[Free] Get all latest Microsoft 70-680 Actual Tests 141-150

Ensurepass

QUESTION 141

You have a computer that runs windows 7. You have an application installation package named app1.msi. You need to perform a customized installation of app1.msi. What should you do?

 

A.

Create a transform file named app1.mst and then run Msiexec.exe /i app1.msi /t

app1.mst.

B.

Create a transform file named app1.mst and then run Msinfo.exe /I app1.msi /t.

C.

Create a transform file named app1.msp and then run Msiexec.exe /I app1.msi /app1.

D.

Create a transform file named app1.msp and then run Msinfo32.exe /I app1.mst /.

 

Correct Answer: A

Explanation:

Windows Installer Transform Files

A Windows Installer transform (.mst) file provides configuration settings for a customized installation. A transform file contains information about components, features, setup properties, and changes that you can use to customize your installation.

 

MsiexecProvides the means to install, modify, and perform operations on Windows Installer from the command line. To install or configure a product Syntax msiexec /i {package|ProductCode} /i: Installs or configures a product. /t : Applies transform to advertised package.NOT Msinfo32

Displays a comprehensive view of your hardware, system components, and software environment.

 

 

QUESTION 142

You have a computer that runs Windows 7. You need to provide standard users the ability to update the drivers for display adapters. What should you modify from the Local Group Policy?

 

A.

driver installation settings for the user

B.

device installation settings for the computer

C.

driver installation settings for the computer

D.

display settings for the user

 

Correct Answer: C

Explanation:

To Update the Drivers you need permissions to install drivers. Apply this to the computer for all local users, as opposed to only one user.

 

 

QUESTION 143

You have a computer that runs windows 7. You have a third-party application. You need to ensure that only a specific version of the application runs on the computer. You have the application vendor’s digital signature. What should you do?

 

A.

From Application Control Policies, configure a path rule.

B.

From Application Control Policies, configure a publisher rule.

C.

From Software Restriction policies, configure a path rule.

D.

From Software Restriction policies, configure a certificate rule.

 

Correct Answer: B

Explanation:

AppLocker Application Control Policies

AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. As you learned earlier in this chapter, hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer ConfigurationWindows Settings Security Settings Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO. AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies.

 

AppLocker Application Control Policies – Publisher Rules Publisher rules in AppLocker work on the basis of the code-signing certificate used by the file’s publisher. Unlike a Software Restriction Policy certificate rule, it is not necessary to obtain a certificate to use a publisher rule because the details of the digital signature are extracted from a reference application file. If a file has no digital signature, you cannot restrict or allow it using AppLocker publisher rules. Publisher rules allow you more flexibility than hash rules because you can specify not only a specific version of a file but also all future versions of that file. This means that you do not have to re-create publisher rules each time you apply a software update because the existing rule remains valid. You can also allow only a specific version of a file by setting the Exactly option.AppLocker Application Control Policies – Path RulesAppLocker path rules work in a similar way to Software Restriction Policy path rules. Path rules let you specify a folder, in which case the path rule applies to the entire contents of the folder, including subfolders, and the path to a specific file. The advantage of path rules is that they are easy to create. The disadvantage of path rules is that they are the least secure form of AppLocker rules. An attacker can subvert a path rule if they copy an executable file into a folder covered by a path rule or overwrite a file that is specified by a path rule. Path rules are only as effective as the file and folder permissions applied on the computer.

 

Software Restriction Policies

Software Restriction Policies is a technology available to clients running Windows 7 that is available in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. You manage Software Restriction Policies through Group Policy. You can find Software Restriction Policies in the Computer Configuration Windows SettingsSecurity SettingsSoftware Restriction Policies node of a group policy. When you use Software Restriction Policies, you use the Unrestricted setting to allow an application to execute and the Disallowed setting to block an application from executing. You can achieve many of the same application restriction objectives with Software Restriction Policies that you can with AppLocker policies. The advantage of Software Restriction Policies over AppLocker policies is that Software Restriction Policies can apply to computers running Windows XP and Windows Vista, as well as to computers running Windows 7 editions that do not support AppLocker. The disadvantage of Software Restriction Policies is that all rules must be created manually because there are no built-in wizards to simplify the process of rule creation.Software Restriction Policies – Path Rules Path rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: Program filesApplicationApp.exe to Unrestricted and one that sets the folder C:Program filesApplication to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:Program filesApplication*.exe. Wildcard rules are less specific than rules that use a file’s full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:AppsFilesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed. Software Restriction Policies – Certificate Rules Certificate rules use a code- signed software publisher’s certificate to identify applications signed by that publisher. Certificate rules allow multiple applications to be the target of a single rule that is as secure as a hash rule. It is not necessary to modify a certificate rule in the event that a software update is released by the vendor because the updated application will still be signed using the vendor’s signing certificate. To configure a certificate rule, you need to obtain a certificate from the vendor. Certificate rules impose a performance burden on computers on which they are applied because the certificate’s validity must be checked before the application can execute. Another disadvantage of certificate rules is that they apply to all applications from a vendor. If you want to allow only 1 application from a vendor to execute but the vendor has 20 applications available, you are better off using a different type of Software Restriction Policy because otherwise users can execute any of those other 20 applications.

 

 

QUESTION 144

A user reports that he is unable to start his computer. He provides the following information:

 

clip_image002The boot partition is encrypted by using BitLocker Drive Encryption (BitLocker).

clip_image002[1]The user cannot locate his BitLocker recovery key.

 

You need to start Windows 7 on the computer. The solution must use the minimum amount of administrative effort.

 

What should you do?

 

A.

From the BIOS, disable the Trusted Platform Module (TPM).

B.

Start the computer from the Windows 7 installation media and select Repair your computer.

C.

Start the computer from the Windows 7 installation media, press SHIFT+F10, and then run CHKDSK.

D.

Start the computer from the Windows 7 installation media and select Install now.

 

Correct Answer: D

Explanation:

No recovery key = no recovery. Time to install.

Any other option defeats the whole point of encrypting it. Encrypted volumes are locked when the encryption key is not available. When the operating system volume is locked, you can boot only to recovery mode. In recovery mode, you can enter the BitLocker password or you can attach the USB device that has the recovery key stored and restart the computer. Once you enter the recovery password or key, you can boot your computer normally.

 

The following events trigger recovery mode:

 

* The boot environment changes. This could include one of the boot files being modified.

* TPM is disabled or cleared.

* An attempt is made to boot without the TPM, PIN, or USB key being provided.

* You attach a BitLocker-encrypted operating system volume to another computer.

 

 

QUESTION 145

You have a computer that runs windows 7 professional. A removable drive is attached to the computer. You need to protect data on the removable drive by using Bitlocker To Go. What should you do first?

 

A.

Upgrade the computer to Windows 7 Enterprise.

B.

Install all Windows Updates for Windows 7 Professional.

C.

Issue a digital certificate for the Encryption File System (EFS).

D.

Select the Encrypt contents to secure data checkbox from the properties on the removable drive.

 

Correct Answer: A

Explanation:

Windows 7 ProfessionalWindows 7 Professional is available from retailers and on new computers installed by manufacturers. It supports all the features available in Windows Home Premium, but you can join computers with this operating system installed to a domain. It supports EFS and Remote Desktop Host but does not support enterprise features such as AppLocker, DirectAccess, BitLocker, and BranchCache.Windows 7 Enterprise and Ultimate EditionsThe Windows 7 Enterprise and Ultimate editions are identical except for the fact that Windows 7 Enterprise is available only to Microsoft’s volume licensing customers, and Windows 7 Ultimate is available from retailers and on new computers installed by manufacturers. The Enterprise and Ultimate editions support all the features available in other Windows 7 editions but also support all the enterprise features such as EFS, Remote Desktop Host, AppLocker, DirectAccess, BitLocker, BranchCache, and Boot from VHD.

 

 

QUESTION 146

You have 20 client computers. The computers run Windows XP. The computers are joined to a domain. You plan to perform installation of Windows 7 on the computers. You need to transfer all users’ documents and settings. You must exclude music and video files. You need to use the minimum amount of administration effort. What should you do first?

 

A.

Create a config.xml file. Configure a logon script for windows XP computers to launch Windows 7 installations.

B.

Modify the migapp.xml file. Configure a logon script for the Windows XP computer to launch Windows 7 installation.

C.

Modify the miguser.xml file. Configure a logon script for the Windows XP computer to launch Windows 7 installation.

D.

Modify the migdocs.xml file. Configure a logon script for the Windows XP computer to launch Windows 7 installation.

 

Correct Answer: D

 

 

QUESTION 147

You have a computer that runs windows 7. The computer has corporate intranet web site.

 

Your Windows Internet Explorer as shown in the exhibit.

 

clip_image003

 

You need to ensure that you can access web pages on both Internet and Intranet.

 

What should you do?

 

A.

From the tools menu, click Work Offline.

B.

From the Safety menu, click InPrivate Blocking.

C.

From the Safety menu, click Inprivate Browsing.

D.

From the Security tab, add the intranet web site to the Trusted sites zone.

 

Correct Answer: A

Explanation:

Working Offline is activated

On Internet Explorer’s File menu is a “Work Offline” item that toggles Internet Explorer between online and offline modes of operation. (The question originally stated the Tools menu, maybe in a different version of IE this is the case, but for me and in the TechNet documentation it was under Files, so I’m choosing to believe Tools was a mistake and it should be Files, this has been amended in the question).

InPrivate is turned on (does not prevent browsing the internet)InPrivate Browsing helps prevent Internet Explorer from storing data about your browsing session. This includes cookies, temporary Internet files, history, and other data. Toolbars and extensions are disabled by default.

 

 

QUESTION 148

You attach a mobile device that runs Windows Mobile Professional 6.1 to a computer. You encounter that windows is unable to install the necessary device drivers for the mobile device.

You need to ensure that you can synchronize file to the mobile device. What should you do?

 

A.

From Windows Mobility Center, click Sync settings.

B.

From Sync Center, click set up new sync partnerships.

C.

From Device Manager, click scan for hardware changes.

D.

From Devices and Printers, right-click the device and click troubleshoot.

 

Correct Answer: D

Explanation:

You cannot sync without the drivers installed. It says unable to install, assuming that it could find the device if it was able to reach attempting to install point. Therefore Troubleshoot.

 

 

QUESTION 149

Your network consists of an Active Directory domain and 100 computers that run Windows 7.

The domain contains a logon script named logon.cmd. You plan to deploy a new application named app1.msi by using the logon script. App1.msi is stored in \server1share1. You need to modify the logon script to deploy the application. What should you include in the logon script?

 

A.

Sbdinst.exe -u \server1share1app1.msi -q

B.

Msinfo32.exe \server1share1app1.msi

C.

Pkgmgr.exe /ip /m:\server1share1app1.msi

D.

Msiexec.exe /i \server1share1app1.msi /quiet

 

Correct Answer: D

Explanation:

Msiexec

Provides the means to install, modify, and perform operations on Windows Installer from the command line.

 

To install or configure a product Syntax

msiexec /i {package|ProductCode}

/i : Installs or configures a product.

 

NOT Msinfo32

Displays a comprehensive view of your hardware, system components, and software environment.

 

 

QUESTION 150

You have a virtual hard disk (VHD) file. You need to view the files in the VHD. The solution must prevent users that log on to What should you do?

 

A.

From Disk Management, Attach VHD as read only.

B.

From Disk Management, Convert the VHD to GPT disk.

C.

From Windows Explorer, modify the permissions of the VHD file.

D.

From Windows Explorer, modify the read-only attribute of the VHD file.

 

Correct Answer: C

 

Instant Access to Download Testing Software & PDF File for Microsoft 70-680 Real Exam

Instant Access to Try Microsoft 70-680 Free Demo