master installation or to deploy an image from a network share to a destination computer. You cannot use imagex.exe to create an image file. ImageX is a command-line tool that captures, modifies, and applies installation images for deployment. You cannot use sysprep.exe to create an image file. You can use Sysprep to create images of an operating system, duplicate disks, and perform many other deployment tasks. Sysprep prepares a computer's hard disk for disk duplication, auditing, and for automating MiniSetup. Sysprep prepares images for disk duplication and allows you to copy fully installed operating systems onto similar hardware. Sysprep also modifies the local computer Security ID (SID) so that it is unique to each computer. You can use Sysprep to create a shortened GUImode setup that takes only a couple of minutes to complete and prompts the end user only for user-specific information, such as accepting the EULA and providing the product key, user name, and company name. You cannot use Windows SIM to create an image file. You can use the Windows System Image Manager tool to create and modify unattend.xml files, and to inspect the Windows 7 and Windows Vista image files. You can also determine which settings are available in the Windows Vista image file. Windows System Image Manager also allows you to configure each setting via an answer file. Objective: Deploying Windows 7 Sub-Objective: Prepare a system image for deployment References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Windows PE Technical Reference > Windows PE Tools > Oscdimg Command-Line Options TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Windows PE Technical Reference > What Is Windows PE?

You work for the Verigon Corporation. All computers have Windows Vista and have a company application used by all employees. You have begun a long-term project to replace the application with a new one and you do not want to further develop the existing application. You plan to replace all client computers with new computers that have Windows 7. You have developed a shim database for application compatibility with Windows 7. How should you deploy the custom shim database to users?

Place the custom shim database in a share on a local server and use sdbinst.exe to install the custom shim on the Windows 7 computers Explanation: You should place the custom shim database in a share on a local server and use sdbinst.exe to install the custom shim on the Windows 7 computers. The sdbinst.exe utility is used to apply a custom shim database (*.sdb file) in a location. The custom shim database can be in a shared folder or stored locally on the computer. Shims, also referred to as compatibility fixes, are bits of code that try to alleviate compatibility problems by using "workarounds" instead of directly fixing the problem. For example, an application that works in Windows XP may not work in Windows Vista or Windows 7 because the application may need to run with administrator rights. In Windows Vista or Windows 7, a user in standard user mode does not have administrator rights. In Windows XP, the application may assume that the user has administrator rights. If the compatibility setting of Run this program as an administrator does not work, you can use a shim to either fool the application that the user has administrator rights or trick the application into by passing the test for administrator rights. The shim can prevent the application from being rewritten. The shim can have the application run in standard user mode so that security is not compromised. You should not place the custom shim database on an Intranet Web site and use and use msiexec.exe or winrs.exe to install the custom shim database on the Windows 7 computers. The custom shim database must be placed on the local computers or be accessed via a UNC path from a file server on the network. The msiexec.exe utility can be used to install, modify and perform operations with a *.msi file from the command line. You should not place the custom shim database in a share on a local server and use winrs.exe to install the custom shim on the Windows 7 computers. The winrs.exe utility uses Windows Remote Management (WinRM) to execute remote commands, especially for headless servers or Windows Server 2008 Server Core installations. The winrs.exe utility is the client side of WS-Management that is a firewall-friendly protocol that allows you manage hardware and operating systems from different vendors. The winrs.exe utility cannot be used to apply a shim database. Objective: Configuring Hardware and Applications Sub-Objective: Configure application restrictions References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Application Compatibility > Managing Shims in an Enterprise > Custom Shim Database Deployment TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Managing Shims in an Enterprise > Deciding When to Use Shims as a Compatibility Mitigation

You create a small home network. Each computer in your home network is running Windows 7 Ultimate edition. You want to have each user to be able to share pictures, music, videos, and documents with other computers. You create a homegroup for the network. You want to share all music under the C:\Music directory except the C:\Music\My Compositions directory which contains your unfinished songs. When a song is finished, the song is moved to another directory under C:\Music. What should you do? (Choose two. Each answer is part of the solution.)

Right-click C:\Music and choose Include in library Highlight C:\Music\My Compositions and choose Share with Nobody Explanation: You should right-click C:\Music and choose Include in library. This action will add the C:\Music directory and subdirectories to a library of your choosing. You can add C:\Music to the Documents, Music, Pictures, Videos, or a new library. You should also highlight C:\Music\My Compositions and choose Share with Nobody to ensure that the directory is not shared to the library. You have the following options to share in a homegroup: Nobody - prevents the directory from being shared Homegroup (Read) - shares the directory as read only Homegroup (Read/Write) - allows users of the homegroup to read and write to the directory Specific People - Allows you to add specific users with either Read or Read/Write permissions. You can also remove people from the permissions list. You should not right-click C:\Music and choose properties, choose the Sharing Tab and choose Share. This option will share the C:\Music folder, but will not stop users from accessing subdirectories such as C:\Music\My Compositions. You should not right-click C:\Music and choose properties, choose the Security Tab and give the Users group Allow-Full Control permissions. This action will give the Users group permissions locally to the C:\Music. This action will not allow users to access the directory remotely. You can share the folder to give access remotely or add the directory to a library in the homegroup. You should add the directory to a homegroup in order to easily control subdirectories that should not have access. Right-click C:\Music\My Compositions and choose Remove from library. There is no option to Remove from library. You should choose the option to Share with Nobody to ensure that no one can access files in the directory through the library. Right-click C:\Music\My Compositions and choose Cut. This action will actually delete the C:\Music\My Compositions directory. This action will remove the directory from the library, but will also delete files. You do not want to delete any files in the C:\Music\My Compositions directory. Objective: Configuring Access to Resources Sub-Objective: Configure shared resources References: Engineering Windows 7 > At Home with HomeGroup in Windows 7

You are the administrator for the Metroil Corporation. Your company has purchased 40 new laptops. You plan to give the 40 laptops to employees who have been promoted. You also plan on hiring 40 new employees. The old laptops from the promoted employees will be reallocated to the new employees. All new and existing laptops will have Windows 7 installed. Which of the following actions would you perform? (Choose two.)

Run LoadState on each of the new laptops Run ScanState on each of the old laptops You should do the following: Run ScanState on each of the old laptops Run LoadState on each of the new laptops In this scenario, you will run ScanState on each of the existing employees' old laptops to save the user state of each laptop to a server. On the new laptops, you will have to install Windows 7 and any other company applications. You will run LoadState on the new laptops to migrate the appropriate user state from the server to the appropriate computer. You do not have to run ScanState on each of the new laptops. ScanState should be used to save the user state of existing laptops. You should not run LoadState on each of the old laptops. These laptops will be given to new employees. There is no need to restore the user state from the laptops if they are going to be used by new users. On the old laptops, you only need to install Windows 7 and any other company applications. This scenario is known as a side-by-side migration, illustrated by the following graphic:

You are the administrator of the Nutex Corporation's Active Directory domain. Your users have Windows Vista and Windows 7 computers. You are troubleshooting a problem on your network with a Windows 7 client computer. The client computer has an IPv4 address and an IPv6 address that are both leased. You need to communicate with a file server across the IPv6 router. You need to ensure that the client computer only has an IPv6 address.

Run ipconfig /release and then ipconfig /renew6 Explanation: You should ipconfig /release and then ipconfig /renew6. You can use the ipconfig command to renew or release either IPv4 or IPv6 addresses. IPCONFIG has the following options: /RELEASE - releases an IPv4 address /RELEASE6 - releases an IPv6 address /RENEW - renews an IPv4 address /RENEW6 - renews an IPv6 address You should not run ipconfig /release and then ipconfig /renew. This action will release an IPv4 address and renew an IPv4 address, but will not attempt to renew the IPv6 address. You should not run ipconfig /release4 and then ipconfig /renew6. The release4 option is invalid. The / release option will release an IPv4 address lease. You can use the /release [Adapter] option to release the leased address for a single adapter. If your adapter is named 4, you can use the ipconfig /release 4 command to release the address from the adapter. If your adapter name begins with "4," such as 4networkAdm, you can use the ipconfig /release 4* command to release the address of any adapter with a name that starts with "4". You should not run ipconfig /releaseall and then ipconfig /renew6. The /releaseall option is invalid. You can use the /release * option to release any IPv4 or IPv6 leased address of any adapter on the computer. Objective: Configuring Network Connectivity Sub-Objective: Configure IPv6 network settings References: TechNet > TechNet Library > Windows Server > Windows Server 2008 > Windows Server Commands > Command-line Reference > A-Z list > Ipconfig

You are the administrator of the Verigon Corporation. Users are complaining that it takes a long time for them to log in to their computers in the morning. You investigate the problem and discover that an instant messaging program is causing the problem. You want to prevent the login problem from occurring, but you must allow the users to be able to use the instant messaging program. What should you do?

Run msconfig.exe and remove the program from the Startup tab Explanation: You should use msconfig.exe to remove the program from the Startup tab. The msconfig.exe executable loads the System Configuration utility. You can use this utility to perform a diagnostic startup to load basic devices and services only. You can specify different boot options for an operating system, disable services, and choose to uncheck programs that on the Startup tab to prevent the program from starting when you log in. This will not uninstall the program or prevent you from loading the program later. You should not remove the registry entry for the program in \hkey_local_machine\software\Microsoft\Windows\CurrentVersion\Setup. This registry path does not specify programs that will run when you log in. You can remove entries in the \hkey_local_machine\software\Microsoft\Windows\CurrentVersion\Run path to prevent items from starting when you log in or reboot. Although this was not given as an option, it would be another solution to the issue described in this scenario. You cannot open the Startup folder and disable the program. You can choose to add or delete a program in the Startup folder, but you do not have the option of disabling a program. You cannot open Default Programs and associate a different file type with the program to fix the problem. Associating a different file type with the program will not prevent the program from starting. You must remove the program from the Startup tab in msconfig.exe, remove the entry in the \hkey_local_machine\software\Microsoft\Windows\CurrentVersion\Run path, or remove the program from the Startup folder on the Start menu. Objective: Configuring Hardware and Applications Sub-Objective: Configure application restrictions References: Microsoft Help and Support > How to troubleshoot configuration errors by using the System Configuration utility in Windows XP

You are the administrator of a branch office of the Verigon Corporation. You have several Windows 7 computers in the branch office, but this office has no Windows Server 2008 servers. All servers in the main office run Windows Server 2008 R2 and all client computers run Windows 7. You want to improve the performance of applications that use the HTTP or HTTPs protocols. The administrator at the main office wants to reduce wide area network (WAN) utilization while simultaneously increasing the responsiveness of network applications at other branch offices. What can you configure on the Windows 7 computers in your branch office to improve application performance?

Run netsh branchcache set service mode=DISTRIBUTED on the Windows 7 computers.

You are the administrator for the Verigon Corporation. The accounting department wants to find the following on one of their Windows 7 computers: The Activation ID of the computer The Extended Product ID of the computer What should you do to find this information?

Run slmgr.vbs /dlv (missing 2nd picture) Explanation: You should run slmgr.vbs /dlv to display the Activation ID and the Extended Product ID (PID) of the computer: The slmgr.vbs is referred to as the Windows Software Licensing Management Tool. You can use the following options with slmgr.vbs: /ipk - install a product key or replace an existing product key /ato - activate Windows /dli - display license information and the current KMS activation count from the KMS host /dlv - display detailed license information such as Activation ID, the Extended Product ID and the Application ID /xpr - display the expiration date of the license You should not open the System applet in Control Panel. You can view the Product ID there, but no other license information. You should not use slui.exe to display the Activation ID and the Extended Product ID of the computer. This command can be used to Activate Windows online or buy a new product key online. You should not use lsm.exe to display the Activation ID and the Extended Product ID of the computer. This file is used to call the Local Session Manager Service of the Windows operating system. This file will not display any information regarding the computer's license. Objective: Deploying Windows 7 Sub-Objective: Deploy a system image References: TechNet > TechNet Library > Deployment > Volume Activation > Volume Activation for Windows > Pilot and Deploy > Volume Activation Deployment Guide TechNet > TechNet Library > Deployment > Volume Activation > Deploy and Manage > Technical Reference Guide > Slmgr.vbs Options

You are the administrator for a company that makes auto parts. You plan to move several engineers from Windows Vista computers to new Windows 7 computers. Several of the engineers have encrypted document folders that contain proprietary information. You want to use the User State Migration Tool (USMT) 4.0 to move all user state information, document folders, and user files based on file name extensions. All document folders should remain secure during the move. You have created a share called migration on the FS1 server to store migration content. Which of the following commands should you use to gather information?

ScanState \\FS1\migration\mystore /i:miguser.xml /i:migapp.xml /efs:copyraw Explanation: You should run the following command: scanstate \\FS1\migration\mystore /i:miguser.xml /i:migapp.xml /efs:copyraw You can run ScanState on a computer to gather user state information such as application settings and personal files. You should use the /efs:copyraw parameter with the command to copy encrypted files in their raw encrypted state. The files will remain encrypted in the migration store and on the destination computer with LoadState. The files will be inaccessible on the destination computer unless the certificates are migrated from the source computer. If the destination computer is running Windows Vista or Windows 7, the EFS certificates will migrated automatically. Because USMT 4.0 will fail if it encounters an encrypted file, you must specify the /efs parameter to migrate encrypted files. With the ScanState command, you can use the /i: parameter to specify MigApp.xml, MigSys.xml, MigUser.xml, or any custom .xml file. The MigApp.xml file is used to control which application settings are migrated. The applications specified in this file can be included or excluded from the migration. The MigUser.xml file is used to identify which user folders, files, file types, and desktop settings are migrated. The MigSys.xml file is typically only used for Windows XP targets and contains information that controls operating systems and browser settings to be migrated. In this scenario you should use MigUser.xml instead of the MigDocs.xml file. The MigUser.xml file includes instructions for USMT 4.0 to migrate user files based on file name extensions. The MigDocs.xml file includes instructions for USMT 4.0 to migrate user files based on the location of the files. In this scenario, you want to user files based on file name extensions. You should not use the following command: scanstate \\FS1\migration\mystore /i:miguser.xml /i:migapp.xml /encrypt /keyfile:c:\keyfile The /encrypt parameter is used to encrypt the migration store. In this scenario, you wanted to migrate the encrypted files from the Windows Vista computers, not encrypt the migration store. The /keyfile:parameter specifies a text file that contains the encryption key. You should exercise caution with the /encrypt parameter and the /keyfile parameter. Any user who sees the command-line script can see the encryption key. You should not use the following: scanstate \\FS1\migration\mystore /i:miguser.xml /i:migapp.xml /genconfig:config.xml /v:13 /efs:copyraw The above option uses the /genconfig parameter to create the config.xml file. You can use this option to generate a custom configuration file that meets organizational requirements or to exclude certain operating-system settings. However, you cannot use the /efsparameter and the /genconfig parameter together. You should not run ScanState with the /efs:decryptcopy parameter. This parameter causes ScanState to decrypt a file before saving the file to the migration store. This will cause the file to be decrypted in the migration store and decrypted when you use LoadState to migrate the file to the destination computer. In this scenario, you wanted to ensure that the encrypted files remain encrypted on the Windows 7 computer. You should run ScanState with the /vsc parameter. This option enables the volume shadow-copy service to migrate files that are locked or in use. You should not run ScanState with the /hardlink parameter. This option creates a hard-link migration store at a specified location. Objective: Installing, Upgrading, and Migrating to Windows 7 Sub-Objective: Migrate user profiles References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > User State Migration Tool 4.0 > Using USMT > Migrate EFS Files and Certificates TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > User State Migration Tool 4.0 > USMT Components > ScanState Syntax

You are the branch office administrator for the Verigon Corporation. You have a few Windows 7 computers in your branch office. You want to audit the following events on all Windows 7 computers in your branch office: Access to a wireless network granted to a user or computer Locking and unlocking a workstation Invoking and dismissing a screen saver What should you configure in the local security policy under Computer Configuration \ Windows Settings \ Security Settings on each Windows 7 computer?

Set the Advanced Audit Policy Configuration \ System Audit Policies \ Logon/Logoff \ Audit Other Logon/Logoff Events policy for success and failure Explanation: You should set the Audit Other Logon/Logoff Event Properties policy for success and failure under Computer Configuration \ Windows Settings \ Security Settings \ Advanced Audit Policy Configuration \ System Audit Policies \ Logon/Logoff. This policy covers the following settings: Terminal Services session disconnections Access to a wireless network granted to a user or computer Access to a wired 802.1x network granted to a user or computer New Terminal Services sessions Locking and unlocking a workstation Invoking a screen saver Dismissal of a screen saver Detection of a Kerberos replay attack These settings are part of the Advanced Audit Policy Configuration that is included in Windows 7 and Windows Server 2008 R2. These settings cover many more events than the traditional auditing settings stored in Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Audit Policy. You can also configure the above settings in a Group Policy object and link the GPO to an OU or site that contains the computers of the branch office you want to monitor. None of the other answers is correct because they do not meet the auditing requirements. You should not set the Advanced Audit Policy Configuration \ System Audit Policies \ Account Logon \ Audit Other Account Logon events policy for success and failure. This policy audits events generated by responses to credential requests submitted for a user logon that did not use credential validation or Kerberos tickets. This setting is part of the Advanced Audit Policy Configuration that is included in Windows 7 and Windows Server 2008 R2. You should not set the Local Policies \ Audit Policy \ Audit system events policy for success and failure. This is a standard security policy setting, and it audits the following events: Attempted system time change Attempted system startup or shutdown Attempted to load extensible authentication components Loss of audited events due to system failure Security log exceeding set threshold You should not set the Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Audit Policy \ Audit account logon events policy for success and failure. This is a standard security policy setting that audits the following events: When a computer validates the credentials of a local logon When a computer validates the credentials of an Active Directory domain account on a domain controller You should not set the Advanced Audit Policy Configuration \ System Audit Policies \ Logon/Logoff \ Audit Network Policy Server policy for success and failure. This policy audits events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. You should not set the Advanced Audit Policy Configuration \ System Audit Policies \ Logon/Logoff \ Audit Special Logon policy for success and failure. This policy is audits events of a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level or a logon of a Special Group. Special Groups are a new feature of Windows Server 2008 that enable you to audit events generated when a member of a certain group has logged on to your network. This policy will not allow you to audit when a user locks or unlocks a workstation or invokes or dismisses a screen saver. Objective: Configuring Mobile Computing Sub-Objective: Configure remote connections References: TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 > Browse Windows Server Technologies > Security and Protection > Security Auditing Which Versions of Windows Support Advanced Audit Policy Configuration?

You are the administrator of a network that contains several Windows 7 client computers. Two DHCP servers are used to provide TCP/IP configurations to the client computers. Automatic Private IP Addressing (APIPA) is enabled.

The IP address on Workstation 2 is incorrect.

What are three reasons why you cannot find previous versions of a file?

The file may not have changed A backup or restore point may not have been made since the file was changed System protection might not be turned on for the drive that contains the files

The network adapter in your computer has failed, so you have bought a new network adapter for your computer. The computer has Windows 7 Professional edition installed. The network adapter is the same model as the previous adapter and uses the same .sys driver file. You install the adapter and restart the operating system, but the adapter does not connect you to the network. What should you do to fix the problem?

Update the driver

You are an administrator for a startup company. Several of the company's sales people use their own laptops. A salesperson wants to be able to print sales orders to the printer in her home office or the printer in the satellite office without changing the printer in the software application. The salespersons laptop has Microsoft Office 2007, Windows 7 Home Premium edition and seven printers defined. What should you tell the salesperson to do?

Upgrade to Windows 7 Ultimate. Explanation: She should upgrade to the Windows 7 Ultimate version. The Ultimate edition and Professional edition of Windows 7 has Location-Aware printing as a feature. Location-Aware printing remembers which network and printer that you used. When you change networks, Windows 7 automatically changes the default printer to the printer that you used on that network. You must specify that the appropriate printer in each office is set as the default printer. Location-Aware printing allows you to have a different default printer for each network. Each location must have a default printer. You can manage the default printers in Devices and Printers. You should configure the Change my default printer when I change networks to ensure that each office will have the appropriate default printer. For a wireless network to appear in the Manage Default Printers dialog box, you must have previously connected to it. You do not have to have IPv6 enabled on the laptop to use Location-Aware printing. Location-Aware printing is not dependent on IPv6. You do not have to have Reliable Multicast Protocol (RMTP) enabled on the laptop. RMTP is a reliable multicast transport protocol that provides sequenced, lossless delivery of a data stream from one sender to a group of receivers. Location-Aware printing is not dependent on Reliable Multicast Protocol. Objective: Configuring Network Connectivity Sub-Objective: Configure networking settings References: Windows > Products > Windows 7 features > Location-Aware Printing The I.T Massive > Windows 7 Features: Location-Aware Printing

You recently received several computers from a branch office. You want to install Windows 7 on the computers without losing word documents or spreadsheets stored on the computer or the existing software settings. The computers have the following specification: 1 GHz processor (64-bit) 1 GB RAM for a 32-bit processor / 2 GB RAM for a 64-bit processor 30 GB of available disk space Support for DirectX 9 graphics processor with WDDM 1.0 A DVD-R/W drive Windows XP SP3 What should you do before installing Windows 7 on the computer if you want to retain all files, settings, and programs already on the computers?

Upgrade to Windows Vista SP1

You have recently stepped away from your computer. Your co-worker uses your computer to browse a partner company's Web site. Later when you connect to the partner company's Web site. You are authenticated as your co-worker instead of yourself. What should you do to ensure that you can authenticate to the Web site as yourself?

Use Credential Manager Explanation: You should use Credential Manager to remove the credentials for your co-worker on your computer. Credential Manager can manage Windows credentials, certificate-based credentials and generic credentials. In this scenario, a generic credential for an Internet address may have been used by the partner company's Web site. A certificate-based credential could have also been used by the partner company's Web site. You can use Credential Manager to store credentials you use to log on to Web sites or computers. With a stored credential, a user can automatically logon to Web sites or computers without being prompted. Typically when another user executes the RUNAS command with the /SAVECRED and the /PROFILE parameter, Windows Credentials of another user will be stored on your computer. You can use the Remove from Vault option to remove the Windows Credential. You should not clear history or clear cookies. Clearing the history in Internet Explorer will not clear any credentials associated with a Web site. This action will only remove a record of you visiting the Web site. Clearing cookies in Internet Explorer may not solve the problem. A cookie is a text-only string that your browser uses to reconnect to a Web site. A cookie may provide a Web site a way to collect demographic information. The cookie may not contain the username and password for the Web site. If the Web site used certificate-based authentication, you would have to remove the credential in Credential Manager. Also the Web site may not use cookies. You should not use a SmartScreen Filter. The SmartScreen Filter in Internet Explorer 8 replaces the Phishing Filter in Internet Explorer 7. This filter is used to determine if a Web site is spoofed and may be used in a phishing scam or may contain threats to your computer. Although it may be a good idea to turn on SmartScreen Filter, it will not stop cookies, temporary internet files or history from being stored on the workstation. Objective: Configuring Access to Resources Sub-Objective: Configure authentication and authorization References: Credential Manager in Windows 7

You must install Windows 7 on several new computers for a branch office. The computers must have the TFTP client and Telnet client installed on the Windows 7 operating system. You have an existing Windows 7 image. You must ensure that the Telnet client and TFTP client are enabled on the Windows 7 image.

Use DISM with the /enable-feature switch Explanation: You should use the Deployment Image Servicing and Management Tool (DISM) with the /enable-feature switch. This switch allows you to enable features in an offline image of Windows Vista SP1, Windows Server 2008, or Windows 7 image. DISM.exe, is the command line tool that replaces the Pkgmgr.exe, Intlcfg.exe, and PEimg.exe tools from previous versions of the Windows Automatic Installation Kit (AIK) that were used with Windows Vista. You can use the /get-wiminfo switch to display all of the Windows images contained in an install.wim file. The following command displays all Windows images in the install.wim file stored in C:\MyImages: dism /get-wiminfo /wimfile:C:\MyImages\install.wim Once you have found the index number of the appropriate image, you can use the /mount-wim switch to mount the Windows image to an empty folder. The following command mounts the image with index number 2 to the empty folder C:\WinFolder: dism /mount-wim /wimfile:C:\Images\install.wim /index:2 /mountdir:C:\WinFolder From this point, you can retrieve or modify information on the image. The following command is an example of the /enable-feature switch. This command enables the failover clustering to a running edition of Windows Server 2008 Server Core stored in the install.wim file: DISM.exe /image:C:\Images\install.wim /enable-feature /featurename=FailoverCluster-Core You can retrieve or modify information on an image with DISM by using the following commands: /Set-Edition - Change the Windows Edition of a Windows Vista SP1, Windows Server 2008, or Windows 7 image. Use this switch to upgrade from Professional edition to Ultimate edition. /Set-ProductKey - Adds a product key to a Windows Vista SP1, Windows Server 2008, or Windows 7 image that is offline. /Apply-Unattend - Add an unattended file to a Windows Vista SP1, Windows Server 2008, or Windows 7 image. /Cleanup-Wim - Cleans up any abandoned resources associated with a mounted image. /Add-Driver - Adds out of the box driver packages to a Windows Vista SP1, Windows Server 2008, or Windows 7 image that is offline. /Remove-Driver - Removes existing driver packages from a Windows Vista SP1, Windows Server 2008, or Windows 7 image that is offline. /Set-UILang - Sets the default UI language for an image that is offline. /Set-SetupUILang - Specifies what language will be used in setup. /Add-Package - Adds packages to a Windows Vista SP1, Windows Server 2008, or Windows 7 image. /Remove-Package - Removes packages from a Windows Vista SP1, Windows Server 2008, or Windows 7 image. /Enable-Feature - Enables a specific feature in a Windows Vista SP1, Windows Server 2008, or Windows 7 image. /Disable-Feature - Disables a specific feature in a Windows Vista SP1, Windows Server 2008, or Windows 7 image. You should not use either the /L switch or the /P switch with PkgMgr. Package Manager has been replaced by DISM. Package Manager was used to install or configure features and packages for Windows Vista. The /L switch specifies the name of the log file that contains diagnostic output. The /P switch specifies the package to be installed. Objective: Deploying Windows 7 Sub-Objective: Capture a system image References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Windows Preinstallation Phases > Phase 5: Managing and Servicing Your Windows Image > Service an Offline Image TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Deployment Image Servicing and Management > Deployment Image Servicing and Management Command-Line Options TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > Deployment Image Servicing and Management > OCSetup Command-Line Options

What are two ways to add support for additional language packs to a Windows 7 image without modifying the image?

Use Microsoft Update to add the language pack, or add the language pack to the Windows distribution folder.

You are the administrator for the Metroil Corporation. You have a Windows 7 computer in the lobby of your office. The computer will be used by guests to check e-mail or check news updates via Internet Explorer. You want to prevent visitors from using this workstation to Telnet to any device in the same subnet as the Windows 7 computer which is the 192.168.100.0/24 subnet , but you would like to allow users to Telnet from the Windows 7 computer to devices in other subnets. What should you configure on the Windows 7 computer? (Choose two. Each answer is part of the solution.)

Use Windows Firewall with Advanced Security to create a rule to allow HTTP and HTTPS. Use Windows Firewall with Advanced Security to create a rule to block Telnet on the 192.168.100.0/24 subnet. Explanation: You should use Windows Firewall with Advanced Security to create a rule to allow HTTP and HTTPS, and to block Telnet on the 192.168.100.0/24 subnet. You can use Windows Firewall with Advanced Security to create Inbound rules and Outbound rules to allow or block connections based on a protocol or ports. You can limit the scope to a specific address or specific subnets. You can specify the rule to apply the Domain, Private or Public profile and to a specific interface such as Local Area Network adapter or a wireless adapter. You should allow HTTP and HTTPS since this will be used by visitors. You can create an outbound rule to block TCP port 23 which is used by Telnet. You can specify the rule to block connections made to the 192.168.100.0/24 subnet. You can specify the subnets on the Scope tab of the rule properties. You should not allow the Windows Firewall to allow Internet Explorer or other browser. This will allow Windows Firewall to allow Internet Explorer to pass packets via the network interface. This action does not limit Internet Explorer from using another protocol such as FTP. In older versions of Internet Explorer and third party browsers, you could also connect via Telnet. You should not use Windows Firewall to block the Telnet application. This action will block the Telnet application from being used on the local subnet and any other subnet. To distinguish where Telnet can be used, you will need to use the Windows Firewall with Advanced Security to specify the subnets. You should not use Windows Firewall with Advanced Security to create a Connection Security Rule to allow port 23 with Kerberos V5 authentication for Private and Public profiles. This option will not distinguish between different subnets. Objective: Configuring Network Connectivity Sub-Objective: Configure Windows Firewall References: TechNet > TechCenters > Networking and Access Technologies > Home > Technologies and Solutions > Windows Firewall TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 > Browse Windows Server Technologies > Networking > Windows Firewall with Advanced Security > Product Evaluation > Introduction to Windows Firewall with Advanced Security TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 and Windows Server > Browse Windows Server Technologies > Networking > Windows Firewall with Advance Security > Planning and Architecture > Windows Firewall with Advanced Security > Designing a Windows Firewall with Advanced Security Strategy

You are the administrator for the Metroil Corporation. You have a Windows 7 computer in the lobby of your office. The computer will be used by guests to check e-mail or check news updates via Internet Explorer. You want to prevent visitors from using this workstation to Telnet to any device in the same subnet as the Windows 7 computer which is the 192.168.100.0/24 subnet , but you would like to allow users to Telnet from the Windows 7 computer to devices in other subnets. What should you configure on the Windows 7 computer? (Choose two. Each answer is part of the solution.)

Use Windows Firewall with Advanced Security to create a rule to allow HTTP and HTTPS. Use Windows Firewall with Advanced Security to create a rule to block Telnet on the 192.168.100.0/24 subnet. Explanation: You should use Windows Firewall with Advanced Security to create a rule to allow HTTP and HTTPS, and to block Telnet on the 192.168.100.0/24 subnet. You can use Windows Firewall with Advanced Security to create Inbound rules and Outbound rules to allow or block connections based on a protocol or ports. You can limit the scope to a specific address or specific subnets. You can specify the rule to apply the Domain, Private or Public profile and to a specific interface such as Local Area Network adapter or a wireless adapter. You should allow HTTP and HTTPS since this will be used by visitors. You can create an outbound rule to block TCP port 23 which is used by Telnet. You can specify the rule to block connections made to the 192.168.100.0/24 subnet. You can specify the subnets on the Scope tab of the rule properties. You should not allow the Windows Firewall to allow Internet Explorer or other browser. This will allow Windows Firewall to allow Internet Explorer to pass packets via the network interface. This action does not limit Internet Explorer from using another protocol such as FTP. In older versions of Internet Explorer and third party browsers, you could also connect via Telnet. You should not use Windows Firewall to block the Telnet application. This action will block the Telnet application from being used on the local subnet and any other subnet. To distinguish where Telnet can be used, you will need to use the Windows Firewall with Advanced Security to specify the subnets. You should not use Windows Firewall with Advanced Security to create a Connection Security Rule to allow port 23 with Kerberos V5 authentication for Private and Public profiles. This option will not distinguish between different subnets. Objective: Configuring Network Connectivity Sub-Objective: Configure Windows Firewall References: TechNet > TechCenters > Networking and Access Technologies > Home > Technologies and Solutions > Windows Firewall TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 > Browse Windows Server Technologies > Networking > Windows Firewall with Advanced Security > Product Evaluation > Introduction to Windows Firewall with Advanced Security TechNet > TechNet Library > Windows > Windows Server > Windows Server 2008 and Windows Server > Browse Windows Server Technologies > Networking > Windows Firewall with Advance Security > Planning and Architecture > Windows Firewall with Advanced Security > Designing a Windows Firewall with Advanced Security Strategy

You have modified several legacy answer files from a previous Windows Vista deployment in your organization. You want to use the modified answer files to perform an unattended setup of the Windows 7 operating system on several computers.

Use Windows SIM to validate the answer files Explanation: You should use Windows SIM to validate the answer files. Microsoft recommends that if you manually author or modify legacy answer files for Windows 7 that you use Windows System Image Manager (SIM) to verify that the answer file will work. When you modify a legacy answer file, you may forget a setting or fail to specify the correct setting for each configuration phase of a Windows installation, which are referred to as configuration passes. Window SIM validates the settings in the following configuration passes: windowsPE - The Windows image is copied to the destination computer during this configuration pass after the settings in this configuration pass are processed. offlineServicing - Updates, drivers, and language packs are applied to the Windows image during this configuration pass. specialize - Unique security IDs (SIDs) are created during this configuration pass. generalize - During this configuration pass, computer-specific information is removed from the Windows installation so you can use sysprep to capture and reapply the Windows image to different computers. auditSystem - This configuration pass runs only when the computer is configured to boot to audit mode with sysprep /audit. auditUser - This configuration pass processes unattended settings after sysprep /audit is run. oobeSystem - Settings are applied to the Windows operating system before the Windows Welcome starts during this configuration pass. You should not use DISM to validate the answer files. You can use the Deployment Image Servicing and Management tool (DISM) to modify offline Windows images and offline Windows Preinstallation Environment (Windows PE) images for Windows Vista SP1, Windows Server 2008, and Windows 7. DISM is not used to validate answer files for an unattended installation. You should not use slmgr.vbs script to validate the answer files. The slmgr.vbs script is referred to as the Windows Software Licensing Management Tool. You can use the script to display, activate, or install a license key on a Windows operating system. The slmgr.vbs script is not used to validate answer files for an unattended installation. You should not use ImageX to validate the answer files. The ImageX utility can be used to capture, apply, and append Windows images. ImageX is not used to validate answer files for an unattended installation. Objective: Deploying Windows 7 Sub-Objective: Deploy a system image References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit > Preinstallation Phases > Phase 3: Preparing and Customizing > Work with Answer Files > Best Practices for Authoring Answer Files

How do you apply an application control policy to multiple computers in a domain?

Use a GPO

You work for the Verigon Corporation. All computers have Windows Vista and have a company application used by all employees. You have begun a long-term project to replace the application with a new one and you do not want to further develop the existing application. You plan to replace all client computers with new computers that have Windows 7. What should you do to resolve compatibility issues with Windows 7?

Use a shim Explanation: You should use shims for compatibility mitigation. Shims, also referred to as compatibility fixes, are bits of code that try to alleviate compatibility problems by using "workarounds" instead of directly fixing the problem. For example, an application that works in Windows XP may not work in Windows Vista or Windows 7 because the application may need to run with administrator rights. In Windows Vista or Windows 7, a user in standard user mode does not have administrator rights. In Windows XP, the application may assume that the user has administrator rights. If the compatibility setting of Run this program as an administrator does not work, you can use a shim to either fool the application that the user has administrator rights or trick the application into by passing the test for administrator rights. The shim can prevent the application from being rewritten. The shim can have the application run in standard user mode so that security is not compromised. In this scenario, the application can be rewritten, but the company's policy is to replace the application with a new application. The shim can allow a temporary fix until the new application is available. You should not add the application in Default Programs and associate it with a file type. Making a program a default for a file type allows you to ensure that the program will be called when you click on the appropriate file type. This action will not alleviate any compatibility issues between the application and the operating system version. You should not have to add the program into the Allowed Items list in Windows Defender. Windows Defender is used to protect against spyware and other unwanted software. Adding a file or program into the Allowed Items list in Windows Defender will bypass monitoring on the file. This action will not alleviate any compatibility issues between the application and the operating system version. You should not add a Data Execution Prevention (DEP) for the program. A DEP is used to determine if software is running malicious code. A DEP protects against damage from malware or viruses. If this is the case, the DEP will close the program and send a warning message. In this scenario, the program is not compatible with the new operating system. A DEP will not fix application compatibility problems. Objective: Configuring Hardware and Applications Sub-Objective: Configure application compatibility References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Managing Shims in an Enterprise > Deciding When to Use Shims as a Compatibility Mitigation TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Microsoft Application Compatibility Toolkit (ACT) Version 5.5 > Using the Application Compatibility Toolkit (ACT) > Phase 3: Testing and Mitigating Your Compatibility Issues > Development Tools > Compatibility Administrator Tool > Managing Application-Compatibility Fixes and Custom Fix Databases

You are the administrator for the Verigon Corporation. Your company uses a proprietary audio recording application called HitMaker. The application was installed on several computers that run Windows 2000 Professional, but your company has replaced the Windows 2000 Professional computers with new computers that have Windows 7 installed. You install the HitMaker application on the Windows 7 computers and set the application to run in Compatibility mode. Click the Exhibit(s) button to see the Compatibility settings. The proprietary application does not work properly. When you contact the vendor for support, you discover that the company is no longer in business. What should you do?

Use a shim to mitigate compatibility issues Explanation: You should use a shim as a compatibility mitigation. Shims, also referred to as compatibility fixes, are bits of code that try to alleviate compatibility problems by using "workarounds" instead of directly fixing the problem. For example, an application that works in Windows XP may not work in Windows Vista or Windows 7 because the application may need to run with administrator rights. In Windows XP, the application may assume that the user has administrator rights. In Windows Vista or Windows 7, a user logged in as a standard user does not have administrator rights. If the compatibility setting of Run this program as an administrator does not work, you can use a shim to either fool the application that the user has administrator rights or trick the application into bypassing the test for administrator rights. In this scenario, the application cannot be re-written or upgraded because the manufacturer no longer exists. The shim can prevent the need to rewrite the application. The shim can have the application run in standard user mode, so that security is not compromised. You should not add a Data Execution Prevention (DEP) for the program. A DEP is used to determine if software is running malicious code. A DEP protects against damage from malware or viruses. If this is the case, the DEP will close the program and send a warning message. In this scenario, the program is not compatible with the new operating system. A DEP will not fix application compatibility problems. You should not set the Performance Options for Background Services. In the Performance Options tab under the System Properties window, you can choose Background Services or Programs. The Background Services option assigns equal amounts of processor resources to all applications and services. The Programs option assigns more processor resources to the foreground programs than background programs. Neither of the Performance Options will resolve the compatibility issue of the application with Windows 7. Objective: Configuring Hardware and Applications Sub-Objective: Configure application compatibility References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Managing Shims in an Enterprise > Deciding When to Use Shims as a Compatibility Mitigation TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Microsoft Application Compatibility Toolkit (ACT) Version 5.5 > Using the Application Compatibility Toolkit (ACT) > Phase 3: Testing and Mitigating Your Compatibility Issues > Development Tools > Compatibility Administrator Tool > Managing Application-Compatibility Fixes and Custom Fix Databases

Your organization is housed on a large campus with departments on several floors of multiple buildings. You have a Windows 7 laptop and a WiFi network in your office. You use Office Communicator to make long distance calls to save money. Unfortunately, your calls frequently get disconnected as you move between meetings in different floors in your building and the WiFi access points change. You would want to continue to make calls with Office Communicator, but minimize the number of disconnects you experience due to roaming. What should you do?

Use an IKEv2 tunnel Explanation: You should use an IKEv2 tunnel. In this scenario, your calls are getting disconnected because the IP address of the network adapter is changed when you move to different floors of the building. In Windows 7, the networking feature VPN Reconnect uses IKEv2 for key negotiation and transmits ESP packets via an IPSec tunnel. As a user uses a client application that communicates with an application server, the client application may fail if the wired LAN connection changes to a WiFi connection because the source IP address will change. With an IKEv2 tunnel configured, if the IP address of the LAN adapter or wireless adapter changes, the client's internal IP address is maintained. The application sockets bind to the origin address. If the origin address changes when you move to different floors in the building, VPN Reconnect ensures that the connection remains uninterrupted from the user's standpoint because the client automatically re-establishes the VPN connection after a new origin address comes into range. You should not use an SSTP tunnel. An SSTP tunnel cannot make sure that the internal client IP address is the same if the origin address changes. You cannot specify all the SSIDs for the all networks in your building in a single wireless profile. You can only specify a single SSID in a single wireless profile. You should not specify the order of the SSIDs that you normally connect to in Control Panel. You can specify the order in which your computer will attempt to connect to a SSID. The problem in this scenario is not connecting to a particular SSID, but getting a different IP address when you connect to a different access point. Objective: Configuring Mobile Computing Sub-Objective: Configure remote connections References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Product Evaluation Windows 7 and Windows Server 2008 R2 Networking Enhancements for Enterprises > VPN Reconnect TechNet > Routing and Remote Access Blog >VPN Reconnect: A New Tunnel for Mobility TechNet > Routing and Remote Access Blog > Different VPN tunnel types in Windows - which one to use? TechNet > Routing and Remote Access Blog > Enhancements to VPN Reconnect in W7 RC

You are the administrator for the Verigon Corporation's domain. You have deployed Windows 7 to new computers in a branch office in the same domain. All computers in the branch office must run a proprietary company application that is distributed via the CompanyApp.msi file. You must apply an update to the CompanyApp.msi file before having the users install the application via Group Policy. What should you do?

Use msiexec.exe /p to apply the update package to the *.msi file and assign the software to Windows 7 computers via Group Policy Explanation: You should use msiexec.exe /p to apply the update package to the *.msi file and assign the software to Windows 7 computers via Group Policy. The msiexec.exe utility can be used to install, modify and perform operations with a *.msi file from the command line. The /p switch is used to apply an update. You would execute the following command to apply an update to the CompanyApp.msi file: Msiexec /pUpdatePackage /aCompanyApp.msi Once the package has been updated, you can distribute the application to client computers by assigning the package via a GPO. When a package is assigned to a computer, the GPO is applied to the computer when the computer boots up. You should not use the sdbinst.exe utility to apply the updated package to the *.msi file. The sdbinst.exe utility is used to apply a custom shim database ( *.sdb file) in a location. The custom shim can be on a shared folder or locally on the computer. Shims, also referred to as compatibility fixes, are bits of code that try to alleviate OS compatibility problems by using "workarounds" instead of directly fixing the problem. You should not use cipher.exe /n to apply the update package to the *.msi file and assign the software to Windows 7 computers via Group Policy. The cipher.exe utility is used to encrypt or alter the encryption of files stored on an NTFS partition. The /n switch prevents encryption keys from being updated. You should not use openfiles.exe /l to apply the update package to the *.msi file and assign the software to Windows 7 computers via Group Policy. The openfiles.exe utility enables an administrator to list or disconnect files and folders that have been open on a computer. The openfiles.exe utility has a Local switch that displays the files that are opened locally. You cannot abbreviate the Local switch with the /l switch with this command. Objective: Configuring Hardware and Applications Sub-Objective: Configure application compatibility References: TechNet > TechNet Library > Windows Server > Windows Server 2003 > Product Help > Windows Server 2003 Product Help > Software Deployment > Windows Installer > Windows Installer Concepts > Using Windows Installer MSDN > Library > msiexec.exe Command Line Options

You are the administrator of a small domain for the Verigon Corporation. A user named Josh wants to be able to restore a system image to his laptop if the drive fails in the laptop. A new system image is created every Friday at 4:30 P.M. What must Josh do BEFORE a drive failure occurs in order to restore a system image?

Use the runas command to run recdisc.exe. Specify an administrator account Explanation: Josh should use the runas command to run recdisc.exe. This executable allows an administrator to create a system repair disc. Josh should specify an administrator account to run recdisk.exe. Once the system recovery disc has been created, the disc can be used to restore a system image. You should do the following to restore a system image: Ensure your computer's BIOS settings are configured to have the computer to boot from CD/DVD drive. Insert either a system repair disc or the Windows 7 installation disc. Restart the computer. If prompted, press any key to start Windows from the installation disc. Choose your language settings. Choose Repair your computer. Select the Windows installation to repair. On the System Recovery Options menu, choose System Image Recovery. Specify the path to the system image. If the system image is stored on DVDs, add the first DVD in the drive. If the system image is stored on an attachable hard drive, the hard drive should be attached before booting with system repair disc. You cannot create a system repair disc when you choose Create a system image in the Backup and Restore applet in Control Panel. This option allows an administrator to create a system image of the computer. You must choose Create a system repair disc in the Backup and Restore applet in Control Panel to create a system repair disc. You cannot use bcdboot.exe to create a system repair disc. The bcdboot.exe tool is used to copy critical boot files to the system and boot partition. It can also be used to create a new BCD store. You cannot use repair-bde.exe to create a system repair disc. The repair-bde.exe utility is a repair tool for BitLocker drive encryption. This tool is used to repair or decrypt a volume that was encrypted with BitLocker. Objective: Configuring Backup and Recovery Options Sub-Objective: Configure backup References: Windows > Help and How-to > What are the system recovery options in Windows 7 Microsoft.com > Windows 7 > Help & How-to home > Getting Started > Using Windows 7 > Create a system repair disc Microsoft TechNet > RECDISC.EXE tool (how to make it work and create a repair/recovery cd)

Why does voice application stay connected when you change access points using an IKEv2 tunnel with VPN Reconnect?

VPN Reconnect maintains the client internal IP address so that it stays the same even if the Origin address changes

You have a computer in your office with a failed hard disk. After replacing the physical hard disk, you decide to install Windows 7 on a virtual hard disk (VHD) on the computer. You want to ensure the following: The computer can boot from the VHD You can back up the VHD file so you can move the VHD to another computer if the hardware in the computer fails again You boot the computer with the Windows 7 DVD, and the following screen is displayed You click [SHIFT] [F10] to go to the command prompt. At the command prompt, you type DiskPart and enter the following commands: SELECT DISK 0 CREATE PARTITION PRIMARY SELECT PARTITION 1 FORMAT FS=NTFS QUICK SELECT VOLUME 1 ASSIGN LETTER=C You create a VHD on your computer by using the following script. CREATE VDISK FILE="c:\Windows7.vhd" MAXIMUM=23437 TYPE=EXPANDABLE SELECT VDISK FILE="c:\Windows7.vhd" ATTACH VDISK EXIT The VHD is created successfully. You proceed with the installation of Windows 7. After the installation, you move the computer from the testing lab to a different room. The computer does not boot. What is the reason the computer did not boot?

You did not set the partition as Active

You are the administrator for the Verigon Corporation's Active Directory domain. All client computers run Windows 7 and all server computers run Windows Server 2008. You want to create a PowerShell script that copies the log file from an application server locally to the hard drive of a Windows 7 computer. Click the Exhibit(s) button to view the directory structure of the Windows 7 computer. You create the following script: 1: 2: # defining log destination 3: $dest ="C:\somedirectory" 4: 5: #File to copy 6: $iis ="\\10.88.16.96\temp\logs\iislog.log" 7: 8: #Performing copy operation 9: Copy-Item $iis $dest When a user on the computer executes the script, she gets the following error: Copy-Item : Access to the path 'C:\somedirectory' is denied. At line:4 char:10 + Copy-item <<<< $iis $dest + CategoryInfo : PermissionDenied: (\\10.88.16.94\temp\logs\iislog.log:FileInfo) [Copy-Item], UnauthorizedAccessException + FullyQualifiedErrorId : CopyFileInfoItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.CopyItemCommand What could be the problem?

You must include New-Item $dest -type directory -force at line 7 of the of the script Explanation: You should include New-Item $dest -type directory -force after line 3 but before line 9. The PowerShell command of New-Item can be used to create a directory, file, or a PowerShell profile. The -type parameter can be a file or directory. The -force parameter is used to override the default behavior. This parameter will ensure that if you receive a message that the file already exists, the command will replace the file with the new file. The command must be run after line 3, because the command contains the variable of $dest. This variable is defined in line 3. If you run the command before line 3, the $dest variable is not defined. The option that states the user does not have permissions to the C:\somedirectory directory is incorrect. As the exhibit shows, the C:\somedirectory directory has not been created yet. You should not include new-object -comobject somedirectory -property @{navigate2="10.88.16.94"; visible = $true} at line 7 of the of the script. The new-object creates an instance of a Microsoft .NET Framework or COM object. You do not need to create a COM object, but a directory called somedirectory. Objective: Configuring Network Connectivity Sub-Objective: Configure remote management References: TechNet Home > Script Center > What Can I Do With Windows PowerShell? George Trifonov > Powershell file copy example. Copy-Item code snippet

You are a desktop support technician for a branch office of your company. All client computers run Windows 7. A printing device named LaserJet1 is connected to one of the Windows 7 computers. The printer is shared with users on the network. A user that sends a document to the printer uses the security identifier, Creator Owner, as the owner of the document on the printer. A user should be able to restart the printing of documents that the user has sent to the printer. Which of the following permissions should you grant to the Creator Owner on LaserJet1?

You should not grant any additional permission to Creator Owner. Explanation: In this scenario, you should not grant any additional permission to Creator Owner. By default, Creator Owner is granted the Manage Documents permission, which enables a user to do the following: cancel, resume, pause, restart, and reorder the documents that are sent to the printer. You can set the following printer permissions in Windows 7: Print - Each user can manage his/her own print job. A user can print, restart, cancel or pause their own print job. Manage Documents - Allows a user to manage all users' print jobs that are waiting in a print queue. Manage Printers - Allows you to share, rename, delete and change preferences for a printer. This permission allows you to change the printer permissions for all users and manage the print jobs for all users. All other options are incorrect because Create Owner already has been granted the Manage Documents permission. Objective: Configuring Access to Resources Sub-Objective: Configure shared resources References: Windows Help and How-to > What are printer permissions?

ou are the branch office administrator for the Verigon Corporation. You have a few Windows 7 computers in your branch office. You want to ensure that all Windows updates are downloaded from the server srv55.verigon.com. This server downloads approved updates from Microsoft Update. You want any updates to be automatically downloaded every day and installed at 02:00 AM. You plan to test this configuration in a local security policy. If the updates are downloaded successfully on the proper schedule, you will configure the settings in a Group Policy object that will be applied to this branch office and other branch offices. What must you configure? (Choose two.)

\ Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update \ Specify intranet Microsoft Update service location \ Computer Configuration \ Administrative Templates \ Windows Components \ Windows Update \ Configure Automatic Updates

What is the filename of the report created by the PowerCfg -energy command?

energy-report.html

You purchase a laptop from a major computer vendor that has the Windows 7 operating system installed. You are suspicious of the vendor's claim about the battery life of the laptop. You open an administrator's command prompt and type the following command: Powercfg -Energy This command performs a 60-second trace of your computer and creates a diagnostic report of power efficiency. What is the filename that of the report?

energy-report.html

You work for a software company that writes commercial software for the Windows 7 operating system. You want to create a PowerShell script that will list the files that are installed in the C:\Program Files\KaplanIT Learning directory. Which cmdlet should you use?

get-childitem Explanation: You should use the Get-ChildItem cmdlet. This cmdlet can retrieve items in one or more specified locations, including files in a directory. You would use the following entry to retrieve the files in the C:\Program Files\KaplanIT Learning directory: Get-ChildItem 'C:\Program Files\KaplanIT Learning' You should not use Get-ItemProperty. This cmdlet will retrieve the properties of a specified item. The properties of a directory will include the LastWriteTime, but not the files within a directory. You should not use the Get-Member cmdlet. This cmdlet will retrieve the properties and methods of an object. You should not use Set-ItemProperty. This cmdlet changes the properties of an item or sets net values for an item. Objective: Configuring Network Connectivity Sub-Objective: Configure remote management References: TechNet > TechNet Library > Scripting > Windows Powershell > Windows PowerShell Core > Windows PowerShell CmdLet > Get-ChildItem TechNet > TechNet Library > Scripting > Windows Powershell > Windows PowerShell Core > Windows PowerShell CmdLet > Set-ItemProperty (missing picture # 2)

You work for a company that operates training facilities across the Southwest. All the computers in the training room are the same. You create a reference computer that has Windows 7, Microsoft Office 2007, and all necessary applications installed. You test the reference computer to ensure all applications and drivers work. You run the following command on the reference computer: sysprep /oobe /generalize What should you do next to create an image to distribute to the training facilities?

imagex /capture

You are the administrator for the Metroil Corporation. You want to have all new computers to contain a customized Windows 7 Login background of the company's logo. You have a source computer that runs Windows 7 Professional. You perform the following actions: Upgrade the source computer from Windows 7 Professional to Windows 7 Enterprise. Edit the HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background registry key. Change the value of OEMBackground to 1. Copy the customized logo image into the %windir%\system32\oobe directory. Create the following path: %windir%\System32\oobe\info\backgrounds. Copy the customized logon wallpaper into the %windir%\System32\oobe\info\backgrounds directory as backgroundDefault.jpg. You run Sysprep on the machine and boot to WinPE. You map drive Z: to a shared folder on a server that will store the images. What command should you run next?

imagex /compress fast /flags "Enterprise" /verify /capture c: z:\Install.wim "New Image"

You are the administrator for the Metroil Corporation. You want to have all new computers to contain a customized Windows 7 Login background of the company's logo. You have a source computer that runs Windows 7 Professional. You perform the following actions: Upgrade the source computer from Windows 7 Professional to Windows 7 Enterprise. Edit the HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background registry key. Change the value of OEMBackground to 1. Copy the customized logo image into the %windir%\system32\oobe directory. Create the following path: %windir%\System32\oobe\info\backgrounds. Copy the customized logon wallpaper into the %windir%\System32\oobe\info\backgrounds directory as backgroundDefault.jpg. You run Sysprep on the machine and boot to WinPE. You map drive Z: to a shared folder on a server that will store the images. What command should you run next?

imagex /compress fast /flags "Enterprise" /verify /capture c: z:\Install.wim "New Image" Explanation: You should capture the volume image to a new .wim image file. You can do this by typing the following command: imagex /compress fast /flags "Enterprise" /verify /capture c: z:\Install.wim "New Image" The ImageX utility can be used to capture, apply, and append Windows images. You must specify the /capture switch to capture a volume image from a drive to a new .wim file. You should first specify the volume that you will capture and the destination where the image will be stored. In this scenario, the volume C: is what you will capture and z:\Install.wim is the destination file. You can place a description after the destination, such as "New Image". The /compress fast switch compresses the image. The /verify switch performs cache writes and checks for errors. The /flags switch specifies the version of Windows that you are capturing. The /flags switch is only necessary if you are going to re-deploy a custom Install.wim with Windows Setup. In this scenario, we needed to upgrade the source computer to Windows 7 Enterprise. To upgrade an image from Windows 7 Professional to Windows 7 Enterprise, you can boot the Windows DVD and choose Upgrade. After upgrading the image, you made the proper changes in the registry to have a customized Windows 7 Logon Background, performed a sysprep on the computer, and then booted with WinPE to use imageX to capture the image. You should not run imagex /apply z:\Install.wim 1 c:\ /verify. The /apply switch applies a volume image to a drive. In this scenario, you want to capture the image before applying the image to another computer. You should not run imagex /append z:\Install.wim 1 c:\ /verify. The /append switch adds a volume image to an existing image file. In this scenario, you want to capture the image of the source computer. You do not have to add another volume to an existing image. You should not run imagex /compress fast /verify z:\Install.wim "Enterprise". This option will not work because there is no /capture switch included with the command. You must have the /capture switch to capture a volume image from a drive to new image file. Objective: Deploying Windows 7 Sub-Objective: Capture a system image References: TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Step-by-Step: Basic Windows Deployment for IT Professionals TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Windows Preinstallation Phases > Phase 4: Deploying Your Windows Image > Capture and Apply Windows Images TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Deployment > Windows Automated Installation Kit for Windows 7 RC > Deployment Tools Technical Reference > ImageX Technical Reference > ImageX Command-Line Options http://www.blogsdna.com/2698/you-can-customize-windows-7-logon-background-officially.htm

You are an administrator for the VirtuArt Corporation. All servers have Windows 2008 Server R2 running and all client computers run Windows 7. Each department in the VirtuArt Corporation has all its users and computers in its own Organizational Unit (OU). Click the Exhibit(s) button to view the Active Directory structure. You have a single Windows 7 image that needs to be deployed to all departments. You also plan to install software that is department-specific on each department's set of Windows 7 computers. What should you use?

missed picture # 1) Explanation: You should use separate GPOs to assign the software to each computer. When you link a GPO to an OU, that policy will apply to the objects in that OU, such as users and computers. In this scenario, linking the GPO that applies a software package that is specific to the computers in the Sales OU would apply the settings in the GPO to the computers in the Sales OU and not to computers in the other OUs. You should not use the Deployment Image Servicing and Management (DISM) tool to add the each software package to the image. DISM will allow you to install, configure, update Windows features, drivers, and packages including software packages. If you add all the packages to the image and deploy the image to all department computers, then each department's software will be available to the other department's computers. You cannot use PkgMgr or ImageX to apply an application to a Windows 7 computer after the image has been deployed. Package Manager has been replaced by DISM. Package Manager was used to install or configure features and packages for Windows Vista. The ImageX utility can be used to capture, apply, and append Windows images. Objective: Configuring Hardware and Applications Sub-Objective: Configure application restrictions References: Microsoft Support > Article ID: 302430 > How to assign software to a specific group by using Group Policy TechNet > TechNet Library > Windows > Windows 7 > Windows 7 Technical Library Roadmap > Product Evaluation > What's New For IT Pros in Windows 7 > What's New in Group Policy

What command would you run to view the status of TCP/UDP ports on a Windows 7 computer?

netstat

What are two ways to apply a .wim image to a VHD?

use the Install-WindowsImage.ps1 Windows PowerShell script or the ImageX.exe utility

You work for a company that makes hardware devices that interface between an automobile engine and the Windows operating system. When you plug the device into a Windows 7 computer, a Blue Screen of Death error occurs when you reboot the computer. You need to troubleshoot the device driver for system violations. What utility should you use?

verifier.exe Explanation: You can use the Driver Verifier Manager, verifier.exe, to troubleshoot device drivers. You can use this utility to test how a driver works and see if the driver might create a system violation. You can use the Create custom settings (for code developers) to troubleshoot the driver. You can use this utility to check for violations that may cause a Blue Screen of Death, such as: IRQL_NOT_LESS_OR_EQUAL 0xA PAGE_FAULT_IN_NONPAGED_AREA 0x50 PAGE_FAULT_IN_NONPAGED_AREA 0x50 ATTEMPTED_WRITE_TO_READONLY_MEMORY 0xBE SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION 0xC1 DRIVER_VERIFIER_DETECTED_VIOLATION 0xC4 DRIVER_CAUGHT_MODIFYING_FREED_POOL 0xC6 TIMER_OR_DPC_INVALID 0xC7 DRIVER_VERIFIER_IOMANAGER_VIOLATION 0xC9 You can also use the Driver Verifier Manager utility to generate a list of unsigned drivers on your computer. You should not use the File Signature Verification tool, sigverif.exe, to create a list of drivers for troubleshooting purposes. SigVerif scans device drivers on your computer and lists the counts and names of signed and unsigned drivers. It does not allow you to troubleshoot the driver. You should not use autochk.exe to create a list of drivers for troubleshoot a device driver on your computer. Autochk.exe is part of the Windows operating system that allows the operating system to revert core system settings back to their original state. Autochk.exe will not allow you to troubleshoot a driver. You should not use cleanmgr.exe. This utility is the Disk Cleanup tool. You can use this tool on certain files such as temporary setup files, download program files, temporary internet files, recycle bin files, and files from the recycle bin. You cannot use this utility to troubleshoot a disk drive. Objective: Configuring Hardware and Applications Sub-Objective: Configure devices References: WDK and Developer Tools > Testing Tools > Driver Verifier in Windows 7 Microsoft Help and Support > Using Driver Verifier to identify issues with Windows drivers for advanced users


Set pelajaran terkait

P test 3 (Practice test 2 & #3 E)

View Set

The History of Mother's Day READTHEORY

View Set

Paraphrasing, Quoting, Summarizing Test

View Set

Cosmetology Sate Board Practice Written Exam

View Set

Unit 2 test review-Understanding organisms

View Set

APES TOPICS 1.1-1.11 & Skills 1:A & B,2:A and B and C:6

View Set

Nursing Application: Antianginals

View Set

Jensen: Chapter 13 - Eyes Assessment

View Set

Fin 3400 Chapter 9 Net present value

View Set