[Free] Get all latest Microsoft 70-685 Actual Tests Topic 12, Tailspin Toys

Ensurepass

Topic 12, Tailspin Toys

 

Scenario:

Background

You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and distributes children’s toys. The network environment includes a server infrastructure running on Windows Server 2003 Service Pack (SP) 2 and Windows Server 2008 R2, Active Directory with the forest and domain levels set at Windows Server 2003, and Active Directory Certificate Services (AD CS) running on Windows Server 2008 R2. The company has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA).

 

The company sites, network connectivity, and site technologies are shown in the following table:

 

clip_image002

 

The company’s domain controller layout and details are shown in the following table:

 

clip_image004

 

The company’s client computer configuration details are shown in the following table:

 

clip_image006

The company uses Microsoft SharePoint 2010 as the company intranet and as a document repository for company-related Microsoft Office documents. The URL for the intranet is intranet.tailspintoys.com. There is a Group Policy object (GPO) that applies to all client computers that allows employees who are connected to the corporate network to go to the intranet site without having to enter authentication information.

 

All users are using Microsoft Internet Explorer 8. All users have enabled the Internet Explorer SmartScreen Filter and the Internet Explorer phishing filter. All of the desktop support technicians are members of a security group named Desktop Admins. The Desktop Admins group is a member of the local Administrators group on all client computers. The desktop support technicians use the Microsoft Diagnostics and Recovery Toolset to perform various troubleshooting and repairs.

 

All Windows 7 client computers have a directory named tailspintoysscripts in the root of the operating system drive. The directory contains four unique .vbs files named scriptl.vbs, script2.vbs, script3.vbs, and script4.vbs.

 

Software Environment

An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that:

 

Ÿ   No .bat files are allowed to be run by users and rules are enforced

 

An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that:

 

Ÿ   No .bat files are allowed to be run by users and rules are enforced

 

Data Protection Environment

Some users at the Manufacturing site use EFS to encrypt data.

A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA).

The DRA certificate and private key are stored on a portable USB hard drive.

 

As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company’s existing security configurations related to network security and data security.

 

The management team has issued the following requirements:

 

New software requirements

All installation programs must be digitally signed.

Minimum permissions must be granted for installation of programs.

 

Internet Explorer requirements

Users must not be able to bypass certificate warnings.

Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT.

 

Data protection requirements

All portable storage devices must use a data encryption technology.

 

The solution must meet the following requirements:

 

Ÿ   Allow all users a minimum of read access to the encrypted data while working from their company client computers. Encrypt entire contents of portable storage devices. Minimize administrative overhead for users as files and folders are added to the portable storage devices.

Ÿ   Recovery information for client computer hard drives must be centrally stored and protected with data encryption.

 

 

QUESTION 1

Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin’s certificate is not available. You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them. What should you recommend that the users do?

 

A.      From the command line, run the cipher.exe /e command.

B.      From the command line, run the certutil.exe /backupKey command.

C.      Enroll for a secondary EFS certificate.

D.      Export their EFS certificates with private keys to an external location.

 

Correct Answer: D

 

 

QUESTION 2

You need to recommend a solution to back up BitLocker recovery information based on the company’s existing data protection requirements. The solution must include the backup destination and the solution prerequisites. What should you recommend? (Choose all that apply.)

 

A.      Upgrade all Windows XP client computers to Windows 7.

B.      Store the BitLocker recovery information in Active Directory.

C.      Create a GPO to enroll users for a Basic EFS certificate automatically.

D.      Raise the forest functional level to Windows Server 2008 R2.

E.       Store each user’s BitLocker recovery information on USB keychain drives.

F.       Import the BitLockerTPMSchemaExtension.ldf file to Active Directory.

 

Correct Answer: BF

 

 

QUESTION 3

A user at the Headquarters site is able to run .bat files on LAPTOP01. However, you notice that the AppLockdown GPO was successfully applied to the computer. You need to ensure that the user’s computer complies with the existing AppLockdown GPO settings. Which service should you start on LAPTOP01?

 

A.      Application Experience

B.      Application Identity

C.      Application Management

D.      Application Information

 

Correct Answer: B

 

 

QUESTION 4

When visiting certain websites, users receive a message in Internet Explorer. The message is shown in the exhibit.

 

clip_image008

 

You need to ensure that the Internet Explorer settings for all client computers follow company requirements. What should you modify in Group Policy?

 

A.      Enable the Internet ExplorerInternet Control PanelSecurity PageInternet ZoneTurn on Protected Mode setting.

B.      Disable the Internet ExplorerInternet Control PanelPrevent ignoring certificate errors setting.

C.      Enable the Internet ExplorerInternet Control PanelPrevent ignoring certificate errors setting.

D.      Disable the Windows ComponentsWindows Error ReportingDisable Windows Error Reporting setting.

E.       Enable the Windows ComponentsWindows Error ReportingDisable Windows Error Reporting setting.

F.       Enable the Internet ExplorerInternet Control PanelSecurity PageInternet ZoneDo not prompt for client certificate selection when no certificate or only one certificate setting.

 

Correct Answer: C

 

 

QUESTION 5

Existing Internet Explorer security settings and GPOs are applied throughout the company. However, users are visiting websites known by Internet Explorer to host malicious content. You need to ensure that users cannot visit those websites. Which setting in the GPO should you enable to achieve this goal?

 

A.      Turn off Managing SmartScreen Filter for Internet Explorer 8.

B.      Prevent Bypassing SmartScreen Filter Warnings.

C.      Turn on ActiveX Filtering.

D.      Prevent ignoring certificate errors.

E.       Turn off Managing Phishing filter.

 

Correct Answer: B

 

 

QUESTION 6

You need to identify which of the company’s client computers are candidates to use BitLocker on the operating system hard disk. Which client computers should you recommend? (Choose all that apply.)

 

A.      all client computers at the Sales site

B.      all client computers in the Headquarters site

C.      all client computers in the Manufacturing site

D.      all client computers that are not TCG compliant

 

Correct Answer: B

 

 

QUESTION 7

A new client computer was joined recently to the company domain. However, it does not have the latest Windows updates installed. You need to ensure that the client computer uses the company’s enterprise update distribution servers to install the latest Windows updates immediately. What should you do?

 

A.      Start the Windows Installer service.

B.      Run the wuauclt.exe /resetauthorization command.

C.      Run the wuauclt.exe /detectnow command.

D.      Run the net start Trustedlnstaller command.

 

Correct Answer: C

 

 

QUESTION 8

A personal laptop named LAPTOP02 is used as a client computer at the Headquarters site. LAPTOP02 runs the 64-bit version of Windows 7 Professional. You ascertain that the AppLockdown GPO was successfully applied to the computer. However, you notice that the user is still able to run .bat files. You need to ensure that the computer can comply with the existing AppLockdown GPO settings. What should you do?

 

A.      Perform a clean installation of the 64-bit version of Windows 7 Enterprise.

B.      Add LAPTOP02 to the security filtering on the AppLockdown GPO.

C.      Perform a clean installation of the 32-bit version of Windows 7 Professional.

D.      Run the gpupdate /force command.

 

Correct Answer: A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 9

DRAG DROP

A user lost his EFS private key and cannot access his encrypted folder. Based on the company’s current configuration, you need to ascertain how to recover the encrypted folder. Which two actions should you perform in sequence?

 

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

Select and Place:

clip_image010

 

Correct Answer:

clip_image012

 

Instant Access to Download Testing Software & PDF File for Microsoft 70-685 Real Exam

Instant Access to Try Microsoft 70-685 Free Demo