Pro: Windows 7, Enterprise Desktop Administrator
Question No: 41 – (Topic 1)
You have a single Active Directory Domain Services (AD DS) site. All client computers run
Windows 7. Users in the marketing department use a custom application.
You create a new Group Policy object (GPO) and link it to the site. Users in the marketing department then report that they are unable to use the custom application.
You need to ensure that all users in the marketing department are able to use the custom application. You need to ensure that all other users continue to receive the new GPO.
What should you do?
Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Allow-Apply Group Policy permission for the GPO.
Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the OU.
Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Deny-Apply Group Policy permission for the GPO.
Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the domain.
Question No: 42 – (Topic 1)
Your company has two network segments. The core network segment is where centralized management is performed. The high-security network segment is an isolated network. A firewall between the core network segment and the high-security network segment limits network communication between the segments.
These network segments are shown in the following diagram.
Your company plans to deploy Windows 7 to all client computers.
You need to manage activation for client computers that are located in the high-security network segment.
What should you do?
Deploy the Key Management Service (KMS) in the core network segment.
Deploy the Key Management Service (KMS) in the high-security network segment.
Install the Volume Activation Management Tool (VAMT) in the core network segment.
Install the Volume Activation Management Tool (VAMT) in the high-security network segment.
Answer: D Explanation:
Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself.
There is a firewall blocking, (VAMT) should setup at high-security network.
Question No: 43 HOTSPOT – (Topic 1)
A company runs Windows Server 2008 R2 in an Active Directory Domain Services (AD DS) environment. Windows 7 is installed on all the companys client computers.
You add a domain user account named User1 to the local Administrators group on a client computer named PC01. When User1 returns to the office, User1 does not have administrative access on PC01.
When you inspect PC01, you find that the local Administrators group does not contain the user account. You need to ensure that User1 is a member of the local Administrators group.
Which Group Policy setting should you select? To answer, select the appropriate Group Policy setting in the work area.
Restricted groups allow an administrator to define the following two properties for security- sensitive (restricted) groups:
Members Member Of
The quot;Membersquot; list defines who should and should not belong to the restricted group. The quot;Member Ofquot; list specifies which other groups the restricted group should belong to.
Using the quot;Membersquot; Restricted Group Portion of Policy
When a Restricted Group policy is enforced, any current member of a restricted group that is not on the quot;Membersquot; list is removed with the exception of administrator in the Administrators group. Any user on the quot;Membersquot; list which is not currently a member of the restricted group is added.
Using the quot;Member Ofquot; Restricted Group Portion of Policy
Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.
hints: if user was not added into local restricted group, it will remove from administrator group, even it already was added to administrator group.
Question No: 44 HOTSPOT – (Topic 1)
A user is unable to log on to a client computer that runs Windows 7. The user receives an error message that says The local policy of this system does not permit you to logon interactively. The user belongs only to the Users group.
You need to ascertain which policy in the local security policy must be modified.
Which security policy should you select? To answer, select the appropriate policy in the work area.
Question No: 45 – (Topic 1)
Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 client computers.
You are planning to deploy Windows 7 Enterprise to the client computers. You need to design a zero-touch installation strategy.
What should you use in your design?
custom Windows 7 image on DVD
Windows Deployment Services (WDS)
Microsoft System Center Configuration Manager 2007 R2
Answer: D Explanation:
Microsoft Deployment Toolkit (MDT) 2010 is a Microsoft solution accelerator available at no cost for deploying Windows operating systems. Based on the experience of Microsoft employees, partners, and customers, MDT 2010 contains many thousands of lines of code-code that provides a deployment framework so that customers can focus on their business, not on programming. Integrating MDT 2010 with Configuration Manager 2007 R2 helps large organizations use this framework to more easily implement the Zero-Touch, High-Volume
Benefits of integrating MDT 2010 with Configuration Manager 2007 R2 in the Zero-Touch, High-Volume
Deployment strategy include:
Streamlined deployment, because installation is fully automated without interaction.
Lower support costs, because configurations are consistent across all client computers.
Streamlined maintenance, because Configuration Manager 2007 R2 handles applications, device drivers, and updates.
Question No: 46 – (Topic 1)
Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. The design of the organizational units (OUs) and Group Policy objects (GPOs) is shown in the following diagram.
Multiple computer configuration settings and user configuration settings are defined in the Kiosk Computers GPO.
A security audit indicates that user configuration settings that are defined in the Kiosk Computers GPO are not applied when users log on to client computers that are in the Kiosk Computers OU.
You need to ensure that the user configuration settings are correctly applied. What should you do?
Enable loopback processing in Merge mode on the Default Domain Policy GPO.
Disable the user configuration settings on the Default Domain Policy GPO.
Enable loopback processing in Replace mode on the Kiosk Computers GPO.
Disable the user configuration settings on the New York Users GPO.
Answer: C Explanation:
Refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92
Question No: 47 HOTSPOT – (Topic 1)
A network has a single domain with 1,000 client computers that run Windows 7.
A large number of software installation scripts are configured to run on the client computers.
You need to recommend a Group Policy setting that allows users to log on to their computers as soon as possible at first boot.
What should you recommend?
Run startup scripts asynchronously
Description Lets the system run startup scripts simultaneously.
Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.
If you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.
If you disable this policy or do not configure it, a startup script cannot run until the previous script is complete.
hints: allows users to log on to their computers as soon as possible at first boot
Question No: 48 – (Topic 1)
All client computers in your network run Windows 7 Enterprise.
You need to prevent all standard user accounts from running programs that are signed by a specific publisher.
What should you do?
Use AppLocker application control policies. Create an Executable rule.
Use software restriction policies. Create a hash rule.
Use AppLocker application control policies. Create a Windows Installer rule.
Use software restriction policies. Create a path rule.
Answer: A Explanation:
The AppLocker Microsoft Management Console (MMC) snap-in is organized into four areas called rule collections. The four rule collections are executable files, scripts, Windows Installer files, and DLL files. These collections give the administrator an easy way to differentiate the rules for different types of applications.
Rule conditions are criteria that the AppLocker rule is based on. Primary conditions are required to create an AppLocker rule. The three primary rule conditions are publisher, path, and file hash.
Publisher – This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application. The publisher may be a software development company, such as Microsoft, or the information technology department of your organization.
Path – This condition identifies an application by its location in the file system of the computer or on the network. AppLocker uses path variables for directories in Windows. File hash – When the file hash condition is chosen, the system computes a cryptographic hash of the identified file.
Question No: 49 – (Topic 1)
You are deploying an App-V client application to the New York office. You need to ensure that the application will be installed at a specific time. What should you use to deploy the application?
a Group Policy object (GPO) with a software installation policy.
Microsoft Deployment Toolkit
Question No: 50 – (Topic 1)
Your company has 1,000 client computers. Each client computer has 1 GB of RAM.
You are planning to deploy Windows 7 Enterprise.
You need to design a zero-touch deployment strategy to increase the number of client computers that can be imaged at one time.
What should you do?
Increase the amount of RAM on the client computers.
Change from unicast to multicast deployment of images.
Change from multicast to unicast deployment of images.
Decrease the trivial file transfer protocol (TFTP) block size on the TFTP server.
Answer: B Explanation:
Performing Multicast Deployments
In order to deploy an image using multicasting instead of unicasting, you must first create a multicast transmission. Multicast transmissions make the image available for multicasting, which enables you to deploy an image to a large number of client computers without overburdening the network. When you deploy an image using multicasting, the image is sent over the network only once, which can drastically reduce the amount of network bandwidth that is used.
100% Free Download!
–Download Free Demo:70-686 Demo PDF
100% Pass Guaranteed!
–Download 2018 Dumps4cert 70-686 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|