Download New Updated (Spring 2015) Microsoft 70-687 Actual Tests 51-60

Ensurepass

 

 

 

QUESTION 51

DRAG DROP

A client laptop runs Windows 7 Professional and a custom application. The custom application is compatible with Windows 8.1.

You plan to migrate user settings and data from the client laptop to a new tablet PC that runs Windows 8.1 Pro. You install the User State Migration Toolkit (USMT) on a USB flash drive.

 

You need to ensure that the custom application settings are applied to the tablet PC after the migration is complete.

 

Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

 

clip_image002

 

Answer:

clip_image004

 

 

QUESTION 52

An organization has client computers that run Windows 7. You upgrade the client computers to Windows 8.1 without migrating the local user profiles. You install the Windows Assessment and Deployment Kit (ADK) in the environment.

 

You need to migrate the user profiles from the Windows 7 installation to the Windows 8.1 installation.

What should you do first on each client computer?

 

A.

Run the scanstate command.

B.

Run Windows Easy Transfer and select the user profile to migrate

C.

Run the Ioadstate command.

D.

Copy the Default Profile to a folder on drive C.

E.

Run the ImaqeX command.

 

Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/hh825093.aspx

The ScanState command is used with the User State Migration Tool (USMT) 5.0 to scan the source computer, collect the files and settings, and create a store.

 

 

QUESTION 53

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.

 

A local printer is shared from a client computer. The client computer user is a member of the Sales AD security group.

 

You need to ensure that members of the Sales security group can modify the order of documents in the print queue, but not delete the printer share.

 

Which permission should you grant to the Sales group?

 

A.

Manage queue

B.

Manage this printer

C.

Print

D.

Manage spooler

E.

Manage documents

 

Answer: E

Explanation:

http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx

Group types

 

There are two types of groups in Active Directory: distribution groups and security groups. You can use distribution groups to create e-mail distribution lists and security groups to assign permissions to shared resources.

 

Security groups

Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:

Assign user rights to security groups in Active Directory Assign permissions to security groups on resources

 

http://my.safaribooksonline.com/book/operating-systems/9780133118025/sharing- printers/ch21lev2sec24

Setting Printer Permissions

 

If you have a workgroup network and have disabled Password Protected Sharing, or if you have set up a homegroup, you don’t need to worry about setting permissions for printers:

anyone can use your shared printer. If you’re on a domain network or have chosen to use detailed user-level permissions on your workgroup network, you can control access to your shared printers with security attributes that can be assigned to users or groups, as shown in Figure 21.9 and described next:

 

clip_image006

 

clip_image007

 

The Security tab lets you assign printer-management permissions for users, groups, and the creator of each print job.

 

 

 

 

 

 

QUESTION 54

DRAG DROP

A desktop computer runs Windows 8.1. The computer is joined to an Active Directory Domain Services (AD DS) domain named contoso.com.

 

You have two domain user accounts:

 

A primary account named User1 that does not have domain administrative privileges.

An account named Admin1 that has administrative privileges in the domain.

 

You are currently logged in as User1. You need to run an application named appl.exe.

 

You have the following requirements:

 

Start the application by using your administrative credentials.

Ensure that the user environment is fully available to the application.

 

You need to complete the command to meet the requirements.

 

Which command segments should you use to complete the command? (To answer, drag the appropriate command segments to the correct locations in the answer area. Command segments may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

 

clip_image008

 

Answer:

clip_image009

 

 

QUESTION 55

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.

 

A notification appears when domain users change Windows settings and when applications try to make changes to client computers.

 

You need to ensure that a notification appears only when an application tries to make changes to the computer.

 

What should you do?

 

A.

Configure the Notification Area Icons settings on the client computers.

B.

Create a Group Policy object (GPO) that enables the Admin Approval Mode for the built- in Administrator account policy.

C.

Configure the User Account Control (UAC) settings on the client computers.

D.

Create a Group Policy object (GPO) that disables the Run all administrators in Admin Approval Mode policy.

 

Answer: C

Explanation:

http://www.thewindowsclub.com/change-user-account-settings-windows-8

Change User Account Control settings in Windows 8

 

The User Account Control basically notifies you before changes are made to your PC – not all changes, but only those which require Administrator level permissions. These changes could have been initiated by the user, by the operation system, by a genuine software – or even malware! Every time such an administrator level change is initiated, Windows UAC will prompt the user for approval or denial. If the user approves the change, the change is made; in not, no changes are made to the system.

 

clip_image010

 

Settings:

Always notify me

Notify me only when apps try to make changes to my computer (default) Notify me only when apps try to make changes to my computer (don’t dim my desktop) Never notify me

 

 

QUESTION 56

Your computer runs Windows 8.1 and is connected to an Active Directory Domain Services (AD DS) domain.

 

You create a folder and share the folder with everyone in your organization.

 

You need to modify the NTFS permissions of the folder to meet the following criteria:

 

Users from the Marketing security group must be able to open files, but not modify them.

Users from the Supervisors security group must be able to create, modify, and delete files.

Users from both groups must not be able to delete the folder.

 

Which permissions should you set?

 

A.

Assign the Marketing group the Read permission. Assign the Supervisors group the Read and Write permissions and the Delete Subfolders and Files special permission.

B.

Assign the Marketing group the Read and Write permissions. Assign the Supervisors group the Full Control permission.

C.

Assign the Marketing group the Read and Write permissions. Assign the Supervisors group the Modify permission and the Delete Subfolders and Files special permission.

D.

Assign the Marketing group the Read permission. Assign the Supervisors group the Read and Write permissions and the Delete special permission.

 

Answer: A

Explanation:

http://technet.microsoft.com/en-us/library/bb727008.aspx

File and Folder Permissions

 

On NTFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.

 

File and Folder Permissions:

 

clip_image012

 

Special Permissions for Files:

 

clip_image013

 

Special Permissions for Folders:

 

clip_image015

 

 

QUESTION 57

You deploy several tablet PCs that run Windows 8.1.

 

You need to minimize power usage when the user presses the sleep button.

 

What should you do?

 

A.

In Power Options, configure the sleep button setting to Hibernate.

B.

Disable the C-State control in the computer’s BIOS.

C.

Configure the active power plan to set the system cooling policy to passive.

D.

In Power Options, configure the sleep button setting to Sleep.

 

Answer: A

Explanation:

http://www.howtogeek.com/102897/whats-the-difference-between-sleep-and-hibernate-in-windows/

If you’re using a laptop computer, the best option is most likely Hibernate, because it saves the most power compared to Sleep and Hybrid Sleep.

http://windows.microsoft.com/en-us/windows7/sleep-and-hibernation-frequently-asked-questions

Sleep and hibernation: frequently asked questions

 

What’s the difference between sleep, hibernate, and hybrid sleep?

 

Sleep is a power-saving state that allows a computer to quickly resume full-power operation (typically within several seconds) when you want to start working again. Putting your computer into the sleep state is like pausing a DVD player — the computer immediately stops what it’s doing and is ready to start again when you want to resume working.

 

Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power, hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation uses the least amount of power. On a laptop, use hibernation when you know that you won’t use your laptop for an extended period and won’t have an opportunity to charge the battery during that time.

 

Hybrid sleep is designed primarily for desktop computers. Hybrid sleep is a combination of sleep and hibernate — it puts any open documents and programs in memory and on your hard disk, and then puts your computer into a low-power state so that you can quickly resume your work. That way, if a power failure occurs, Windows can restore your work from your hard disk. When hybrid sleep is turned on, putting your computer into sleep automatically puts your computer into hybrid sleep. Hybrid sleep is typically turned on by default on desktop computers.

 

Further information:

http://www.hardwaresecrets.com/article/611

 

Everything You Need to Know About the CPU C-States Power Saving Modes

 

In order to save energy when the CPU is idle, the CPU can be commanded to enter a low- power mode. Each CPU has several power modes and they are collectively called “C- states” or “C-modes”.

 

 

QUESTION 58

A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.

 

You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored in the registry.

 

What should you do?

 

A.

Enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 for the Configure TPM validation profile for native UEFI firmware configuration policy setting.

B.

Create a Group Policy object (GPO) that disables the Configure the level of TPM owner authorization information available to operating system policy setting.

C.

Create a Group Policy object (GPO) that sets the Configure the level of TPM owner authorization information available to operating system policy setting to None.

D.

Create a Group Policy object (GPO) that enables the Turn on TPM Local Encryption policy setting.

 

Answer: C

Explanation:

http://technet.microsoft.com/en-us/library/jj679889.aspx#BKMK_tpmgp_oauthos

Configure the level of TPM owner authorization information available to the operating system

 

This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM- based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.

 

There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of Full, Delegate, or None. Full – This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM- based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.

Delegated – This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM- based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value–for example, backing up the value in Active Directory Domain Services (AD DS).

None – This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.

 

Further Information:

http://technet.microsoft.com/en-us/library/cc770660.aspx

Active Directory Domain Services (AD DS) can be used to store Trusted Platform Module (TPM) recovery information.

There is only one TPM owner password per computer; therefore, the hash of the TPM owner password is stored as an attribute of the computer object in AD DS. The attribute has the common name (CN) of ms-TPM-OwnerInformation.

 

http://www.group-policy.com/ref/policy/2859/Configure_TPM_platform_validation_profile Configure TPM platform validation profile

 

This policy setting allows you to configure how the computer’s Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

 

If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.

 

If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23, The default platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11). The descriptions of PCR settings for computers that use an Extensible Firmware Interface (EFI) are different than the PCR settings described for computers that use a standard BIOS. The BitLocker Drive Encryption Deployment Guide on Microsoft TechNet contains a complete list of PCR settings for both EFI and standard BIOS.

 

Warning: Changing from the default platform validation profile affects the security and manageability of your computer. BitLocker’s sensitivity to platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.

 

 

 

 

QUESTION 59

A company has an Active Directory Domain Services (AD DS) domain. All client computers run

 

Windows 8.1 and are joined to the domain.

 

You have the following requirements:

 

Ensure that files in shared network folders are available offline.

Minimize all data access times.

Reduce network bandwidth usage.

 

You need to configure Group Policy settings to meet the requirements.

 

What should you do first?

 

A.

Enable the Enable file synchronization on costed networks policy setting.

B.

Enable and configure the Configure slow-link mode policy setting.

C.

Enable and configure the specify administratively assigned Offline Files policy setting.

D.

Enable the Synchronize all offline files when logging on policy setting.

 

Answer: B

Explanation:

To enable the Always Offline mode, use Group Policy to enable the Configure slow-link mode policy setting and set the latency to 1 (millisecond). Doing so causes client computers running Windows 8.1 or Windows Server 2012 to automatically use the Always Offline mode.

Computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008 mightcontinue to transition to the Online mode if the latency of the network connection drops below one millisecond.

Specify administratively assigned Offline Files – This will not minimize data access times, nor reduce network bandwidth usage.

 

clip_image017

QUESTION 60

A company has client computers that run Windows 8.1. The company uses Windows BitLocker Drive Encryption with the data-only option o all client computers.

 

You need to remove data fragments that exist in the free space on the local computer disk drives, without affecting current user data.

 

Which command should you run on the computers?

 

A.

BdeHdCfg

B.

diskpart

C.

chkdsk

D.

manage-bde

 

Answer: D

Explanation:

http://technet.microsoft.com/en-us/library/jj647761.aspx

 

Manage-bde -WipeFreeSpace|-w [<Drive>] [-Cancel] [-computername<Name>] [{-?|/?}] [{- help|-h}]

 

Wipes the free space on the volume removing any data fragments that may have existed in the space. Running this command on a volume that was encrypted using the “Used Space Only” encryption method provides the same level of protection as the “Full Volume Encryption” encryption method.

http://technet.microsoft.com/en-us/library/ff829850.aspx

Bdehdcfg

 

Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption

 

Free VCE & PDF File for Microsoft 70-687 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…