TS: Windows 7, Configuring
Question No: 41 – (Topic 1)
You want to prohibit read, write, and execute access to all types of external storage devices.
What computer policy setting do you enable?
All Removable Storage: Allow Direct Access In Remote Sessions
All Removable Storage Classes: Deny All Access
Removable Disks: Deny Read Access
Removable Disks: Deny Write Access
Question No: 42 – (Topic 1)
Which of the following tools can you use to determine if the applications installed on your computer running Windows Vista are known to have problems with Windows 7?
Windows 7 Upgrade Advisor
Answer: A Explanation:
Windows 7 Upgrade Advisor
Prior to attempting to perform the upgrade from Windows Vista to Windows 7, you should run the Windows 7 Upgrade Advisor. The Windows 7 Upgrade Advisor is an application that you can download from Microsoft’s Web site that will inform you if Windows 7 supports a computer running the current hardware and software configuration of Windows Vista.
Prior to running the Windows 7 Upgrade Advisor, you should ensure that all hardware that you want to use with Windows 7, such as printers, scanners, and cameras, are connected to the computer. The Upgrade Advisor generates a report that informs you of which applications and devices are known to have problems with Windows 7.
Question No: 43 – (Topic 1)
You have a computer that runs Windows 7. The computer contains two volumes, C and D. You create a new folder called D:\Reports.
You need to ensure that all files stored in the Reports folder are indexed by Windows Search.
What should you do?
Enable the archive attribute on the folder.
Modify the Folder Options from Control Panel.
Modify the properties of the Windows Search service.
Create a new library and add the Reports folder to the library.
Answer: D Explanation:
Libraries enable you to organize files by using metadata about the file, such as author, date, type, tags, and so on-instantly. You’re not limited to just browsing files by folder hierarchy. When you save files in a Library, Windows庐 7 indexes the files. You can use
Library features like the Arrange By control to instantly browse the files in the Library by metadata or use the Search Builder, which is built into the Search box in Windows Explorer, to instantly search the files in the Library by metadata.
Question No: 44 – (Topic 1)
You have a computer that runs Windows 7.
Your network contains a VPN server that runs Windows Server 2008. You need to authenticate to the VPN server by using a smart card.
Which authentication setting should you choose?
Answer: B Explanation:
VPN Server Software Requirements
VPN server software requirements for smart card access are relatively straightforward. The remote access servers must run Windows 2000 Server or later, have Routing and Remote Access enabled, and must support Extensible Authentication Protocol-Transport Layer Security (EAP-TLS). EAP-TLS is a mutual authentication mechanism developed for use in conjunction with security devices, such as smart cards and hardware tokens. EAP-TLS supports Point-to-Point Protocol (PPP) and VPN connections, and enables exchange of shared secret keys for MPPE, in addition to Ipsec. The main benefits of EAP-TLS are its resistance to brute-force attacks and its support for mutual authentication. With mutual authentication, both client and server must prove their identities to each other. If either client or server does not send a certificate to validate its identity, the connection terminates.Microsoft Windows Server鈩?2003 supports EAP-TLS for dial-up and VPN connections, which enables the use of smart cards for remote users. For more information about EAP-TLS, see the Extensible Authentication Protocol (EAP) topic at www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/auth_eap.
For more information about EAP certificate requirements, see the Microsoft Knowledge Base article quot;Certificate Requirements when you use EAP-TLS or PEAP with EAP-TLSquot; at http://support.microsoft.com/default.aspx? scid=814394.
Question No: 45 – (Topic 1)
You have a computer named Computer1 that runs Windows 7. The computer is a member of an Active Directory domain. The network contains a file server named Server1 that runs Windows Server 2008.
You log on to the computer by using an account named User1.
You need to ensure that when you connect to Server1, you authenticate by using an account named Admin1.
What should you do on Computer1?
From User Accounts, select Link online IDs.
From Windows CardSpace, select Add a card.
From Credential Manager, select Add a Windows credential.
From Local Security Policy, modify the Access this computer from the network user right.
Answer: C Explanation: Credential Manager
Credential Manager stores logon user name and passwords for network resources, including file servers, Web sites, and terminal services servers. Credential Manager stores user name and password data in the Windows Vault. You can back up the Windows Vault and restore it on other computers running Windows 7 as a method of transferring saved credentials from one computer to another. Although Credential Manager can be used to back up some forms of digital certificates, it cannot be used to back up and restore the self- signed Encrypting File System (EFS) certificates that Windows 7 generates automatically when you encrypt a file. For this reason, you must back up EFS certificates using other tools. You will learn about backing up EFS certificates later in this lesson.
Question No: 46 – (Topic 1)
You have a computer that runs Windows 7.
You need to confirm that all device drivers installed on the computer are digitally signed. What should you do?
At a command prompt, run Verify.
At a command prompt, run Sigverif.exe.
From Device Manager, click Scan for hardware changes.
From Device Manager, select the Devices by connection view.
Answer: B Explanation:
Checking Digital Signatures with the File Signature Verification Tool
The Dxdiag tool identifies problems with DirectX hardware and tells you whether that
hardware has passed the WHQL testing regimen and has been signed digitally. However, it does not test the device drivers that are not associated with DirectX devices. To scan your computer and identify any unsigned drivers, you should use the File Signature Verification (Sigverif) tool.
Question No: 47 – (Topic 1)
You have a computer that runs Windows 7. Multiple users log on to your computer.
You enable auditing on a folder stored on your computer. You need to ensure that each access to the folder is logged.
What should you do?
Start the Problem Steps Recorder.
From Event Viewer, modify the properties of the Security log.
From the local Group Policy, configure the Audit object access setting.
From the local Group Policy, configure the Audit directory service Access setting.
Answer: C Explanation:
Audit object access
Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. By default, this value is set to No auditing in the Default Domain Controller Group Policy object (GPO) and in the local policies of workstations and servers. If you define this policy setting, you can specify whether to audit successes, audit failures, or not to audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. You can select No auditing by defining the policy setting and unchecking Success and Failure.
Question No: 48 – (Topic 1)
You work in an international company which is named Wiikigo. Before entering this company, you have two years of experience in the IT field, as well as experience implementing and administering any Windows client operating system in a networked environment. You are professional in installing, upgrading and migrating to Windows 7, deploying Windows 7, and configuring Hardware and Applications and son on. You are in charge of a computer that runs Windows Vista. You have Windows 7 installed on a new partition on the computer. You have to make sure that the computer always starts Windows Vista by default. So what action should you perform to make sure of this?
In order to make sure that the computer always starts Windows Vista by default, a boot.ini file should be created in the root of the Windows 7 partition.
In order to make sure that the computer always starts Windows Vista by default, a boot.ini file should be created in the root of the Windows Vista partition.
In order to make sure that the computer always starts Windows Vista by default, Bcdedit.exe should be run and the /default parameter should be specified.
In order to make sure that the computer always starts Windows Vista by default, Bcdedit.exe should be run and the /bootems parameter should be specified.
Question No: 49 – (Topic 1)
You have a stand-alone computer named Computer1 that runs Windows 7. Several users share Computer1.
You need to prevent all users who are members of a group named Group1 from running Windows Media Player. All other users must be allowed to run Windows Media Player.
You must achieve this goal by using the least amount of administrative effort. What should you do?
From Software Restriction Policies, create a path rule.
From Software Restriction Policies, create a hash rule.
From Application Control Policies, create the default rules.
From Application Control Policies, create an executable rule.
Executable rules apply to files that have .exe and .com file extensions. AppLocker policies are primarily about executable files, and it is likely that the majority of the AppLocker policies that you work with in your organizational environment will involve executable rules. The default executable rules are path rules that allow everyone to execute all applications in the Program Files folder and the Windows folder. The default rules also allow members of the administrators group to execute applications in any location on the computer. It is necessary to use the default executable rules, or rules that mirror their functionality, because Windows does not function properly unless certain applications, covered by these default rules, are allowed to execute. When you create a rule, the scope of the rule is set to Everyone, even though there is not a local group named Everyone. If you choose to modify the rule, you can select a specific security group or user account.
NOT Default rulesDefault rules are a set of rules that can be created automatically and which allow access to default Windows and program files. Default rules are necessary because AppLocker has a built-in fallback block rule that restricts the execution of any application that is not subject to an Allow rule. This means that when you enable AppLocker, you cannot execute any application, script, or installer that does not fall under an Allow rule. There are different default rules for each rule type. The default rules for each rule type are general and can be tailored by administrators specifically for their environments. For example, the default executable rules are path rules. Security-minded administrators might replace the default rules with publisher or hash rules because these are more secure.NOT Path RulesPath rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: \Program files\Application\App.exe to Unrestricted and one that sets the folder C:\Program files\Application to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:\Program files\Application\*.exe. Wildcard rules are less specific than rules that use a file’s full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:\Apps\Filesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed.NOT Hash RulesHash rules, work through the generation of a digital fingerprint that identifies a file based on its binary characteristics. This means that a file that you create a hash rule for will be identifiable regardless of the name assigned to it or the location from which you access it. Hash rules work on any file and do not require the file to have a digital signature. The drawback of hash rules is that you need to create them on a per-file basis. You cannot create hash rules automatically for Software Restriction
Policies; you must generate each rule manually. You must also modify hash rules each time that you apply a software update to an application that is the subject of a hash rule. Software updates modify the binary properties of the file, which means that the modified file does not match the original digital fingerprint.
Question No: 50 – (Topic 1)
You work in an international company which is named Wiikigo. Before entering this company, you have two years of experience in the IT field, as well as experience implementing and administering any Windows client operating system in a networked environment. You are professional in installing, upgrading and migrating to Windows 7, deploying Windows 7, and configuring Hardware and Applications and son on. You are in charge of two computers that are respectively named C01 and C02. C01 runs Windows 7 and C02 runs Windows XP Professional.
On C01, you enable Remote Desktop as shown in the Remote Desktop exhibit. What action should you perform?
You should enable the Allow connections from computers running any version of Remote Desktop setting on C01.
The Client (Respond Only) IPSec policy should be assigned on C02.
Your user account should be added to the Remote Desktop Users group on C01.
A firewall exception should be created for the Remote Desktop Protocol (RDP) should be assigned on C02.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|