Managing and Maintaining Windows 8.1
Question No: 151
At home, you use a Windows 8.1 desktop computer. At work, you use a Windows 8.1 laptop that is connected to a corporate network. You use the same Microsoft account to log on to both computers.
You have a folder with some personal documents on your desktop computer. The folder must be available and synced between both computers.
You need to ensure that the latest version of these files is available. What should you do?
Create a folder by using SkyDrive for Windows. Move all of the personal documents to the new folder.
Move the folder to the Libraries folder.
Go to PC Settings. Under Sync your settings, enable App settings.
Right-click the folder and click Properties. Under Security, provide Full Control for the Microsoft account.
Right-click the folder and select Share With, and then select Homegroup (view and edit).
Explanation: http://answers.microsoft.com/en-us/windows/forum/windows8_1-files/some- solutions-for-skydrive-syncing-problems-in/f69180ad-e9b5-47cd-a3f3-24a4d67e0093 http://answers.microsoft.com/en-us/windows/forum/windows8_1-files/skydrive-in-windows- 81-is-not-syncing/1627111e-2ccb-4e6d-ae5f-ee325829191f
Question No: 152
Your network contains an Active Directory domain. All client computers run Windows 8 Enterprise.
Your company uses virtual smart cards.
A user named User1 requires a virtual smart card on a new client computer named Computer1.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
Enroll User1 for a certificate.
Run the Enable-BitLocker cmdlet.
Run the tpmvscmgr.exe command.
Enroll Computer1 for a certificate.
Explanation: A: Smart cards (virtual or otherwise) are based on digital certificates, which means you need a Public Key Infrastructure (PKI). A Windows Server 2012 certification authority (CA) has two default certificate templates that can be used for issuing smart card certificates. The Smartcard Logon template is appropriate when the card’s use will be for logging on only. If you want users to be able to use the certificate for encrypting email, use the Smartcard User template.
C: To create a Virtual Smart Card, use the Tpmvscmgr.exe command line utility. http://technet.microsoft.com/en-us/Library/dn593707.aspx http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Using- Virtual-Smart-Cards-Windows-8.html
Question No: 153
You have client Windows 8.1 Enterprise computers.
Your company purchases a subscription to Windows Intune. You deploy the Windows Intune agent to all of the computers.
You need to uninstall a Microsoft update that was installed before the Windows Intune agent was installed. The solution must minimize administrative effort.
What should you do?
Create a Group Policy object (GPO) that runs wusa.exe by using a startup script.
From Windows Intune, create a new automatic approval rule.
From Windows Intune, click New updates to approve.
Create a Group Policy object (GPO) that runs msiexec.exe by using a startup script.
Explanation: http://technet.microsoft.com/en-us/library/hh456367.aspx http://www.microsoft.com/en-us/server-cloud/products/windows- intune/support.aspx#fbid=I_-Vds59NJT http://support.microsoft.com/kb/934307
Question No: 154
Your network contains an Active Directory domain. The domain contains client computers that run Windows 8 Enterprise.
Users frequently use USB drives to store sensitive files that are used on multiple computers.
Your corporate security policy states that all removable storage devices, such as USB data drives, must be encrypted.
You need to ensure that if a user forgets the password for a USB disk that is encrypted by using BitLocker To Go, the user can resolve the issue themselves.
What should you do?
Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and then select Save to your Microsoft account.
Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and then select Print the recovery key.
Implement the BitLocker Network Unlock feature.
Publish a data recovery agent certificate by using a Group Policy object (GPO).
Answer: B Explanation:
Question No: 155
Your network contains an Active Directory domain. The domain contains 100 Windows 8.1 client computers. All of the computers secure all connections to computers on the internal network by using IPSec.
The network contains a server that runs a legacy application. The server does NOT support IPSec.
You need to ensure that some of the Windows 8 computers can connect to the legacy server. The solution must ensure that all other connections are secured by using IPSec.
What should you do?
Modify the settings of the Domain Profile.
Create a connection security rule.
Create an inbound firewall rule.
Modify the settings of the Private Profile,
Answer: A Explanation:
there are three profiles for Windows Firewall with Advanced Security:
Profile Description Domain
Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined.
Applied to a network adapter when it is connected to a network that is identified by the user or administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. For example, this could be a home network, or a business network that does not include a domain controller. The Private profile settings should be more restrictive than the Domain profile settings.
Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. When the profile is not set to Domain or Private, the default profile is Public. The Public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled. For example, a program that accepts inbound connections from the Internet (like a file sharing program) may not work in the Public profile because the Windows Firewall default setting will block all inbound connections to programs that are not on the list of allowed programs. Each network adapter is assigned the firewall profile that matches the detected network type.
Question No: 156
You manage client computers that run Windows 8 and are part of a workgroup.
These computers are configured to use Microsoft Update. Updates are downloaded every day at 10:00 and installed automatically.
Users report that their computers sometimes reboot without any interaction. You need to prevent unplanned automatic reboots of the computers.
What should you do?
Enable the Reschedule Automatic Updates scheduled installations policy setting.
Disable the Re-prompt for restart with scheduled installations policy setting.
Enable the Automatic Updates detection frequency policy setting.
Enable the No auto-restart with logged on users for scheduled automatic updates installations policy setting.
Explanation: If you Enable the No auto-restart with logged on users for scheduled automatic updates installations policy setting the computer will not restart until the user performs a manual restart.
Question No: 157 DRAG DROP
You administer 50 laptops that run Windows 7 Professional 32-bit.
You want to install Windows 8 Pro 64-bit on every laptop. Users will keep their own laptops.
You need to ensure that user application settings, Windows settings, and user files are maintained after Windows 8 Pro is installed.
Which four actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Explanation: Box 1:
You use the User State Migration Tool (USMT) 5.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user#39;s digital identity by capturing the user#39;s operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as PC refresh. A second common scenario is known as PC replacement, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
Scenario: PC-refresh using a hard-link migration store
A company has just received funds to update the operating system on all of its computers to Windows 8. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
The administrator runs the ScanState command-line tool on each computer, specifying the
/hardlink /nocompress command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the
On each computer, the administrator installs the company#39;s SOE which includes Windows 8 and other company applications.
The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
Question No: 158 HOTSPOT
Your company has a main office and a branch office.
You have client computers that run Windows 8 Enterprise.
You are evaluating whether to disable IPv6 on the client computers in the sales, marketing, research, and finance departments.
Each user in the sales department has a laptop and frequently accesses the network by using a PPTP VPN connection.
Each user in the marketing department has a desktop computer located in the branch office. All of the marketing department computers are configured to use BranchCache.
Each user in the research department has a desktop computer located in the main office and uses IPSec to access research servers.
Each user in the finance department has a laptop and frequently accesses the network by using an SSTP VPN connection.
In the table below, identify which departments require IPv6 and which departments do not require IPv6. Make only one selection in each row. Each correct selection is worth one point.
As Internet properties connect to both the IPv4 and IPv6 Internets, a problem can occur on a small number of hosts where there no routing path to the IPv6 Internet. This causes a delay in connectivity to the Internet resource because the host attempts a connection over IPv6, which fails, before attempting the connection over IPv4. IPv6 in Windows Server 2012 and Windows 8 detects this condition and prevents the initial connection attempt over IPv6.
In this case there is no need for IPv6 connections since all departments are either connecting with desktop client computers or laptop computers that makes use of a VPN. http://technet.microsoft.com/en-us/library/hh831730.aspx http://technet.microsoft.com/en-us/library/hh831696.aspx
Question No: 159
You administer Windows 8.1 Enterprise laptops. All of the computers are members of an
Active Directory domain.
When traveling, users access the corporate network by using a virtual private network (VPN).
There is an external firewall that allows connections only on TCP ports 80 and 443. You need to establish a VPN connection that is able to pass through the firewall.
Which of the following should you use?
Explanation: Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.
Not E: Point-to-Point Tunneling Protocol (PPTP) uses TCP port 1723 and IP port 47 Generic Routing Encapsulation (GRE).
Not F: Layer Two Tunneling Protocol (L2TP) uses TCP port 1701.
Not G: Internet Protocol Security (IPSec) uses IP protocol 50 for Encapsulated Security Protocol (ESP), IP protocol 51 for Authentication Header (AH), and UDP port 500 for IKE Phase 1 negotiation and Phase 2 negotiations.
Reference: VPN Tunneling Protocols
Question No: 160
You administer computers that run Windows XP Professional. These computers have a wide range of line of business (LOB) applications installed.
You want to migrate from Windows XP Professional to Windows 8.1 Pro.
You need to identify which applications will prompt users for elevated privileges. What should you do first?
Install the Microsoft Application Compatibility Toolkit (ACT).
Configure the advanced audit setting on the Windows 8.1 Pro computers before you install the LOB applications.
Install the Microsoft Assessment and Planning (MAP) Toolkit.
Install User Experience Virtualization (UE-V) on the Windows 8.1 Pro computers before you install the LOB applications.
Explanation: Consider an application written for Windows XP that requires administrator privileges. You could also resolve the compatibility problem using the Windows Application Compatibility Toolkit (ACT) version 5.5 or later to create an application compatibility shim. ACT is a solution for administrators that requires no reprogramming of an application and can help you resolve common compatibility problems. For example, you can create a shim that responds to an application inquiry about the operating system or user level with a True statement, which allows the application to run.
Note: The Microsoft庐 Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows庐 operating system. By using ACT, you can obtain compatibility information from Microsoft and software vendors, identify compatibility issues within your own organization, and share compatibility ratings with other ACT users.
Reference: Configure Applications to Always Run as an Administrator