Download New Updated (Spring 2015) Microsoft 70-687 Actual Tests 131-140

Ensurepass

 

QUESTION 131

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain. All Sales department employees are members of the Sales organizational unit (CU). AppLocker rules control the installation of applicatior on client computers.

 

You create a new Group Policy object (GPO) to configure an AppLocker file hash rule. The file hash rule allows an application to run and links the application to the Sales OU. Several minutes later, you establish that the AppLocker rule is not present on some computers within SalesOU and the application cannot run.

 

You need to quickly ensure that the application can run.

 

What should you do?

 

A.

Run the Get-AppLockerPolicy Windows PowerShell cmdlet.

B.

Configure the AppLocker properties to enforce rules.

C.

Run the gpupdate /force command.

D.

Create a new AppLocker file hash condition.

 

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/bb490983.aspx Gpupdate

 

Refreshes local and Active Directory-based Group Policy settings, including security

 

settings.

 

/force : Ignores all processing optimizations and reapplies all settings.

 

http://technet.microsoft.com/en-us/library/cc940895.aspx

Group Policy refresh interval for computers

 

Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This policy specifies a background update rate only for Group Policies in the Computer Configuration folder.

By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates, Group Policy for the computer is always updated when the system starts.

 

Further Information:

http://technet.microsoft.com/en-us/library/ee460964.aspx Get-AppLockerPolicy

 

The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output is an AppLockerPolicy object or an XML-formatted string.

 

 

QUESTION 132

You administer Windows 8.1 laptops in your company network.

 

You install several custom desktop applications on the laptops.

 

You need to create a custom recovery image for Windows to use when selecting the Refresh your PC option. The custom recovery image must include the custom desktop applications.

 

Which command should you use to create the custom recovery image?

 

A.

Recdisc.exe

B.

Recover.exe

C.

Recimg.exe

D.

RecoveryDrive.exe

 

Answer: C

Explanation:

http://blogs.msdn.com/b/matt-harrington/archive/2012/04/01/create-a-windows-8-refresh-image-with-recimg-exe.aspx

Create a Windows 8 image with recimg.exe to preserve your Desktop apps after a refresh

 

Windows 8 supports two new ways to revert your system to an earlier state. From the Settings charm, access More PC settings and then click General. Towards the bottom, you’ll see these two choices:

 

Refresh your PC without affecting your files. This choice keeps your personal data, system settings, and Metro style applications. Desktop applications will be removed, unless you create a custom image as I detail below.

Reset your PC and start over. This choice is like a factory reset. All of your personal files, Metro style apps, and Desktop apps will be removed. You can optionally write random data to your drive for added security.

 

Use option 2 if you’re going to sell or give away your system. All of your personal files will be erased. The rest of this post is about option 1.

 

Option 1, refreshing your PC, keeps your personal data and reinstalls Metro style applications. Desktop apps will be removed, and their names will be placed in a file on your desktop called Removed Apps.

 

Reinstalling all of your Desktop apps can be time consuming, so Windows 8 offers a command called recimg.exe to make this easier. recimg creates an image which is used by the refresh facility when restoring Windows. Not only will your personal data and Metro style apps be saved, but so will Desktop apps you have installed at the time you create the image. This can save you a lot of time.

 

http://support.microsoft.com/kb/2748351

How to create a system image to refresh your Windows 8 PC

 

“Refresh your PC” is a new feature in Windows 8. By default, desktop apps are removed when you refresh a Windows 8-based computer, unless you create a custom image. After you create a custom system image, the image is used as the refresh image. This means that any existing image or OEM restore image is not used when you refresh your computer.

 

To create a custom image, use the Recimg.exe command-line tool that is included in Windows 8. To do this, follow these steps:

1. Create a destination folder for the custom image. For example, create a folder named “Refreshimage” on drive C.

2. Open an elevated command prompt. To do this, follow these steps:

On the Start page, type cmd, press and hold or right-click Command Prompt, and then tap or click Run as administrator.

3. Type the following command, and then press Enter:

recimg -CreateImage drive:folder

 

For example, if you create “C:Refreshimage” in step 1, run the following command:

recimg -CreateImage C:Refreshimage

 

 

QUESTION 133

You administer Windows 8.1 client computers in your company network. A computer that is used by non-administrator users has a directory named C:Folder1.

 

A shared collection of Microsoft Excel files is stored in the C:Folder directory, with non- administrator users being granted modify permissions to the directory.

 

You discover that some files have been incorrectly modified by a user.

 

You need to determine which user made changes to the directory’s folder’s files.

 

Which two actions should you perform? (Each correct answer presents part of the solution.

Choose two.)

 

A.

Set local policy: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesAudit PolicyAudit object access to Failure.

B.

From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to Failure for the Modify permission.

C.

From the Auditing Entry for Folder1, set the Principal to Everyone, and then set the Type to Success for the Modify permission.

D.

Set local policy: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesAudit PolicyAudit object access to Success.

 

Answer: CD

Explanation:

We must audit for success, as we want to know which user has modified the file.

http://technet.microsoft.com/en-us/library/cc776774%28v=ws.10%29.aspx

Audit object access

 

This security setting determines whether to audit the event of a user accessing an object– for example, a file, folder, registry key, printer, and so forth–that has its own system access control list (SACL) specified.

 

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has an appropriate SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified.

 

https://blogs.manageengine.com/product-blog/eventloganalyzer/2012/06/20/object-access- auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html

Object Access Auditing Simplified ?Find the `Who, What, Where, When’ of File&; Folder Access

 

Most administrators face the challenge of knowing what actually happened to their files and folders ?who accessed them, deleted them, edited them, moved them, where the files and folders went, etc. Object access auditing can help administrators to meet this challenge head-on.

 

clip_image002

If you do not enable the above setting, you will have no record when a file or folder was accessed. Most administrators would like to know only the failure attempts when someone tries to access the file or folder but failed because of improper permission. But it is highly recommended to enable both – failure attempts and success attempts. The reason for enabling success attempts is that sometimes hackers can use administrator privilege and gain access to confidential files and folders.

 

Your enterprise will have crucial data stored in files and folders such as financial data, employee data, patient records, bank account data, etc. The next step is to go to such files and folders to enable auditing on them. Each file / folder’s auditing settings must be modified to include those users you wish to audit.

 

These are enabled in Properties->Security->Advanced->Auditing. If you want to audit all access events by everyone, add everyone group, and select Success>Full Control. (See Screen Shot Below)

 

Note:

Select the attributes based on your requirement. Delete and Modify attributes are most recommended.

Enabling all the attributes to users will flood the event viewer in few seconds, and consume more bandwidth. So judiciously select the attributes required for your auditing needs.

 

clip_image004

 

There are no objects configured to be audited by default. Once this auditing setting for an object is configured, log entries on access attempts (Successful and Failed) start getting recorded and you will be able to view the object access related events in the security log in Event Viewer. (See Screen Shot Below)

 

clip_image006

 

The events must be opened up individually to inspect their contents, which is a painful process and is totally impossible in an IT enterprise network.

 

 

QUESTION 134

A company network contains two workgroups named Workgroup1 and Workgroup2. Workgroup1 contains computers that run Windows 7. Workgroup2 contains computers that run Windows 8.1.

 

You run the Enable-PSRemoting Windows PowerShell cmdlet on the Workgroup2 computers.

 

You need to ensure that administrators can manage the Workgroup1 computers from the Workgroup2 computers by using Windows PowerShell Remoting.1

 

Which two actions should you perform? (Each correct answer presents part of the complete solution. Choose two.)

 

A.

Install Windows PowerShell 2.0 on the Workgroup1 computers.

B.

Run the winrmquickconfig command on the Workgroup2 computers.

C.

On the Workgroup1 computers, add the Workgroup2 computers to the trusted hosts in Windows Remote Management (WinRM).

D.

Run the winrrnquickconfig command on the Workgroup1 computers.

E.

On the Workgroup2 computers, add the Workgroup1 computers to the trusted hosts in

Windows Remote Management (WinRM).

 

Answer: CD

Explanation:

http://technet.microsoft.com/en-us/magazine/ff700227.aspx

Enable and Use Remote Commands in Windows PowerShell

 

The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows Remote Management (WinRM) service that implements WS- Management in Windows. Computers running Windows 7 and later include WinRM 2.0 or later. On computers running earlier versions of Windows, you need to install WinRM 2.0 or later as appropriate and if supported. Currently, remoting is supported on Windows Vista with Service Pack 1 or later, Windows 7, Windows Server 2008, and Windows Server 2008 Release 2.

 

In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:

winrm s winrm/config/client ‘@{TrustedHosts=”RemoteComputer”}’ Here, RemoteComputer should be the name of the remote computer, such as:

winrm s winrm/config/client ‘@{TrustedHosts=”CorpServer56″}’

 

When you are working with computers in workgroups or homegroups, you must either use HTTPS as the transport or add the remote machine to the TrustedHosts configuration settings. If you cannot connect to a remote host, verify that the service on the remote host is running and is accepting requests by running the following command on the remote host:

winrm quickconfig

This command analyzes and configures the WinRM service.

 

http://msdn.microsoft.com/en-us/library/aa384372%28v=vs.85%29.aspx

Installation and Configuration for Windows Remote Management

 

The winrm quickconfig command (or the abbreviated version winrm qc) performs the following operations:

Starts the WinRM service, and sets the service startup type to auto-start. Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address. Defines ICF exceptions for the WinRM service, and opens the ports for HTTP and HTTPS.

 

Note: The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.

 

Further Information:

http://technet.microsoft.com/en-us/library/hh849694.aspx Enable-PSRemoting

 

The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology. You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands. Because the configuration activates listeners, it is prudent to run it only where it is needed.

 

http://msdn.microsoft.com/en-us/library/ee309369%28v=vs.85%29.aspx What’s New in WinRM 2.0

 

WinRM 2.0 is included in Windows Server 2008 R2 and Windows 7.

 

http://msdn.microsoft.com/en-us/library/ff637750%28v=azure.10%29.aspx

Install Windows PowerShell 2.0

 

Windows PowerShell 2.0 needs to be installed on Windows Server 2008 and Windows Vista only. It is already installed on Windows Server 2008 R2 and Windows 7.

 

 

 

 

 

 

QUESTION 135  

A computer that runs Windows B has two hard disk drives. The user stores data files in specific storage locations outside of the standard libraries on both drives.

 

File search results are delayed.

 

You need to return relevant search results more quickly.

 

What should you do?

 

A.

Remove all directories from indexed locations.

B.

Add the specific storage locations to indexed locations.

C.

Allow indexing of file contents in non-indexed locations.

D.

Add encrypted files to the index.

 

Answer: B

 

 

QUESTION 136

DRAG DROP

A company has client computers that run Windows XP or Windows Vista.

 

The company plans to upgrade all client computers to Windows 8.1. You are planning a deployment strategy.

 

You need to identify the elements that will be retained after the upgrades.

 

Which elements will be retained? (To answer, drag the appropriate element or elements to the correct location or locations in the answer area. Elements may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

 

clip_image008

 

Answer:

clip_image010

 

 

QUESTION 137

DRAG DROP

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1. The company has three departments named Accounting, Human Resources (HR), and Marketing. User account objects are stored in their respective departmental AD security groups and have full access to shared folders for each department.

 

A new company policy requires that the following access rules are in place:

 

Users must have complete access only to their department’s shared folder.

Accounting department users must be able to change files in the HR folder.

HR department users must be able to change files in the Marketing folder.

Marketing department users must be able to change files in the Accounting folder.

 

You need to comply with the company policy.

 

Which permissions should you assign? (To answer, drag the appropriate security group or groups to the correct location or locations in the answer area. Security groups may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

 

clip_image012

 

Answer:

clip_image014

 

 

QUESTION 138

You administer Windows 8.1 Enterprise client computers in your company network.

 

You change settings on a reference computer by using the Windows Firewall with Advanced Security tool. You want to apply the same settings to other computers.

 

You need to save the Windows Firewall with Advanced Security configuration settings from the reference computer. You also need to be able to import the configuration settings into a Group Policy object later.

 

What should you do?

 

A.

Run the netshadvfirewall export c:settings.xrnl command.

B.

Run the netshadvfirewall export c:settings.txt command.

C.

Run the netshadvfirewall export c:settinqs.wfw command.

D.

Run the netsh firewall export c:settings.xml command.

 

Answer: C

Explanation:

* Netshadvfirewall is a command-line tool for Windows Firewall with Advanced Security that helps with the creation, administration, and monitoring of Windows Firewall and IPsec settings and provides an alternative to console-based management. T

* Export subcommand

Exports the Windows Firewall with Advanced Security configuration in the current store to a file. This file can be used with the import command to restore the Windows Firewall with Advanced Security service configuration to a store on the same or to a different computer.

 

Syntax

export [ Path ] FileName

 

Parameters

[ Path ] FileName

Required. Specifies, by name, the file where the Windows Firewall with Advanced Security configuration will be written. If the path, file name, or both contain spaces, quotation marks must be used. If you do not specify Path then the command places the file in your current folder. The recommended file name extension is .wfw.

 

Example

In the following example, the command exports the complete Windows Firewall with Advanced Security service configuration to the file C:tempwfas.wfw.

export c:tempwfas.wfw

 

Reference: Netsh Commands for Windows Firewall with Advanced Security

 

 

QUESTION 139

You administer Windows 8.1 Pro computers in your company network. A server named Server1 runs Windows Server 2012. Server1 allows incoming VPN and Remote Desktop connections.

 

A remote user requires access to files on Server1.

 

You need to prevent the user from downloading any files from Server1 to his local computer. Your solution must ensure that the user can read the files on Server1.

 

What should you do?

 

A.

Create a new VPN connection. Disable local drive mappings.

B.

Create a new Remote Desktop connection.

C.

Set the Local Computer policy to Disable drives redirection for Remote Desktop Services.

D.

Create a new Remote Desktop connection. Set the Local Computer policy to Disable clipboard redirection for Remote Desktop Services.

 

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/cc725887%28v=ws.10%29.aspx

Device and Resource Redirection

 

Policy settings in this node control access to devices and resources on a client computer in Terminal Services sessions.

 

Do not allow drive redirection

This policy setting allows you to specify whether to prevent the mapping of client drives in a Terminal Services session (drive redirection).

By default, Terminal Services maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or My Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, client drive redirection is not allowed in Terminal Services sessions.

If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Terminal Services Configuration tool.

 

 

QUESTION 140

A company has 10 client computers that run Windows 8.1.

 

An employee updates a device driver on her computer and then restarts the computer. Windows does not start successfully. You start the computer in Safe Mode.

 

You need to identify the most recently installed driver and gather the maximum amount of information about the driver installation.

 

What should you do?

 

A.

In Device Manager, run a scan for hardware changes.

B.

In the Event Viewer console, display the Hardware Events log.

C.

In the Programs and Features Control Panel item, display the installed updates.

D.

Display the contents of the Windowsinfsetupapi.dev.log file.

 

Answer: D

Explanation:

http://support.microsoft.com/kb/927521

Windows 7, Windows Server 2008 R2, and Windows Vista setup log file locations

 

C:WINDOWSINFsetupapi.dev.log

Contains information about Plug and Play devices and driver installation.

 

Free VCE & PDF File for Microsoft 70-687 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…