Download New Updated (Spring 2015) Microsoft 70-687 Actual Tests 81-90




A company has 10 client computers that run Windows 8.1. Employees log on to resources by using multiple accounts.


You need to back up the user name and password for each logon account.


What should you do on each client computer?



Back up each user’s Personal Information Exchange PKCS #12 (.pfx) certificate.


Use Credential Manager to save the information to a USB flash drive.


Use File History to back up the ntuser.dat file.


Run the Export-Certificate Windows PowerShell cmdlet.


Answer: B


Credential Manager – Where Windows Stores Passwords & Login Details


What is the Credential Manager?

Credential Manager is the “digital locker” where Windows stores log-in credentials (username, password, etc.) for other computers on your network, servers or Internet locations such as websites.


Windows 8 adds one more type of credentials called Web Credentials. As the name implies, such credentials are used by Internet Explorer to automatically log you into certain websites.



How to Backup and Restore Windows Vault Passwords


One way to use the Credential Manager is to export your Windows credentials to another Windows computer, or to back them up and import them after you reinstall Windows, so that you don’t have to manually type them again.


Backup Your Windows User Names and Passwords

Open the Credential Manager. Under the Windows Vault look for the “Back up vault” link and click on it.

This starts the Stored User Names and Passwords wizard.



You are asked to select where you want to backup the Windows credentials stored on your computer. Click on Browse, select the folder and type the name of the file where the data will be stored. Then, click Next.


This procedure has been tested both on Windows 7 and Windows 8. In Windows 8, there are some minor differences but it all works the same.




A company has client computers that run Windows 8.1. You implement an AppLocker file hash rule that allows an application to run. You then apply a service pack to the application.


When users attempt to run the application, the application is blocked by Group Policy.


You need to ensure that the application runs.


What should you do?



Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.


Set the wired network connection to non-metered.


Set the wired network connection to metered.


Configure the Automatic Maintenance setting.


Answer: B


A company has an Active Directory Domain Services (AD DS) domain. The corporate environment includes a Windows Software Update Services (WSUS) server. All client computers run Windows 8.1 and a custom web application. The company has a Microsoft Software Assurance for Volume Licensing agreement.


After deploying Windows Updates to the computers, the web application stops responding. You establish that a specific optional update installed by Windows Update is causing the problem. In the Windows Update Control Panel item, the option to remove the update is unavailable.


You need to remove the optional update from one client computer.


What should you do?



Install and run the Debugging tools for Windows.


Clear the SusClientID registry value on the client computer.


Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Crash Analyzer tool.


Run the wuauclt /resetauthorization command on the client computer.


Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Hotfix Uninstaller tool.


Answer: E


Getting Started with DaRT 8.0


How to Get DaRT 8.0

DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance.

Overview of the Tools in DaRT 8.0


From the Diagnostics and Recovery Toolset window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you include when you create the DaRT 8.0 recovery image.


Exploring the DaRT tools


Hotfix Uninstall

The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting.


Further Information:


Crash Analyzer

Use the Crash Analyzer Wizard to quickly determine the cause of a computer failure by analyzing the memory dump file on the Windows operating system that you are repairing. Crash Analyzer examines the memory dump file for the driver that caused a computer to fail. You can then disable the problem device driver by using the Services and Drivers node in the Computer Management tool.




A client computer that runs Windows 8.1 has two hard disk drives: a system drive and a data drive.

You are preparing to back up the computer prior to installing a developing software product.


You have the following requirements:


The system disk that is part of the backup must be mountable from within Windows.

The system disk that is part of the backup must be bootable.

The backup must be viable to restore in the event of a hard disk failure.

The backup must contain data from both hard disk drives.


You need to select a backup method.


Which method should you use?



System repair disk


Storage pool


System image


File History


Answer: C


DISM Image Management Command-Line Options


Deployment Image Servicing and Management (DISM.exe) mounts a Windows image (.wim) file or virtual hard disk (.vhd or .vhdx) for servicing. You can also use the DISM image management command to list the image index numbers, to verify the architecture for the image that you are mounting, append an image, apply an image, capture an image and delete an image.


Further Information:

Follow-up On Backups: Mounting a System Image


Yesterday, I posted about my practice of using the built in system image creation tools in Windows 7 and Windows 8 to create a backup of my system whenever I’m getting ready to upgrade.


Now, if something goes tragically wrong, I can just boot to a system repair disk, and restore the image, and I’m back to where I started. But let’s suppose the install goes fine, but I find that there’s a file I need to get to from my backup, but I don’t want to restore the entire backup, just get that file.


The good news is that you can do this easily, because the system image is stored as a .vhd (or in the case of Windows 8, a .vhdx) file. And Windows 8 can mount a VHD as a drive, making it easy to access the files from the backup.


Just plug in the external drive you used for your backup, and find the WindowsImageBackup folder (should be at the root of the drive), and inside it find the folder matching the name of the machine you backed up. Inside that should be a folder that starts with “Backup” and the date of the backup. And finally, inside the backup folder is a .vhd (or .vhdx) file containing the backup of your system (you might see more than one .vhd(x)…if so, look for the largest one, as shown in the image below):




If you right-click that file and select “Mount” (as shown below) Windows will mount the VHD file for you, and assign it a drive letter.






You administer Windows 8.1 client computers in your company network.


You receive a virtual hard disk (VHD) file that has Windows 8.1 Pro preinstalled, along with several business applications.


You need to configure your client computer to start from either the VHD file or from your current operating system.


Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)



Import the contents of the system store from a file.


Export the contents of the system store into a file.


Attach the VHD file by using Disk Management.


Make the VHD disk bootable.


Create a new empty boot configuration data store.


Create a new entry in the boot configuration data store.


Answer: CDF


Creating Bootable Virtual Hard Disks

Using the Disk Management Tools


This section describes how to create a bootable VHD by using the Disk Management tools. You create a VHD and then apply a Windows image from a .wim file to a partition in the VHD. After you complete the steps in this section, you can configure the VHD for native boot or configure it to boot in a virtual machine by following the instructions in Preparing Virtual Hard Disks for Boot.

How to Create Windows 8 VHD for Boot to VHD using simple, easy to follow steps


I.Once I make a backup copy of the VHD file for future use, I will go ahead and Mount the VHD again to add that installation to the boot menu. To do this, I will right click Disk Management and select Attach VHD. The Attach VHD Wizard will start. I can either browse to the VHD or just type it in the Location field.





J.The VHD will be mounted and will be assigned a drive letter by the system. In my case, it is drive F: again.


K.Go back to the Administrative Command Prompt and type the following command to add the installation to the Boot Menu:

bcdboot F:windows




L.Once the command finishes, you will now have the new Windows 8 entry in your boot menu.


Further Information:

F: Commands to add an existing VHD to your boot menu:

bcdedit /copy {originalguid} /d “New Windows 7 Installation” bcdedit /set {newguid} device vhd=[D:]Image.vhd

bcdedit /set {newguid} osdevice vhd=[D:]Image.vhd

bcdedit /set {newguid} detecthal on




A company has client computers that run Windows 8.1. The client computer systems frequently use IPSec tunnels to securely transmit data.


You need to configure the IPSec tunnels to use 256-bit encryption keys.


Which encryption type should you use?











Answer: D


Descriptions of the IPsec Algorithms and Methods


Encryption algorithms

Data encryption algorithms are used to provide confidentiality to the data payload of an IPsec-protected network packet. Encryption algorithms can be very computationally intensive and can significantly impact computer performance. We recommend that you only encrypt network traffic that requires encryption. If you find that encryption impacts performance more than expected, consider using a network adapter that supports IPsec task offload.



DES is a block cipher encryption protocol that uses a 56-bit key and is documented in Federal Information Processing Standards Publication 46-3 ( A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64- bit key. The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.


Triple-DES or 3DES is an encryption protocol that provides stronger encryption than DES.

It is documented in Federal Information Processing Standards Publication 46-3 ( 3DES is a block cipher that uses a three- step encryption process that is more secure than DES. A block cipher is an encryption algorithm that operates on a fixed size block of data.

AES-CBC 128, 192, and 256

The AES in Cipher Block Chaining mode (AES-CBC) encryption algorithms are part of the NSA “Suite B” and are documented in RFC 3602

( AES is documented in Federal Information Processing Standards Publication 197 ( The AES algorithm is a symmetric block cipher that can encrypt and decrypt information in data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Longer key lengths provide better security at the cost of CPU performance due to the more intensive computational requirements. Cipher block chaining (CBC) is used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks.

AES-GCM 128, 192, and 256

AES-GCM is both an integrity and encryption algorithm and is described in the Integrity algorithms section.




You are configuring a computer that will be used in a kiosk in a public area. You install a new internal hard drive.


You need to protect the computer from starting an unauthorized operating system.


What should you do?



Ensure that the computer BIOS supports Unified Extensible Firmware Interface (UEFI) and is enabled.

Install Windows 8.1 Pro 64-bit using UEFI and install it on the internal hard drive.


Install Windows 8.1 Pro 64-bit on the internal hard drive.

Enable BitLocker on the internal hard disk.


Partition the internal hard drive as MBR disk.

Install Windows 8.1 Enterprise 64-bit.


Partition the internal hard drive as GPT disk.

Install Windows 8.1 Pro 64-bit.


Answer: A


Windows 8 Boot Security FAQ


What is UEFI?

UEFI (Unified Extensible Firmware Interface) is a specification that defines an interface between a PC’s firmware and an operating system. It replaces or can work in concert with the Basic Input/Output System (BIOS) firmware that PCs have traditionally used. For Windows 8, a key part of this specification is Secure Boot, which protects the PC from malware by allowing only authorized boot loaders to run when the computer starts.


How does Windows 8 prevent attackers from replacing boot components? All systems with the Windows 8 certification use Secure Boot (part of the UEFI specification) to protect hardware-related firmware and the operating-system loader from tampering. Secure Boot can prevent the system from booting if unauthorized changes have been made or possibly even refresh the some boot components, such as the UEFI firmware, to a known good state.


What is Trusted Boot?

Trusted Boot is a Windows 8 feature that secures the entire Windows boot process. It prevents malware from hiding and taking up permanent residence within the PC by ensuring none of the Windows components loaded during boot have been tampered with. Trusted Boot also ensures that anti-malware software is loaded before any third-party drivers and applications using its Early Launch Anti-Malware (ELAM) capability. This prevents malware from inserting itself in front of the anti-malware engine so that it can compromise the anti-malware engine’s ability to protect the system. In the event that malware was able to successfully compromise the any of the Windows boot process, Trusted Boot will attempt to automatically remediate the issue.


What editions of Windows 8 will include Trusted Boot?

All editions of Windows 8 include Trusted Boot.




A desktop computer that runs Windows 8.1 downloads updates but does not install them. The computer is connected to the corporate network by using a wired network connection.


You need to ensure that the computer automatically installs updates.


What should you do?



Set the wired network connection to non-metered.


Configure the Automatic Maintenance setting.


Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.


Set the wired network connection to metered.


Answer: B


Automatic Maintenance


Windows depends on execution of inbox and third party maintenance activity for much of its value-add, including Windows Update, and automatic disk defragmentation, as well as antivirus updates and scans.


The goal of Automatic Maintenance is to combine all background maintenance activity in Windows and help third-party developers add their maintenance activity to Windows without negatively impacting performance and energy efficiency. Additionally, Automatic Maintenance enables users as well as enterprises to be in control of maintenance activity scheduling and configuration.

Windows 8: Updates and Maintenance


Automatic Maintenance

One of the most important maintenance-related improvements in Windows 8 is Automatic Maintenance. This is a new system maintenance service that can be used by Windows components and apps to schedule maintenance activities on the PC in one scheduled window per day.

Automatic Maintenance is shown in Action Center in the Maintenance section.




The Maintenance Settings interface is shown below.




Further Information:

Configure Automatic Updates by Using Group Policy


Reschedule Automatic Update Scheduled Installations This policy specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes after the computer is next started. If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation.

If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started.

This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect.


To reschedule Automatic Update scheduled installation In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update. In the details pane, click Reschedule Automatic Update scheduled installations, click Enable, and type a value in minutes.

Click OK.









You administer a group of 10 client computers that run Windows 8.1. The client computers are members of a local workgroup. Employees log on to the client computers by using their Microsoft accounts.


The company plans to use Windows BitLocker Drive Encryption.


You need to back up the BitLocker recovery key.


Which two options can you use? (Each correct answer presents a complete solution.

Choose two.)



Save the recovery key to a file on the BitLocker-encrypted drive.


Save the recovery key in the Credential Store.


Save the recovery key to SkyDrive.


Print the recovery key.


Answer: AD


One of the new features in Windows 8.1 for BitLocker is the ability to backup your BitLocker recovery key to a Microsoft account. During the process before encryption begins, a user is prompted for a location to make a backup copy of the recovery key. Save to your Microsoft account has been added along with save to a file and print the recovery key.






You administer Windows 8.1 computers in your company network.


You install a new video driver. The computer will not start properly after restart. You are able to enter Safe Mode with Command Prompt.

You need to be able to start normally. You also need to ensure that user data is not lost.


What should you do?



Run the rstrui.exe command.


Roll back the driver.


Turn on File History.


Create a restore point.


Answer: A


Personal comment:

Creating a restore point will not help you at this moment.

Nor will File History.

You cannot roll back the driver, only disable it from starting – see the Further information section.

Your only hope is using System Restore to restore the system to the state previous to the driver installation. This will also preserve the user data. This has been available since Windows XP. One can only hope it still works in Windows 8…

How to start the System Restore tool by using the safe mode option with the Command prompt in Windows XP


How to start System Restore by using the Command prompt


5. At the command prompt, type %systemroot%system32restorerstrui.exe, and then press ENTER.

6. Follow the instructions that appear on the screen to restore your computer to a functional state.


Further Information:

After you install a device or update a driver for a device, Windows Vista or Windows 7 may not start


Use the Windows Recovery Environment to repair Windows Vista or Windows 7


3. Use the Command Prompt option in the Windows Recovery Environment to disable the driver that stops the operating system from starting.


Free VCE & PDF File for Microsoft 70-687 Real Exam

Instant Access to Free VCE Files: MCSE|MCSA|MCITP…
Instant Access to Free PDF Files: MCSE|MCSA|MCITP…