70-687 New Updated Exam Questions Download From Braindump2go Freely 46-60
Official Microsoft Exam Center – 70-687 Latest Added Dumps Questions are Free Download from Braindump2go Now! 100% Time Saving and 100% Guaranteed Pass!
Vendor: Microsoft
Exam Code: 70-687
Exam Name: Configuring Windows 8.1
QUESTION 46
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1.
A local printer is shared from a client computer.
The client computer user is a member of the Sales AD security group.
You need to ensure that members of the Sales security group can modify the order of documents in the print queue, but not delete the printer share.
Which permission should you grant to the Sales group?
A. Manage queue
B. Manage this printer
C. Print
D. Manage spooler
E. Manage documents
Answer: E
Explanation:
http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx ‘
Group types
There are two types of groups in Active Directory: distribution groups and security groups.
You can use distribution groups to create e-mail distribution lists and security groups to assign permissions to shared resources.
Security groups
Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:
Assign user rights to security groups in Active Directory Assign permissions to security groups on resources
http://my.safaribooksonline.com/book/operating-systems/9780133118025/sharing- printers/ch21lev2sec24
Setting Printer Permissions
If you have a workgroup network and have disabled Password Protected Sharing, or if you have set up a homegroup, you don’t need to worry about setting permissions for printers:
anyone can use your shared printer. If you’re on a domain network or have chosen to use detailed user-level permissions on your workgroup network, you can control access to your shared printers with security attributes that can be assigned to users or groups, as shown in Figure 21.9 and described next:
The Security tab lets you assign printer-management permissions for users, groups, and the creator of each print job.
QUESTION 47
Your computer runs Windows 8 and is connected to an Active Directory Domain Services (AD DS) domain. You create a folder and share the folder with everyone in your organization.
You need to modify the NTFS permissions of the folder to meet the following criteria:
– Users from the Marketing security group must be able to open files, but not modify them.
– Users from the Supervisors security group must be able to create, modify, and delete files.
Which permissions should you set?
Users from both groups must not be able to delete the folder.
A. Assign the Marketing group the Read permission. Assign the Supervisors group the Read and
Write permissions and the Delete Subfolders and Files special permission.
B. Assign the Marketing group the Read and Write permissions.
Assign the Supervisors group the Full Control permission.
C. Assign the Marketing group the Read and Write permissions. Assign the Supervisors group the
Modify permission and the Delete Subfolders and Files special permission.
D. Assign the Marketing group the Read permission. Assign the Supervisors group the Read and
Write permissions and the Delete special permission.
Answer: A
QUESTION 48
A company has client computers that run Windows 8.1
The company implements the following security requirements:
– All client computers must use two-factor authentication.
– At least one authentication method must include exactly four characters or gestures.
You need to choose authentication methods that comply with the security requirements.
Which two authentication methods should you choose? (Each correct answer presents part of the solution. Choose two.)
A. PIN
B. Biometric authentication
C. Picture password
D. Microsoft account
Answer: AB
Explanation:
Something the user knows: PIN (4 digits)
One might be tempted to think the photo for the picture password is something the User has.
But it is something the User knows, too:
He knows how to draw the gestures (maximum 3 gestures supported with picture password), and it is no physical object (like a token, smart card …)
The MS Account is too something the user knows.
So the answer must be Biometric authentication.
Two-factor authentication requires the use of two of the three authentication factors:
Something the user knows (e.g., password, PIN); Something the user has (physical Object) (e.g., ATM card, smart card); and Something the user is (e.g., biometric characteristic, such as a fingerprint).
The factors are identified in the standards and regulations for access to U.S.
Federal Government systems.
QUESTION 49
Hotspot Question
You are setting up a Windows 8.1 computer.
The computer’s network connections are shown in the Network Connections exhibit (Click the Exhibit button.)
The computer’s network settings are shown in the Network Settings exhibit. (Click the Exhibit button.)
Advanced TCP/IP settings are shown in the Advanced TCP/IP Settings exhibit. (Click the Exhibit button,)
Consider each of the following statements. Does the information in the three screenshots support the inference as stated? Each correct selection is worth one point.
QUESTION 50
Your computer runs Windows 8.1 and is connected to an Active Directory Domain Services (AD DS) domain.
You create a folder and share the folder with everyone in your organization.
You need to modify the NTFS permissions of the folder to meet the following criteria:
– Users from the Supervisors AD security group must be able to open files, but not modify them.
– Users from the Marketing AD security group must be able to create, modify, and delete files.
– Users from both groups must not be able to delete the folder.
Which permissions should you set?
A. Assign the Supervisors group the Read and Write permissions.
Assign the Marketing group the Modify permission and the Delete Subfolders and Files special
permission.
B. Assign the Supervisors group the Read and Write permissions.
Assign the Marketing group the Full Control permission.
C. Assign the Supervisors group the Read permission.
Assign the Marketing group the Read and Write permissions and the Delete Subfolders and
Files special permission.
D. Assign the Supervisors group the Read permission.
Assign the Marketing group the Read and Write permissions and the Delete special permission.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/bb727008.aspx File and Folder Permissions
On NTFS volumes, you can set security permissions on files and folders. These permissions grant or deny access to the files and folders.
File and Folder Permissions:
Special Permissions for Files:
Special Permissions for Folders:
QUESTION 51
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1.
A local printer is shared from a client computer.
The client computer user is a member of the Sales AD security group.
You need to ensure that members of the Sales security group can print to the shared printer and modify only their own print jobs.
Which permission should you grant to the Sales group?
A. Manage queue
B. Print
C. Manage documents
D. Manage this printer
E. Manage spooler
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc781446%28v=ws.10%29.aspx ‘
Group types
There are two types of groups in Active Directory: distribution groups and security groups.
You can use distribution groups to create e-mail distribution lists and security groups to assign permissions to shared resources.
Security groups
Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:
Assign user rights to security groups in Active Directory Assign permissions to security groups on resources
http://my.safaribooksonline.com/book/operating-systems/9780133118025/sharing- printers/ch21lev2sec24
Setting Printer Permissions
If you have a workgroup network and have disabled Password Protected Sharing, or if you have set up a homegroup, you don’t need to worry about setting permissions for printers:
anyone can use your shared printer. If you’re on a domain network or have chosen to use detailed user-level permissions on your workgroup network, you can control access to your shared printers with security attributes that can be assigned to users or groups, as shown in Figure 21.9 and described next:
The Security tab lets you assign printer-management permissions for users, groups, and the creator of each print job.
QUESTION 52
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows Vista and are members of the domain.
A Group Policy object (GPO) configuring a software restriction policy is implemented in the domain to block a specific application.
You upgrade a computer to Windows 8.1 and implement a GPO that configures an AppLocker rule in the domain. The blocked application runs on the Windows 8.1 computer but not on the Windows Vista computers.
You need to ensure that the application is blocked from running on all computers and the AppLocker rule is applied to the computers in the domain.
What should you do?
A. Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.
B. Run the Get-AppLockerPolicy Windows PowerShell cmdlet.
C. Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
D. Configure the software restriction policy as a local policy on the Windows 8 computer.
E. Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
Answer: A
Explanation:
http://technet.microsoft.com/library/hh994614
Use AppLocker and Software Restriction Policies in the Same Domain
AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It is recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
http://technet.microsoft.com/en-us/library/ee791851%28v=ws.10%29.aspx
Both SRP and AppLocker use Group Policy for domain management. However, when SRP policies and AppLocker policies exist in the same domain and applied through Group Policy, AppLocker policies will take precedence over SRP policies on computers running Windows Server 2012, Windows Server 2008 R2, Windows 8 or Windows 7.
As an example of how both types of policy would affect the bank’s “Teller software” application, consider the following scenario where the application is deployed on different Windows desktop operating systems and managed by the Tellers GPO.
Further Information:
http://technet.microsoft.com/en-us/library/hh847214.aspx
Get-AppLockerPolicy
The Get-AppLockerPolicy cmdlet retrieves the AppLocker policy from the local Group Policy Object (GPO), a specified Group Policy Object (GPO), or the effective policy on the computer.
By default, the output is an AppLockerPolicy object. If the XML parameter is used, then the output will be the AppLocker policy as an XML-formatted string.
http://technet.microsoft.com/en-us/library/hh849812.aspx
Set-ExecutionPolicy
The Set-ExecutionPolicy cmdlet changes the user preference for the Windows PowerShell execution policy.
The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.
QUESTION 53
A company has an Active Directory Domain Services (AD DS) domain.
Client computers in the Test department run Windows 8.1 and are connected to the domain.
You need to ensure that Windows updates are not automatically applied and cannot be enabled by users.
What should you do?
A. Create a Group Policy object (GPO) to enable the Turn on recommended updates via Automatic
Updates policy setting.
B. Configure Windows Update to install updates automatically.
C. Create a Group Policy object (GPO) to configure the Remove access to use all Windows Update
features policy setting.
D. Create a Group Policy object (GPO) to configure the Configure Automatic Updates policy setting.
Answer: C
Explanation:
Remove access to use all Windows Update features:
This Group Policy setting is located in User Configuration\Administrative Templates\Windows Components\Windows Update.
When you enable this setting, the operating system cannot be updated through Windows Update, and Automatic Updates is disabled. Users or administrators can still perform actions such as clicking the Windows Update option on the Start menu, and the Windows Update Web site will appear in the browser. However, it will not be possible to update the operating system through Windows Update, regardless of the type of account being used to log on.
QUESTION 54
A company has 100 client computers that run Windows 8.1.
You need to assign static IPv6 addresses to the client computers.
Which Windows Powershell cmdlet should you run?
A. Set-NetTCPSetting
B. Set-NetIPInterface
C. Set-NetlPv6Protocol
D. Set-NetIPAddress
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/hh826151.aspx
Set-NetIPAddress
The Set-NetIPAddress cmdlet modifies IP address configuration properties of an existing IP address.
To create an IPv4 address or IPv6 address, use the New-NetIPAddress cmdlet.
QUESTION 55
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1 and are joined to the domain. All Sales department employees are members of the Sales organizational unit (CU). AppLocker rules control the installation of applicatior on client computers.
You create a new Group Policy object (GPO) to configure an AppLocker file hash rule. The file hash rule allows an application to run and links the application to the Sales OU. Several minutes later, you establish that the AppLocker rule is not present on some computers within SalesOU and the application cannot run.
You need to quickly ensure that the application can run.
What should you do?
A. Run the Get-AppLockerPolicy Windows PowerShell cmdlet.
B. Configure the AppLocker properties to enforce rules.
C. Run the gpupdate /force command.
D. Create a new AppLocker file hash condition.
Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/bb490983.aspx
Gpupdate
Refreshes local and Active Directory-based Group Policy settings, including security settings.
/force : Ignores all processing optimizations and reapplies all settings.
http://technet.microsoft.com/en-us/library/cc940895.aspx
Group Policy refresh interval for computers
Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This policy specifies a background update rate only for Group Policies in the Computer Configuration folder.
By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates, Group Policy for the computer is always updated when the system starts.
Further Information:
http://technet.microsoft.com/en-us/library/ee460964.aspx Get-AppLockerPolicy
The Get-AppLockerPolicy cmdlet gets the AppLocker policy from the local Group Policy object (GPO), from a specified GPO, or from the effective AppLocker policy on the computer. The output is an AppLockerPolicy object or an XML-formatted string.
QUESTION 56
You administer Windows 8.1 laptops in your company network.
You install several custom desktop applications on the laptops.
You need to create a custom recovery image for Windows to use when selecting the Refresh your PC option. The custom recovery image must include the custom desktop applications.
Which command should you use to create the custom recovery image?
A. Recdisc.exe
B. Recover.exe
C. Recimg.exe
D. RecoveryDrive.exe
Answer: C
Explanation:
http://blogs.msdn.com/b/matt-harrington/archive/2012/04/01/create-a-windows-8-refresh-image-with-recimg-exe.aspx
Create a Windows 8 image with recimg.exe to preserve your Desktop apps after a refresh
Windows 8 supports two new ways to revert your system to an earlier state. From the Settings charm, access More PC settings and then click General.
Towards the bottom, you’ll see these two choices:
Refresh your PC without affecting your files. This choice keeps your personal data, system settings, and Metro style applications. Desktop applications will be removed, unless you create a custom image as I detail below. Reset your PC and start over. This choice is like a factory reset. All of your personal files, Metro style apps, and Desktop apps will be removed.
You can optionally write random data to your drive for added security.
Use option 2 if you’re going to sell or give away your system. All of your personal files will be erased. The rest of this post is about option 1.
Option 1, refreshing your PC, keeps your personal data and reinstalls Metro style applications. Desktop apps will be removed, and their names will be placed in a file on your desktop called Removed Apps.
Reinstalling all of your Desktop apps can be time consuming, so Windows 8 offers a command called recimg.exe to make this easier. recimg creates an image which is used by the refresh facility when restoring Windows. Not only will your personal data and Metro style apps be saved, but so will Desktop apps you have installed at the time you create the image. This can save you a lot of time.
http://support.microsoft.com/kb/2748351
How to create a system image to refresh your Windows 8 PC
“Refresh your PC” is a new feature in Windows 8. By default, desktop apps are removed when you refresh a Windows 8-based computer, unless you create a custom image. After you create a custom system image, the image is used as the refresh image. This means that any existing image or OEM restore image is not used when you refresh your computer.
To create a custom image, use the Recimg.exe command-line tool that is included in Windows 8. To do this, follow these steps:
1. Create a destination folder for the custom image. For example, create a folder named “Refreshimage” on drive C.
2. Open an elevated command prompt. To do this, follow these steps:
On the Start page, type cmd, press and hold or right-click Command Prompt, and then tap or click Run as administrator.
3. Type the following command, and then press Enter:
recimg -CreateImage drive:\folder
For example, if you create “C:\Refreshimage” in step 1, run the following command:
recimg -CreateImage C:\Refreshimage
QUESTION 57
You administer Windows 8.1 client computers in your company network.
A computer that is used by non-administrator users has a directory named C:\Folder1.
A shared collection of Microsoft Excel files is stored in the C:\Folder directory, with non-administrator users being granted modify permissions to the directory.
You discover that some files have been incorrectly modified by a user.
You need to determine which user made changes to the directory’s folder’s files.
Which two actions should you perform? (Each correct answer presents part of the solution.
Choose two.)
A. Set local policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit
Policy \Audit object access to Failure.
B. From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to Failure
for the Modify permission.
C. From the Auditing Entry for Folder1, set the Principal to Everyone, and then set the Type to Success
for the Modify permission.
D. Set local policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit
Policy \Audit object access to Success.
Answer: CD
Explanation:
We must audit for success, as we want to know which user has modified the file.
http://technet.microsoft.com/en-us/library/cc776774%28v=ws.10%29.aspx
QUESTION 58
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1
Portable client computers no longer connect to the corporate wireless network.
You need to ensure that when the corporate wireless network is available, the computers always connect to it automatically.
Which two actions would achieve the goal? (Each correct answer presents a complete solution.
Choose two.)
A. Create a Group Policy object (GPO) to configure a wireless network policy. Link the GPO to the
organizational unit that contains the computers.
B. Configure the corporate wireless network as an unmetered network.
C. Configure the corporate wireless network as a preferred network.
D. Manually connect to the corporate wireless network and select the option to connect automatically
to that network.
Answer: CD
Explanation:
Configure the corporate wireless network as a preferred network.
Manually connect to the corporate wireless network and select the option to connect automatically to that network.
http://blogs.technet.com/b/canitpro/archive/2014/03/05/windows-8-1-tips-manage-wireless- network-profiles.aspx
Windows 8.1 tips: Managing Wireless Network Profiles
And finally, if you wanted to change the preferred order for your machine to connect to specific wireless network, you could move a network up in the priority list by using the command: set profileorder name=goose interface=”Wi-Fi” priority=1
http://www.eightforums.com/tutorials/20152-wireless-networks-priority-change-windows-8- a.html
How to Change Connection Priority of Wireless Networks in Windows 8 and 8.1
Windows usually connects to networks in this priority order:
Ethernet
WiFi (wireless)
Mobile broadband
When you connect to a new WiFi network, it’s added to the list, and Windows will connect to that network while it’s in range. If you connect to another WiFi network while in range of the first network, Windows will prefer the second network over the first one.
Mobile broadband networks are treated differently. If you manually connect to a mobile broadband network when there is a WiFi network in range, the mobile broadband network is preferred just for that session. The next time you’re in range of both networks, the WiFi network is preferred. This is because mobile broadband networks typically are metered.
If you want to force your PC to prefer a mobile broadband network over WiFi, tap or click the WiFi network in the list of networks, and then click Disconnect. Windows won’t automatically connect to that WiFi network.
QUESTION 59
A company has client computers that run Windows 8.1.
The client computers are connected to a corporate private network.
Users are currently unable to connect from their home computers to their work computers by using Remote Desktop.
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate network resource from their home computers.
Which setting should you configure on the home computers?
A. Virtual Private Network connection
B. Remote Desktop local resources
C. DirectAccess connection
D. Remote Desktop Gateway IP address
Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc731435.aspx
Remote Desktop Gateway allows a home computer to remote into the work computer.
The Work computer can access corporate network resources, just as if the worker was at the workstation, but the HOME COMPUTER cannot access corporate resources.
RD RAPs will enable us to control remote user access to internal network resources.
With RD CAPs we can control which Users or Computers can connect via RDP.
VPN provides the HOME computer with an IP Address directly of the Corporate private network, giving the HOME computer access to the corporate private resources
QUESTION 60
A company has 100 client computers that run Windows 8.1.
The client computers are connected to a corporate private network. Users are currently unable to connect from their home computers to their work computers by using Remote Desktop.
You need to ensure that users can remotely connect to their office computers by using Remote Desktop. Users must not be able to access any other corporate network resource from their home computers.
What should you do?
A. Configure a Virtual Private Network connection.
B. Configure the Remote Desktop Gateway IP address in the advanced Remote Desktop Connection
settings on each client.
C. Configure the local resource settings of the Remote Desktop connection.
D. Configure a DirectAccess connection.
Answer: B
Explanation:
While connecting the computers you will find a couple of options related to VPN and
Desktop Assistance.
See Understanding Authorization Policies for Remote Desktop Gateway:
http://technet.microsoft.com/en-us/library/cc731435.aspx
RD RAPs will enable us to control remote user access to internal network resources.
With RD CAPs we can control which Users or Computers can connect via RDP.
Configure the Remote Desktop Gateway IP address in the advanced Remote Desktop
Connection settings on each client.
DirectAccess is for Windows Server 2008/2012/Win 7 Ultimate/Enterprise/Win 8 Enterprise
only.
RD Gateway setup is only for servers.
Create VPN through manage networks. File -> Allow incoming connections.
Connect through Internet and create VPN which will allow one computer at a time to view
the hosts resources, and only the hosts resources unlike standard VPNs.
Want Pass 70-687 Exam At the first try? Come to Braindump2go! Download the Latest Microsoft 70-687 Real Exam Questions and Answers PDF & VCE from Braindump2go,100% Pass Guaranteed Or Full Money Back!