[Pass Ensure VCE Dumps] Download Free PassLeader Premium 580q 70-680 Exam Questions (271-300)
What’s the secret of easily passing new 70-680 exam? PassLeader have been updated the 70-680 exam dumps with the newest exam questions. We offer the latest 580q 70-680 PDF dumps and VCE dumps with New Version VCE Player for free download to ensure your 70-680 exam pass. Now visit www.passleader.com and get the 100 percent pass ensure 70-680 braindumps!
keywords: 70-680 exam,580q 70-680 exam dumps,580q 70-680 exam questions,70-680 pdf dumps,70-680 vce dumps,70-680 braindumps,70-680 practice tests,70-680 study guide,TS: Windows 7, Configuring Exam
QUESTION 271
You administer client computers that have Windows 7 Enterprise installed for the marketing department of your company. The client computers are members of a single Active Directory domain. All regular client computer user accounts are members of the domain security group named Marketing. You install a new printer on one of the client computers. You remove the Everyone group from the access control list (ACL) for the printer, and then share the printer. You need to achieve the following goals:
– Prevent members of the Marketing group from modifying the print jobs of other users.
– Ensure that members of the Marketing group can modify the print jobs that they submit.
What should you do?
A. Modify local Group Policy on the desktops and disable the Point and Print Restrictions user right to the Marketing group.
B. Modify local Group Policy on the desktops and assign the Take ownership of files or other objects user right to the Marketing group.
C. From the printer properties, assign the Manage Documents permission to the Marketing group.
D. From the printer properties, assign the Print permission to the Marketing group.
QUESTION 272
You are performing a native VHD boot from Windows Vista to Windows 7 Professional. Window 7 Professional is installed on F:\Windows7Pro.vhd. You run the bcdedit /copy {current} /d “Windows 7 VDH” command. The boot configuration data is enumerated as shown in the exhibit. (Click the Exhibit button.) You need to ensure that the following requirements are met:
– Both operating systems are bootable after the Power On Self-Test (POST).
– Windows 7 VHD is selected as the default boot entry.
Which three commands should you run? (Each correct answer presents a part of the solution. Choose three.)
A. Bcdedit /default {ded5a252-7077-11e0-8ac8-a2d217dce703}
B. Bcdedit /set {ded5a24e-7077-11e0-8ac8-a2d217dce703} osdevice vhd=[f:]\Windows7Pro.vhd
C. Bcdboot C:\windows /s E:
D. Bcdedit /set {ded5a24e-7077-11e0-8ac8-a2d217dce703} device vhd=[f:]\Windows7Pro.vhd
E. Bcdedit /set {ded5a252-7077-11e0-8ac8-a2d217dce703} device vhd=[f:]\Windows7Pro.vhd
F. Bcdedit /default {current}
G. Bcdedit /set {ded5a252-7077-11e0-8ac8-a2d217dce703} osdevice vhd=[f:]\Windows7Pro.vhd
Answer: AEG
QUESTION 273
Your company network includes desktop computers that have Windows XP Professional SP1 64-bit installed. The company has purchased new portable computers that have Windows 7 Professional 32-bit installed. You need to be able to migrate user profiles from the desktop computers to the portable computers. What should you do?
A. Stop the User Profile Service on the desktop computers.
B. Replace all versions of Windows 7 with 64-bit.
C. Add each desktop user to the local Administrators on the desktop computers.
D. Run scanstate /nocompress on the desktop computers.
Answer: B
QUESTION 274
You use a portable computer that has Windows 7 Enterprise SP1 installed. A conference room at your company has a network projector installed on a server within the company network. You need to connect to the projector from your computer. What should you do?
A. From PowerShell, run the Net Config command.
B. From Display, click Connect to a projector.
C. From Accessories, click Connect to a Network Projector.
D. Run the Displayswitch.exe command and select Projector only.
Answer: C
QUESTION 275
You use a computer that has Windows 7 and Internet Explorer 8 installed. You need to block all web content providers on the Internet from collecting and sharing your information with other websites. What should you do?
A. Enable InPrivate Filtering and select Automatically Block.
B. From Internet Options, configure Privacy Settings for third-party cookies.
C. Start an InPrivate Browsing session.
D. From Manage Add-ons, disable all ActiveX and Java extensions.
E. From Internet Options, add the web content provider to Restricted Sites.
Answer: A
QUESTION 276
You administer an Active Directory domain that includes portable computers that have Windows 7 SP1 installed. You log on to one of the portable computers by using a domain user account and install a new device for a bar-code scanner. You restart the portable computer after installing the new device driver. You successfully log on to the computer by using a domain user account. After logging on, you discover that the bar-code scanner is not working due to a driver error. You try to remove the installed driver, but the Roll Back Driver option is unavailable. You need to be able to roll back the driver to its previous version. What should you do?
A. From the Local Group Policy, modify Device Installation Restrictions.
B. Run the Device Manager by using elevated permissions.
C. Start the portable computer from the Windows 7 installation media and select Startup Repair.
D. Start the computer and select Last Known Good Configuration from the advanced startup options.
Answer: B
QUESTION 277
Note: This QUESTION is part of a series of QUESTIONs that use the same set of answer choices. Ananswer choice may be correct for more than one QUESTION in the series. Your company office Network includes a file server that has Windows Server 2008 R2 installed and client computers that have Windows 7 Enterprise installed. The computers are members of an Active Directory domain. The file server has the BranchCache feature installed. All sales users in the office must download a daily updated 5 GB file that is stored on a file server located in a remote office. You configure the client computers to run BranchCache in Distributed Cache mode. You discover that all users still access the file directly from the file server. You need to reduce the utilization of a WAN link between the offices because of downloading the file to the client computers. What should you do?
A. Run the Netsh branchcache set service mode=HOSTEDCLIENT command.
B. Configure firewall exception rules for multicast traffic, inbound and outbound traffic for local UDP port 3702, and inbound and outbound traffic for local TCP port 80.
C. Configure firewall exception rules for inbound and outbound traffic for local TCP port 80 and for inbound and outbound traffic for local TCP port 8443.
D. Run the Netsh branchcache set service mode=DISTRIBUTED command.
E. Check permissions.
F. Create a Group Policy object and enable the Set BranchCache Hosted Cache mode policy.
G. Create a Group Policy that sets Hash Publication for BranchCache as disabled.
H. Create a Group policy object and configure the Set percentage of disk space used for client computer cache option.
I. Run the Netsh branchcache set service mode=HOSTEDSERVER clientauthentication=NONE command.
Answer: F
Explanation:
Original wording: You configure the client computers to run BranchCache in ‘Distributed Host Mode’. Changed to ‘Distributed Cache mode”.
QUESTION 278
Your network consists of an Active Directory domain and a DirectAccess infrastructure. You install Windows 7 on a new portable computer and join the computer to the domain. You need to ensure that the computer can establish DirectAccess connections. What should you do?
A. Install a computer certificate.
B. Create a new network connection.
C. Enable the Network Discovery firewall exception.
D. Add the computer account to the Network Configuration Operators group.
Answer: A
Explanation:
Certificates. The DirectAccess IPsec session is established when the client running Windows 7 and the DirectAccess server authenticate with each other using computer certificates. DirectAccess supports only certificate-based authentication.DirectAccess Client Configuration Clients receive their DirectAccess configuration through Group Policy. This differs from traditional VPN configuration where connections are configured manually or distributed through the connection manager administration kit. Once you have added the computer’s client account to the designated security group, you need to install a computer certificate on the client for the purpose of DirectAccess authentication. An organization needs to deploy Active Directory Certificate Services so that clients can automatically enroll with the appropriate certificates.
QUESTION 279
You have a portable computer named Computer1 that runs Windows 7. You have a file server named Server1 that runs Windows Server 2008. Server1 contains a shared folder named Share1. You need to configure Computer1 to meet the following requirements:
– Ensure that cached files from Share1 are encrypted.
– Ensure that files located in Share1 are available when Server1 is disconnected from the network.
What should you do?
A. On Server1, encrypt the files in Share1. On Computer1, make Share1 available offline.
B. On Server1, configure BitLocker Drive Encryption. On Computer1, make Share1 available offline.
C. On Computer1, make Share1 available offline and enable encryption of offline files.
D. On Computer1, copy the files from Share1 to the Documents library and configure BitLocker Drive Encryption.
Answer: C
Explanation:
Offline FilesThe Offline Files feature of Windows 7 allows a client to locally cache files hosted in shared folders so that they are accessible when the computer is unable to connect directly to the network resource. The Offline Files feature is available to users of the Professional, Enterprise, and Ultimate editions of Windows 7. You can use the Offline Files feature to ensure access when a client computer is out of the office or when a temporary disruption, such as a wide area network (WAN) link failing between a branch office and a head office, blocks access to specially configured shared folders. Using Sync CenterYou can use Sync Center to synchronize files, manage offline files, and resolve synchronization conflicts manually. Sync Center is located within the Control Panel or by typing Sync Center into the Search Programs and Files text box on the Start menu. Clicking Manage Offline Files opens the Offline Files. This dialog box is also available using the Offline Files control panel. Using this dialog box, you can disable offline files, view offline files, configure disk usage for offline files, configure encryption for offline files, and configure how often Windows 7 should check for slow network conditions.
QUESTION 280
You have a computer named Computer1 that runs Windows Vista and a computer named Computer2 that runs Windows 7. You plan to migrate all profiles and user files from Computer1 to Computer2. You need to identify how much space is required to complete the migration. What should you do?
A. On Computer1 run Loadstate c:\store /nocompress.
B. On Computer1 run Scanstate c:\store /nocompress /p.
C. On Computer2 run Loadstate \\computer1\store /nocompress.
D. On Computer2 run Scanstate \\computer1\store /nocompress /p.
Answer: B
Explanation:
ScanState
You run ScanState on the source computer during the migration. You must run ScanState.exe on computers running Windows Vista and Windows 7 from an administrative command prompt. When running ScanState on a source computer that has Windows XP installed, you need to run it as a user that is a member of the local administrators group. The following command creates an encrypted store named Mystore on the file share named Migration on the file server named Fileserver that uses the encryption key Mykey: scanstate \\fileserver\migration\mystore /i:migapp.xml /i:miguser.xml /o /config:config.xml /encrypt /key:”mykey” Space Estimations for the Migration StoreWhen the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file: Scanstate.exe C:\MigrationLocation [additional parameters] /p:”C:\MigrationStoreSize.xml” To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying “pathtoafile”, in USMT 4.0. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT 3.x releases. User State Migration ToolUSMT 4.0 is a command-line utility that allows you to automate the process of user profile migration. The USMT is part of the Windows Automated Installation Kit (WAIK) and is a better tool for performing a large number of profile migrations than Windows Easy Transfer. The USMT can write data to a removable USB storage device or a network share but cannot perform a direct side-by-side migration over the network from the source to the destination computer. The USMT does not support user profile migration using the Windows Easy Transfer cable. USMT migration occurs in two phases, exporting profile data from the source computer using ScanState and importing profile data on the destination computer using LoadState.
http://www.passleader.com/70-680.html
QUESTION 281
You have a workgroup that contains five computers. The computers run Windows 7. A computer named Computer1 has video and audio files. You need to share Computer1’s video and audio files on the network. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Create a HomeGroup.
B. Move the files to a Media Library.
C. Enable all BranchCache rules in Windows Firewall.
D. Connect a removable drive and enable BitLocker To Go.
Answer: AB
Explanation:
HomeGroup ConnectionsThis option decides how authentication works for connections to HomeGroup resources. If all computers in the HomeGroup have the same user name and passwords configured, you can set this option to allow Windows to manage HomeGroup connections. If different user accounts and passwords are present, you should configure the option to use user accounts and passwords to connect to other computers. This option is available only in the Home/Work network profile.Media Library SharingBefore you turn on Media Library Sharing for a shared folder, you should know that Media Library Sharing bypasses any type of user-account access that you set for the shared folder. For example, let’s say that you turn on Media Library Sharing for the Photos shared folder, and you set the Photos shared folder to No Access for a user account named Bobby. Bobby can still stream any digital media from the Photos shared folder to any supported digital media player or DMR. If you have digital media that you do not want to stream in this manner, store the files in a folder that does not have Media Library Sharing turned on. If you turn on Media Library Sharing for a shared folder, any supported digital media player or DMR that can access your home network can also access your digital media in that shared folder. For example, if you have a wireless network and you have not secured it, anybody within range of your wireless network can potentially access your digital media in that folder. Before you turn on Media Library Sharing, make sure that you secure your wireless network. For more information, see the documentation for your wireless access point.
QUESTION 282
You have a computer that runs Windows 7. You need to identify which applications were installed during the last week. What should you do?
A. From Performance Monitor, run the System Performance Data Collector Set.
B. From Reliability Monitor, review the informational events.
C. From System Information, review the Software Environment.
D. From Performance Monitor, review the System Diagnostics Report.
Answer: B
Explanation:
Reliability Monitor tracks a computer’s stability. It can also tell you when events that could affect stability (such as the installation of a software application) occurred and whether any restarts were required after these events. Action Center monitors your computer and reports problems with security, maintenance, and related settings. The Windows Experience Index indicates the suitability of your current computer hardware for running resource intensive applications.
QUESTION 283
You have a computer that runs Windows 7. You open the Disk Management snap-in as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that you can create a new partition on Disk 0. What should you do?
A. Shrink volume C.
B. Compress volume C.
C. Convert Disk 0 into a dynamic disk.
D. Create and initialize a Virtual Hard Disk (VHD).
Answer: A
Explanation:
Needs to have sufficient space in order to create a new partition. Hence shrinking the C: partition will create additional space that can be used for a new partition.
QUESTION 284
Your network consists of one Active Directory domain. You have two computers named Computer1 and Computer2 that run Windows 7. Both computers are members of the domain. From Computer1, you can recover all Encrypting File System (EFS) encrypted files for users in the domain. You need to ensure that you can recover all EFS encrypted files from Computer2. What should you do?
A. On Computer1, back up %systemroot%\DigitalLocker.
On Computer2, restore %systemroot% \DigitalLocker.
B. On Computer1, export the data recovery agent certificate.
On Computer2, import the data recovery agent certificate.
C. On Computer1, run Secedit.exe and specify the /export parameter.
On Computer2, run Secedit.exe and specify the /import parameter.
D. On Computer1, run Cipher.exe and specify the /removeuser parameter.
On Computer2, run Cipher.exe and specify the /adduser parameter.
Answer: B
Explanation:
You can import the recovery agent to another computer running Windows 7 if you want to recover files encrypted on the first computer. You can also recover files on another computer running Windows 7 if you have exported the EFS keys from the original computer and imported them on the new computer. You can use the Certificates console to import and export EFS keys.
NOT Secedit.exe: You can use both the Local Group Policy Editor and the Local Security Policy console to import and export security-related Group Policy settings. You can use this import and export functionality to apply the same security settings to stand-alone computers that are not part of a domain environment. Exported security files are written in Security Template .inf format. As well as using Local Group Policy Editor and the Local Security Policy console to import policies that are stored in .inf format, you can apply them using the Secedit.exe command-line utility.
NOT Cipher.exe /removeuser /adduser.
NOT DigitalLocker.
QUESTION 285
You have a computer that runs Windows 7. You need to configure the computer to meet the following requirements:
– Generate a new security ID (SID) when the computer starts.
– Ensure that the Welcome screen appears when the computer starts.
What should you do?
A. Run Sysprep.exe /oobe /generalize.
B. Run Sysprep.exe /audit /generalize.
C. Run Msconfig.exe and select Selective startup.
D. Run Msconfig.exe and select Diagnostic startup.
Answer: A
Explanation:
To prepare the reference computer for the user, you use the Sysprep utility with the /generalize option to remove hardware-specific information from the Windows installation and the /oobe option to configure the computer to boot to Windows Welcome upon the next restart. Open an elevated command prompt on the reference computer and run the following command: c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /shutdown Sysprep prepares the image for capture by cleaning up various user-specific and computer-specific settings, as well as log files. The reference installation now is complete and ready to be imaged./generalize Prepares the Windows installation to be imaged. If you specify this option, all unique system information is removed from the Windows installation. The SID is reset, system restore points are cleared, and event logs are deleted. The next time the computer starts, the specialize configuration pass runs. A new SID is created, and the clock for Windows activation resets (unless the clock has already been reset three times)./oobeRestarts the computer in Windows Welcome mode. Windows Welcome enables users to customize their Windows 7 operating system, create user accounts, and name the computer. Any settings in the oobeSystem configuration pass in an answer file are processed immediately before Windows Welcome starts.
QUESTION 286
You have a computer that runs Windows 7. You need to confirm that all device drivers installed on the computer are digitally signed. What should you do?
A. At a command prompt, run Verify.
B. At a command prompt, run Sigverif.exe.
C. From Device Manager, click Scan for hardware changes.
D. From Device Manager, select the Devices by connection view.
Answer: B
Explanation:
Checking Digital Signatures with the File Signature Verification Tool The Dxdiag tool identifies problems with DirectX hardware and tells you whether that hardware has passed the WHQL testing regimen and has been signed digitally. However, it does not test the device drivers that are not associated with DirectX devices. To scan your computer and identify any unsigned drivers, you should use the File Signature Verification (Sigverif) tool.
QUESTION 287
You have a Virtual Hard Disk (VHD) and a computer that runs Windows 7. The VHD has Windows 7 installed. You need to start the computer from the VHD. What should you do?
A. From Diskpart.exe, run Select vdisk.
B. From Disk Management, modify the active partition.
C. Run Bootcfg.exe and specify the /default parameter.
D. Run Bcdedit.exe and modify the Windows Boot Manager settings.
Answer: D
Explanation:
When you have created a VHD and installed a system image on it, you can use the BCDEdit tool Bcdedit.exe to add a boot entry for the VHD file in your computer running Windows 7.
QUESTION 288
You have a wireless access point that is configured to use Advanced Encryption Standard (AES) security. A pre- shared key is not configured on the wireless access point. You need to connect a computer that runs Windows 7 to the wireless access point. Which security setting should you select for the wireless connection?
A. 802.1x
B. WPA-Personal
C. WPA2-Enterprise
D. WPA2-Personal
Answer: C
Explanation:
WPA and WPA2 indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. WPA2 enhances WPA, which in turn addresses weaknesses in the previous system, WEP. WPA was intended as an intermediate measure to take the place of WEP while an IEEE 802.11i standard was prepared. 802.1X provides port-based authentication, which involves communications between a supplicant (a client computer), an authenticator (a wired Ethernet switch or WAP), and an authentication server (typically a Remote Authentication Dial In User Service, or RADIUS, server).
WPA2-Enterprise. WPA-Enterprise and WPA2-Enterprise authenticate through the Extensible Authentication Protocol (EAP) and require computer security certificates rather than PSKs. The following EAP types are included in the certification program:
– EAP-TLS
– EAP-TTLS/MSCHAPv2
– PEAPv0/EAP-MSCHAPv2
– PEAPv1/EAP-GTC
– EAP-SIM
If you want to use AES and to use computer certificates rather than a PSK, you would choose WPA2- Enterprise.WPA2-PersonalIf you have a small network that is not in a domain and cannot access a CA server, but you install a modernWAP that supports AES, you would use WPA2-Personal (with a PSK).WPA-Personal If you have a small network that is not in a domain and cannot access a CA server and your WAP does not support AES, you would use WPA-Personal.802.1x If you have a RADIUS server on your network to act as an authentication server and you want the highest possible level of security, you would choose 802.1X.
QUESTION 289
You have two computers named Computer1 and Computer2 that run Windows 7. You need to ensure that you can remotely execute commands on Computer2 from Computer1. What should you do?
A. Run Winrm quickconfig on Computer1.
B. Run Winrm quickconfig on Computer2.
C. Enable Windows Remote Management (WinRM) through Windows Firewall on Computer1.
D. Enable Windows Remote Management (WinRM) through Windows Firewall on Computer2.
Answer: B
Explanation:
Windows Remote Management Service. The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. Executing WinRM quickconfig does the following:
– Starts the WinRM service
– Configures the WinRM service startup type to delayed automatic start
– Configures the LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users
– Configures the WinRM listener on http://* to accept WS-Man requests
– Configures the WinRM firewall exception
QUESTION 290
You have a computer that runs Windows 7. The computer connects to the corporate network by using a VPN connection. You need to ensure that you can access the Internet when the VPN connection is active. The solution must prevent Internet traffic from being routed through the VPN connection. What should you do?
A. Configure a static DNS server address.
B. Configure a static IP address and default gateway.
C. Configure the security settings of the VPN connection.
D. Configure the advanced TCP/IP settings of the VPN connection.
Answer: D
Explanation:
To prevent the default route from being created. In the properties of the TCP/IP protocol of the dial-up connection object, in the Advanced TCP/IP Settings dialog box, click the General tab, and then clear the Use default gateway on remote network check box.
http://www.passleader.com/70-680.html
QUESTION 291
You have a computer that runs Windows 7 Professional. A USB disk is attached to the computer. You need to ensure that you can enable BitLocker To Go on the USB disk. What should you do?
A. Enable Encrypting File System (EFS).
B. Upgrade the computer to Windows 7 Enterprise.
C. Initialize the Trusted Platform Module (TPM) hardware.
D. Obtain a client certificate from an enterprise certification authority (CA).
Answer: B
Explanation:
Windows 7 ProfessionalWindows 7 Professional is available from retailers and on new computers installed by manufacturers. It supports all the features available in Windows Home Premium, but you can join computers with this operating system installed to a domain. It supports EFS and Remote Desktop Host but does not support enterprise features such as AppLocker, DirectAccess, BitLocker, and BranchCache.Windows 7 Enterprise and Ultimate EditionsThe Windows 7 Enterprise and Ultimate editions are identical except for the fact that Windows 7 Enterprise is available only to Microsoft’s volume licensing customers, and Windows 7 Ultimate is available from retailers and on new computers installed by manufacturers. The Enterprise and Ultimate editions support all the features available in other Windows 7 editions but also support all the enterprise features such as EFS, Remote Desktop Host, AppLocker, DirectAccess, BitLocker, BranchCache, and Boot from VHD.
QUESTION 292
You have a computer that runs Windows 7. You need to prevent Internet Explorer from saving any data during a browsing session. What should you do?
A. Disable the BranchCache service.
B. Modify the InPrivate Blocking list.
C. Open an InPrivate Browsing session.
D. Modify the security settings for the Internet zone.
Answer: C
Explanation:
InPrivate Mode consists of two technologies: InPrivate Filtering and InPrivate Browsing. Both InPrivate Filtering and InPrivate Browsing are privacy technologies that restrict the amount of information available about a user’s browsing session. InPrivate Browsing restricts what data is recorded by the browser, and InPrivate Filtering is used to restrict what information about a browsing session can be tracked by external third parties.
QUESTION 293
You have a stand-alone computer named Computer1 that runs Windows 7. Several users share Computer1. You need to prevent all users who are members of a group named Group1 from running Windows Media Player. All other users must be allowed to run Windows Media Player. You must achieve this goal by using the least amount of administrative effort. What should you do?
A. From Software Restriction Policies, create a path rule.
B. From Software Restriction Policies, create a hash rule.
C. From Application Control Policies, create the default rules.
D. From Application Control Policies, create an executable rule.
Answer: D
Explanation:
Executable Rules. Executable rules apply to files that have .exe and .com file extensions. AppLocker policies are primarily about executable files, and it is likely that the majority of the AppLocker policies that you work with in your organizational environment will involve executable rules. The default executable rules are path rules that allow everyone to execute all applications in the Program Files folder and the Windows folder. The default rules also allow members of the administrators group to execute applications in any location on the computer. It is necessary to use the default executable rules, or rules that mirror their functionality, because Windows does not function properly unless certain applications, covered by these default rules, are allowed to execute. When you create a rule, the scope of the rule is set to Everyone, even though there is not a local group named Everyone. If you choose to modify the rule, you can select a specific security group or user account. NOT Default rulesDefault rules are a set of rules that can be created automatically and which allow access to default Windows and program files. Default rules are necessary because AppLocker has a built-in fallback block rule that restricts the execution of any application that is not subject to an Allow rule. This means that when you enable AppLocker, you cannot execute any application, script, or installer that does not fall under an Allow rule. There are different default rules for each rule type. The default rules for each rule type are general and can be tailored by administrators specifically for their environments. For example, the default executable rules are path rules. Security-minded administrators might replace the default rules with publisher or hash rules because these are more secure.NOT Path RulesPath rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: \Program files\Application\App.exe to Unrestricted and one that sets the folder C:\Program files\Application to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:\Program files\Application\*.exe. Wildcard rules are less specific than rules that use a file’s full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:\Apps\Filesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed.NOT Hash RulesHash rules, work through the generation of a digital fingerprint that identifies a file based on its binary characteristics. This means that a file that you create a hash rule for will be identifiable regardless of the name assigned to it or the location from which you access it. Hash rules work on any file and do not require the file to have a digital signature. The drawback of hash rules is that you need to create them on a per-file basis. You cannot create hash rules automatically for Software Restriction Policies; you must generate each rule manually. You must also modify hash rules each time that you apply a software update to an application that is the subject of a hash rule. Software updates modify the binary properties of the file, which means that the modified file does not match the original digital fingerprint.
QUESTION 294
You have a computer that runs Windows 7. The IPv6 address of the computer is configured automatically. You need to identify the IPV6 address of the computer. What should you do?
A. At the command prompt, run Netstat.
B. At the command prompt run Net config.
C. From the network connection status, click Details.
D. From network connection properties, select Internet Protocol Version 6 (TCP/IPv6) and click Properties.
Answer: C
Explanation:
You can view a list of all the connection interfaces (wired and wireless) on a computer by opening Network And Sharing Center and clicking Change Adapter Settings. You can right-click any network connection and select Status. If you click Details on the Local Area Connection Status dialog box, you access the Network Connection Details information box. You can configure wireless connection behavior by clicking Change Adapter Settings in Network And Sharing Center, right-clicking your wireless adapter, and clicking Status. Clicking Details on the Status dialog box displays the adapter configuration.
QUESTION 295
You have a computer that runs Windows 7. You need to view the processes that currently generate network activity. What should you do?
A. Open Resource Monitor and click the Network tab.
B. Open Windows Task Manager and click the Networking tab.
C. Open Event Viewer and examine the NetworkProfile Operational log.
D. Open Performance Monitor and add all the counters for network interface.
Answer: A
Explanation:
Resource Monitor. Windows 7 offers an enhanced version of the Resource Monitor tool. Windows 7 Resource Monitor allows you to view information about hardware and software resource use in real time. You can filter the results according to the processes or services that you want to monitor. You can also use Resource Monitor to start, stop, suspend, and resume processes and services, and to troubleshoot unresponsive applications. You can start Resource Monitor from the Processes tab of Task Manager or by entering resmon in the Search box on the Start menu. To identify the network address that a process is connected to, click the Network tab and then click the title bar of TCP Connections to expand the table. Locate the process whose network connection you want to identify. You can then determine the Remote Address and Remote Port columns to see which network address and port the process is connected to.
QUESTION 296
You have a computer that runs Windows 7. The computer contains two volumes, C and D. You create a new folder called D:\Reports. You need to ensure that all files stored in the Reports folder are indexed by Windows Search. What should you do?
A. Enable the archive attribute on the folder.
B. Modify the Folder Options from Control Panel.
C. Modify the properties of the Windows Search service.
D. Create a new library and add the Reports folder to the library.
Answer: D
Explanation:
Libraries enable you to organize files by using metadata about the file, such as author, date, type, tags, and so on-instantly. You’re not limited to just browsing files by folder hierarchy. When you save files in a Library, Windows?7 indexes the files. You can use Library features like the Arrange By control to instantly browse the files in the Library by metadata or use the Search Builder, which is built into the Search box in Windows Explorer, to instantly search the files in the Library by metadata.
QUESTION 297
You have a computer that runs Windows 7. You update the driver for the computer’s video card and the computer becomes unresponsive. You need recover the computer in the minimum amount of time. What should you do?
A. Restart in safe mode and then roll back the video card driver.
B. Restart in safe mode and then revert the computer to a previous restore point.
C. Start the computer from the Windows 7 installation media. Select Repair your computer and then select System Restore.
D. Start the computer from the Windows 7 installation media. Select Repair your computer and then select System Image Recovery.
Answer: A
Explanation:
If you install a driver that causes your computer to become unstable, you should first attempt to roll back the driver. If this does not solve the problem, you can restore system files and settings by performing a system restore to restore the computer to its last system restore point. A system restore returns a computer system to a selected restore point. System restores do not alter user files. Note that a system restore is not the same as a System Image restore.
QUESTION 298
You plan to install Windows 7 on a computer that contains a single hard disk drive. The hard disk drive is connected to a RAID controller. During the installation, you discover that the Windows 7 installation media does not include the files required to install the RAID controller. You need ensure that you can install Windows 7 on the hard disk drive. What should you do?
A. Insert the Windows installation media and press remove some files during the computer’s power-on self test (POST).
B. Insert the Windows installation media and press F6 during the computer’s power-on self test (POST).
C. Start the computer from the Windows installation media. From the Install Windows dialog box, click Load Driver.
D. Start the computer from the Windows installation media. From the Install Windows dialog box, click Drive options (advanced).
Answer: C
Explanation:
If your computer has special disk drive hardware, such as a redundant array of independent disks (RAID) array, it may be necessary to use the Load Driver option. It is necessary to use this option only if the disk that you want to install Windows on is not shown as a possible install location. If your disk is shown as an available option, Windows 7 has already loaded the appropriate drivers. Once you select the location where you want to install Windows 7, the Windows 7 installation process begins.
QUESTION 299
You have an offline virtual hard disk (VHD) that contains a generalized installation of Windows 7 Ultimate. You need to disable the built-in games in the VHD. You must achieve this goal by using the minimum amount of administrative effort. What should you do?
A. Start a computer from the VHD.
Run Ocsetup.exe and specify the /uninstall parameter.
Recapture the VHD.
B. Start a computer from the VHD.
From Programs and Features, turn off the Games feature and then recapture the VHD.
C. Create an answer file that has InboxGames disabled.
On a computer that runs Windows 7, attach the VHD.
Run Pkgmgr.exe and specify the /uu parameter.
D. Create an answer file that has InboxGames disabled.
On a computer that runs Windows 7, attach the VHD.
Run Dism.exe and specify the /apply-unattend parameter.
Answer: D
Explanation:
DISM: Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system. /Apply-Unattend (Applies an unattend.xml file to an image.) If you are updating device drivers using an unattended answer file, you must apply the answer file to an offline image and specify the settings in the offlineServicing configuration pass. If you are updating packages or other settings using an unattended answer file, you can apply the answer file to an offline or online image. Specify the settings in the offlineServicing configuration pass.
QUESTION 300
You have a computer that runs Windows 7 Professional. You need to upgrade the computer to Windows 7 Ultimate. You must achieve this goal in the minimum amount of time. What should you do?
A. Run Windows Update.
B. Run Windows Anytime Upgrade.
C. From the Windows 7 installation media, run Setup.exe.
D. From the Windows 7 installation media, run Migwiz.exe.
Answer: B
Explanation:
Windows Anytime Upgrade With Windows Anytime Upgrade, shown in Figure,you can purchase an upgrade to an application over the Internet and have the features unlocked automatically. This upgrade method is more suitable for home users and users in small businesses where a small number of intra-edition upgrades is required.