Configuring Windows Devices
Question No: 31 HOTSPOT – (Topic 5)
Your company upgrades a research and development department workstation to a Windows 10 Enterprise computer. Two of the workstation’s folders need to be encrypted. The folders are named C:\ProtectedFiles and C:\Backups.
You attempt to encrypt the folders. The output is shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement. NOTE: Each correct selection is worth one point.
We can see from the image below that all files and the ProtectedFiles folder were encrypted successfully (There are no errors and there is an [OK] message for each action).
The image below shows that the folder was encrypted successfully (Setting the directory Backups to encrypt new files [OK]).
The file Backup.zip failed to encrypt because the file is read only. The other file, OldBackup.zip was encrypted successfully.
Question No: 32 – (Topic 5)
You have a Windows 10 Enterprise computer.
The computer has a shared folder named C:\Marketing. The shared folder is on an NTFS volume.
The current NTFS and share permissions are configured as follows.
UserA is a member of both the Everyone group and the Marketing group. UserA must access C:\Marketing from across the network. You need to identify the effective permissions of UserA to the C:\Marketing folder.
What permission should you identify?
Read and Execute
Answer: D Explanation:
UserA is a member of both the Everyone group and the Marketing group and UserA must access C:\Marketing from across the network.
When accessing a file locally, you combine the NTFS permissions granted to your account either directly or by way of group membership. The ‘least’ restrictive permission is then the permission that applies.
In this question, the NTFS permission is the least restrictive of Read/Execute and Modify… so Modify is the effective permission.
When accessing a folder or file across the network, you combine the effective NTFS permissions (Modify in this case) with the effective Share permissions granted to your account either directly or by way of group membership (Full Control in this case). The ‘most’ restrictive permission is then the permission that applies. Modify is more restrictive than Full Control so Modify is the effective permission.
Question No: 33 HOTSPOT – (Topic 5)
You administer Windows 10 Enterprise computers in your company network, including a computer named Wst1. Wst1 is configured with multiple shared printer queues.
Wst1 indicates hardware errors. You decide to migrate the printer queues from Wst1 to a new computer named Client1.
You export the printers on Wst1 to a file. You need to import printers from the file to Client1.
From the Print Management console, which Print Management node should you select? To answer, select the appropriate node in the answer area.
We have exported the printers on Wst1 to a file. To import printers from the file to Client1, we use the Printer Migration Wizard.
Right-click Print Management, and then click Migrate Printers to open the Printer Migration Wizard. Select Import printer queues and printer drivers from a file, and select the export
file. Then complete the wizard.
Question No: 34 DRAG DROP – (Topic 5)
You have a computer that runs Windows 10 Enterprise that contains the following folders:
You have a local user named User1. User1 has read and execute permission to Folder1. You need to ensure that User1 can perform the following tasks.
The solution must use the principle of least privilege.
Which permissions should you assign to User1 on each folder? To answer, drag the appropriate permissions to the correct folders. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Advanced permissions are detailed permissions that are grouped together to create the standard permissions. The permissions in this question are standard permissions.
Folder2: To create new files in a folder, you need Write permission to the folder. The ‘Write’ standard permission includes the ‘Create files / write data’ advanced permission.
Folder3: To edit existing files in a folder, you need Modify permission.
Folder5: To change the permissions of files in a folder, you need the ‘Change Permissions’ advanced permission. The Change Permission advanced permission is in the ‘Full Control’ standard permission group. Therefore, the answer for Folder5 is Full Control.
Topic 6, Manage remote access
Question No: 35 DRAG DROP – (Topic 6)
You have a desktop computer and a tablet that both run Windows 10 Enterprise.
The desktop computer is located at your workplace and is a member of an Active Directory domain. The network contains an Application Virtualization (App-V) infrastructure. Several App-V applications are deployed to all desktop computers.
The tablet is located at your home and is a member of a workgroup. Both locations have Internet connectivity.
You need to be able to access all applications that run on the desktop computer from you tablet.
Which actions should you perform on each computer? To answer, drag the appropriate action to the correct computer. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You can connect to your work computer by using Remote Desktop. You first need to enable Remote Desktop on the work computer. You then run the Remote Desktop Client on the home computer to connect to the work computer.
With Remote Desktop Connection, you can connect to a computer running Windows from another computer running Windows that#39;s connected to the same network or to the Internet. For example, you can use all of your work computer#39;s programs, files, and network resources from your home computer, and it#39;s just like you#39;re sitting in front of your computer at work.
To connect to a remote computer, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect. For permission to connect, you must be on the list of users. Before you start a connection, it#39;s a good idea to look up the name of the computer you#39;re connecting to and to make sure Remote Desktop connections are allowed through its firewall.
Question No: 36 – (Topic 6)
A company has Windows 10 Enterprise client computers. The client computers are connected to a corporate private network. Users are currently unable to connect from their home computers to their work computers by using Remote Desktop.
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate network resource by using the local Windows installation from their home computers.
Which setting should you configure on the home computers?
Virtual Private Network connection
Remote Desktop local resources
Remote Desktop Gateway IP address
Answer: D Explanation:
The solution is to deploy Remote Desktop Gateway in the office. Remote users can then connect to their computers on the office network by using Remote Desktop client on their home computers configured with the IP address of the Remote DesktopGateway.
Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.
RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.
RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
Question No: 37 – (Topic 6)
You manage a network that includes Windows 10 Enterprise computers. All of the computers on the network are members of an Active Directory domain.
The company recently proposed a new security policy that prevents users from
synchronizing applications settings, browsing history, favorites, and passwords from the computers with their Microsoft accounts.
You need to enforce these security policy requirements on the computers. What should you do?
On the Group Policy Object, configure the Accounts: Block Microsoft accounts Group Policy setting to Users can’t add Microsoft accounts.
On the Group Policy Object, configure the Accounts: Block Microsoft accounts Group Policy setting to Users can’t add or log on with Microsoft accounts.
From each computer, navigate to Change Sync Settings and set the Sync Your Settings options for Apps, Browser, and Passwords to Off.
From each computer, navigate to Change Sync Settings and set the Sync Your Settings option to Off.
Answer: B Explanation:
The computers are members of a domain so the users should be using domain user accounts. We need to block the use of Microsoft accounts.
We could use the Users can’t add Microsoft accounts setting which would mean that users will not be able to create new Microsoft accounts on a computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account.
Alternatively, we can also deny the ability to log on to a domain computer with a Microsoft account (and sync computer settings) by using the Users can’t add or log on with Microsoft accounts. This will ensure that the company policy is enforced.
Topic 7, Manage apps
Question No: 38 – (Topic 7)
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is a member of an Active Directory domain named contoso.com.
You have a line-of-business universal app named App1. App1 is developed internally.
You need to ensure that you can run App1 on Computer1. The solution must meet the following requirements:
鈥inimize costs to deploy the app.
鈥inimize the attack surface on Computer1. What should you do?
Have App1 certified by the Windows Store.
Sign App1 with a certificate issued by a third-party certificate authority.
From the Update amp; Security setting on Computer1, enable the Sideload apps setting.
Run the Add-AppxProvisionedPackage cmdlet.
Answer: C Explanation:
To install the application, you need to ‘Sideload’ it. First you need to enable the Sideload apps setting.
LOB Windows Store apps that are not signed by the Windows Store can be sideloaded or added to a PC in the enterprise through scripts at runtime on a per-user basis. They can also be provisioned in an image by the enterprise so that the app is registered to each new user profile that#39;s created on the PC. The requirements to sideload the app per-user or in the image are the same, but the Windows PowerShell cmdlets you use to add, get, and remove the apps are different.
Before you can sideload LOB Windows Store apps that are not signed by the Windows
Store, you will need to configure the PC.
Question No: 39 – (Topic 7)
You plan to deploy a Microsoft Azure RemoteApp collection by using a custom template image. The image will contain Microsoft Office 365 ProPlus apps.
You need to ensure that multiple users can run Office 365 ProPlus from the custom template image simultaneously.
What should you include in the configuration file?
lt;Property Name = “FORCEAPPSHUTDOWN” Value = “FALSE” /gt;
lt;Product ID = “0365ProPlusRetail” /gt;
lt;Property Name = “SharedComputerLicensing” Value = “1” /gt;
lt;Property Name = “AUTOACTIVATE” Value = “1” /gt;
Answer: C Explanation:
To make Microsoft Office365 ProPlusapps available as RemoteApps, you need to enable Shared computer activation. You do this by including the following text in the configuration file:
lt;Property Name = “SharedComputerLicensing” Value = “1” /gt;
Shared computer activation lets you to deploy Office 365 ProPlus to a computer in your organization that is accessed by multiple users. For example, several nurses at a hospital connect to the same remote server to use their applications or a group of workers share a
computer at a factory.
The most common shared computer activation scenario is to deploy Office 365 ProPlus to shared computers by using Remote Desktop Services (RDS). By using RDS, multiple users can connect to the same remote computer at the same time. The users can each run Office 365 ProPlus programs, such as Word or Excel, at the same time on the remote computer.
Question No: 40 DRAG DROP – (Topic 7)
You plan to deploy a Microsoft Azure RemoteApp collection by using a custom template image. The image will contain Microsoft Word and Excel Office 365 ProPlus programs.
You need to install the Word and Excel programs. The solution must minimize the amount of Internet traffic used during installation.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
The first step is to download the Office Deployment Tool.
You then need to modify the configuration file. This will be used to specify the installation options for Word and Excel.
You then run Setup.exe from the Office Deployment Tool with the /download option to download the required software based on the options in the configuration file.
The final step is to install Word and Excel by running Setup.exe from the Office Deployment Tool with the /configure option to install the required software based on the options in the configuration file.
100% Ensurepass Free Download!
–Download Free Demo:70-697 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-697 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|