[Free] Download New Updated (December) Microsoft 70-688 Exam Questions 21-30

Ensurepass

QUESTION 21

You have a computer that runs Windows 8.

 

The computer has a shared folder named C:Marketing. The shared folder is on an NTFS volume.

 

The current NTFS and share permissions are configured as follows:

 

clip_image002

 

UserA is a member of both the Everyone group and the Marketing group. UserA must access C:Marketing from across the network.

 

You need to identify the effective permissions of UserA to the C:Marketing folder.

 

What permission should you identify?

 

A.

Read

B.

Full Control

C.

Modify

D.

Read and Execute

 

Correct Answer: C

Explanation:

Reference:

http://www.serverwatch.com/tutorials/article.php/2107311/Getting-Results-Part-2-Determining-Effective-NTFS-Permissions-in-Windows-Server-2003.htm

http://technet.microsoft.com/en-us/library/cc754178.aspx

 

For example, a user named Dan is directly granted the Allow Read and Execute permission for a folder called Marketing. However, the Dan user account is a member of the group Marketing Users, which is granted the Allow Full Control permission, and the group Everyone, which granted the Allow Read permission.

 

Based on the cumulative nature of NTFS permissions, the user Dan would be granted the effective permission Allow Full Control. This example is fairly basic, and production environments typically involve a much greater number of groups, with both allowed and denied permissions. In these cases, the Effective Permissions tab can greatly ease the burden of attempting to determine which permissions will or will not apply for a particular user.

 

 

QUESTION 22

DRAG DROP

You support a desktop computer that runs Windows 8 Pro. The computer is joined to an Active Directory domain.

 

The computer has a folder named C:Reports. The folder NTFS permissions are shown in Exhibit 1. (Click the Exhibit button.)

 

clip_image004

 

The folder is shared over the network with Read permission for a domain user account named User1 as shown in Exhibit 2. (Click the Exhibit button.)

 

clip_image006

 

Members of the domain security group named Accountants must have access to the shared folder.

 

You need to assign the required permissions.

 

Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

 

clip_image008

 

Correct Answer:

clip_image010

 

 

QUESTION 23

You administer laptops that run Windows 8 Enterprise. The laptops are members of an Active Directory domain and are configured with IPv6 disabled. Some users require access to the internal company database servers while traveling. You need to configure the requested network connection to the database servers. What should you configure on the laptops?

 

A.

A DirectAccess connection to the company network

B.

A virtual private network (VPN) connection to the company network

C.

A metered network connection

D.

Out of band management

 

Correct Answer: B

Explanation:

DirectAccess cannot be used in this case as IPv6 is disabled and DirectAccess requires IPv6 and IPsec.

 

IPv6 is the cornerstone of DirectAccess communications

 

The DirectAccess client always uses IPv6 to communicate with the DirectAccess server. The DirectAccess server will then forward these connections to IPv6-enabled hosts on the corpnet. The corpnet can use native IPv6 infrastructure (where the routers, switches, operating systems, and applications are all IPv6 capable) or it can use IPv6 transition technologies to connect to IPv6 resources on the corpnet.

 

Reference:

http://www.techrepublic.com/blog/10things/10-things-you-should-know-about- directaccess/1371

 

 

QUESTION 24

You have a desktop computer that runs Windows 8 Enterprise. You add three new 3-terabyte disks. You need to create a new 9-terabyte volume. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

From Disk Management, create a new spanned volume.

B.

From Disk Management, convert all of the 3-terabyte disks to GPT.

C.

From PowerShell, run the New-VirtualDisk cmdlet.

D.

From Disk Management, bring all disks offline.

E.

From Diskpart, run the Convert MBR command.

F.

From PowerShell, run the Add-PhysicalDisk cmdlet.

 

Correct Answer: AB

Explanation:

Create a Spanned VolumeA spanned volume is a dynamic volume consisting of disk space on more than one physical disk. If a simple volume is not a system volume or boot volume, you can extend it across additional disks to create a spanned volume, or you can create a spanned volume in unallocated space on a dynamic disk.

 

Reference:

http://technet.microsoft.com/en-us/library/cc772180.aspx

 

To create a spanned volume using the Windows interface1. In Disk Management, right- click the unallocated space on one of the dynamic disks where you want to create the spanned volume.2. Click New Spanned Volume.3.
Follow the instructions on your screen.Using GPT Drives

 

Reference 2:

http://msdn.microsoft.com/en-us/library/windows/hardware/gg463524.aspx

 

A GPT disk uses the GUID partition table (GPT) disk partitioning system. A GPT disk offers these benefits:Allows up to 128 primary partitions. Master Boot Record (MBR) disks can support up to four primary partitions and an additional 124 partitions inside extended partitions.Allows a much larger partition size-greater than 2terabytes (TB), which is the limit for MBR disks.Provides greater reliability because of replication and cyclical redundancy check (CRC) protection of the partition table.Can be used as a storage volume on all x64-based platforms, including platforms running Windows XP Professional x64 Edition. Starting with Windows Server 2003 SP1, GPT disks can also be used as a storage volume on x86-based Windows platforms.Can be used as a boot volume on x64-based editions of Windows 7, Windows Vista, and Windows Server 2008. Starting with Windows Server 2003 SP1, GPT disks can also be used as a boot volume on Itanium-based systems.Note: Windows only supports booting from a GPT disk on systems that contain Unified Extensible Firmware Interface (UEFI) boot firmware.

 

 

QUESTION 25

You administer laptop and desktop computers that run Windows 8 Pro. Your company uses Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS). Your company decides that access to the company network for all users must be controlled by two-factor authentication. You need to configure the computers to meet this requirement. What should you do?

 

A.

Install smart card readers on all computers. Issue smart cards to all users.

B.

Enable the Password must meet complexity requirements policy setting. Instruct users to log on by using the domain username format for their username and their strong password.

C.

Create an Internet Protocol security (IPsec) policy that requires the use of Kerberos to authenticate all traffic. Apply the IPsec policy to the domain.

D.

Issue photo identification to all users. Instruct all users to set up and use PIN Logon.

 

Correct Answer: A

Explanation:

Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates. A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources. Registry certificates cannot be used for two factor authentication. Although certificates are ideal candidates for two-factor authentication, registry certificates – which are protected by a strong private key and are the most appropriate certificates for two-factor authentication – cannot be used. The reason for this is that Windows does not support registry certificates and completely ignores them. As a result, organizations must deploy and manage complex and expensive smart card solutions rather than using registry based certificates. http://technet.microsoft.com/en-us/library/cc770519.aspx] http://technet.microsoft.com/en-us/library/jj200227.aspx

 

 

QUESTION 26

You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain. Some volumes on the computers are encrypted with BitLocker. The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker password to local drive E: and is unable to access the protected volume. You need to provide a BitLocker recovery key to unlock the protected volume. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

 

A.

Ask the user to run the manage-bde -protectors -disable e: command.

B.

Ask the user for a recovery key ID for the protected drive.

C.

Ask the user for his or her logon name.

D.

Ask the user for his or her computer name.

 

Correct Answer: BD

Explanation:

BitLocker Drive Encryption Operations Guide: Recovering Encrypted Volumes with AD DS

 

Record the name of the user’s computer

 

You can use the name of the user’s computer to locate the recovery password in AD DS. If the user does not know the name of the computer, ask the user to read the first word of the Drive Label in the BitLocker Drive Encryption Password Entry user interface. This is the computer name when BitLocker was enabled and is probably the current name of the computer.

 

Verify the user’s identity

 

You should verify that the person that is asking for the recovery password is truly the authorized user of that computer. Another option is to verify that the computer with the name the user provided belongs to the user.

 

Reference:

http://technet.microsoft.com/en-us/library/cc771778(v=ws.10).aspx

http://support.microsoft.com/kb/2855131

 

 

QUESTION 27

DRAG DROP

You support desktop computers for a company named Fabrikam, Inc. The computers are members of the Active Directory domain named fabrikam.com. Fabrikam works with a supplier named Contoso, Ltd. Each company has a public key infrastructure (PKI), and no public certificate authorities (CAs) are used. Fabrikam employees regularly use a Contoso website that is hosted on a server in the contoso.com domain. The website requires SSL and mutual authentication. You need to configure the computers to allow Fabrikam users to access the Contoso website without any warning prompts. You also need to use the fewest certificates possible. Which certificate or certificates should you use? (To answer, drag the appropriate certificate to the correct certificate store. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

 

clip_image012

 

Correct Answer:

clip_image014

 

 

QUESTION 28

You administer computers that run Windows 8 Enterprise. The computers are members of an Active Directory domain. You have a tablet that runs Windows 8 Enterprise. You configure the tablet to access your company network by using a virtual private network (VPN) connection. You need to manage Active Directory from the tablet by using a VPN connection. What should you do?

 

A.

Run the winrm.exe qc command.

B.

Install the System Center Configuration Manager (SCCM) 2012 client.

C.

Install the Remote Server Administration Tools (RSAT).

D.

Install the Windows Intune client.

 

Correct Answer: C

Explanation:

Remote Server Administration Tools for Windows 8 includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell cmdlets and providers, and command-line tools for managing roles and features that run on Windows Server 2012. In limited cases, the tools can be used to manage roles and features that are running on Windows Server 2008 R2 or Windows Server 2008. Some of the tools work for managing roles and features on Windows Server 2003.

 

Reference:

http://blogs.technet.com/b/keithcombs/archive/2012/09/13/remote-server-administration-tools-rsat-for-windows-8-now-available-for-download.as
px

QUESTION 29

You support tablets that run Windows 8 Pro. You are designing a remote access server (RAS) that will be placed behind a firewall. The firewall will accept incoming TCP connections to ports 80 and 443 only. You want to connect to the RAS server from a tablet. You need to create a virtual private network (VPN) connection to the RAS server. Which VPN tunneling protocol should you use?

 

A.

IPSec/L2TP

B.

SSTP

C.

PPTP

D.

IPSec/IKEv2

 

Correct Answer: B

Explanation:

Was a bit difficult to find information on Technet regarding SSTP but, the below explains it well and why it would be used here.

 

Secure Socket Tunneling Protocol

 

Reference:

http://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol

http://technet.microsoft.com/en-us/library/cc783910%28v=WS.10%29.aspx

 

Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers.

 

 

QUESTION 30

You are a systems administrator of a small branch office. Computers in the office are joined to a Windows 8 HomeGroup. The HomeGroup includes one shared printer and several shared folders. You join a new computer to the HomeGroup and try to access the HomeGroup shared folders. You discover that the shared folders are unavailable, and you receive an error message that indicates the password is incorrect. You need to reconfigure the new computer in order to access the HomeGroup resources. What should you do?

 

A.

Adjust the time settings on the new computer to match the time settings of the HomeGroup computers.

B.

Change the HomeGroup password and re-enter it on the computers of all members of the HomeGroup.

C.

Change the default sharing configuration for the shared folders on the HomeGroup computers.

D.

Reset your account password to match the HomeGroup password.

 

Correct Answer: A

Explanation:

You may receive a misleading error message when trying to join a Windows 7 Homegroup, when the computer’s date and time does not match the date/time of system that owns the homegroup

 

Symptoms

When joining a system to a homegroup, you may receive the following error message “The password is incorrect”, even though you have typed the password correctly.

 

Cause

This can be caused by a difference in the Date and Time settings on the computer trying to join the homegroup, and not an invalid password. If the date/time of the computer joining a homegroup is greater than 24 hours apart from the date/time of the system that owns the homegroup, this will cause the error.

 

Resolution

Adjust the date/time settings on the system joining the homegroup, to match the system that owns the homegroup, and then try to join again.

 

Reference:

http://support.microsoft.com/kb/2002121

 

Free VCE & PDF File for Microsoft 70-688 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…