70-680 Exam
Tactics to 70 680 exam
It is impossible to pass Microsoft 70 680 exam exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed Microsoft exam 70 680 practice questions. You will get a surprising result by our Renovate TS:Windows 7,Configuring practice guides.
Q191. - (Topic 2)
A user telephones your help desk. She has just accidentally deleted a file she was working on earlier that day.
You have configured her computer to carry out backups every evening, and you installed a new graphics driver two days ago.
How should you advise the user to retrieve her file?
A. Open the Backup And Restore console and restore the file from backup.
B. Use the Restore Previous Versions feature to restore the file.
C. Open her Recycle Bin, right-click the file, and choose Restore.
D. Perform a system restore.
Answer: C
Q192. - (Topic 2)
You have a computer that runs windows 7.
You have a third-party application.
You need to ensure that only a specific version of the application runs on the computer.
You have the application vendor's digital signature.
What should you do?
A. From Application Control Policies, configure a path rule.
B. From Application Control Policies, configure a publisher rule.
C. From Software Restriction policies, configure a path rule.
D. From Software Restriction policies, configure a certificate rule.
Answer: B
Explanation:
AppLocker Application Control Policies AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. As you learned earlier in this chapter, hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer Configuration\Windows Settings\ Security Settings \Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO. AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies. AppLocker Application Control Policies - Publisher Rules Publisher rules in AppLocker work on the basis of the code-signing certificate used by the file's publisher. Unlike a Software Restriction Policy certificate rule, it is not necessary to obtain a certificate to use a publisher rule because the details of the digital signature are extracted from a reference application file. If a file has no digital signature, you cannot restrict or allow it using AppLocker publisher rules. Publisher rules allow you more flexibility than hash rules because you can specify not only a specific version of a file but also all future versions of that file. This means that you do not have to re-create publisher rules each time you apply a software update because the existing rule remains valid. You can also allow only a specific version of a file by setting the Exactly option.AppLocker Application Control Policies - Path RulesAppLocker path rules work in a similar way to Software Restriction Policy path rules. Path rules let you specify a folder, in which case the path rule applies to the entire contents of the folder, including subfolders, and the path to a specific file. The advantage of path rules is that they are easy to create. The disadvantage of path rules is that they are the least secure form of AppLocker rules. An attacker can subvert a path rule if they copy an executable file into a folder covered by a path rule or overwrite a file that is specified by a path rule. Path rules are only as effective as the file and folder permissions applied on the computer.
Software Restriction Policies Software Restriction Policies is a technology available to clients running Windows 7 that is available in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. You manage Software Restriction Policies through Group Policy. You can find Software Restriction Policies in the Computer Configuration \Windows Settings\Security Settings\Software Restriction Policies node of a group policy. When you use Software Restriction Policies, you use the Unrestricted setting to allow an application to execute and the Disallowed setting to block an application from executing. You can achieve many of the same application restriction objectives with Software Restriction Policies that you can with AppLocker policies. The advantage of Software Restriction Policies over AppLocker policies is that Software Restriction Policies can apply to computers running Windows XP and Windows Vista, as well as to computers running Windows 7 editions that do not support AppLocker. The disadvantage of Software Restriction Policies is that all rules must be created manually because there are no built-in wizards to simplify the process of rule creation.Software Restriction Policies - Path Rules Path rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: \Program files\Application\App.exe to Unrestricted and one that sets the folder C:\Program files\Application to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:\Program files\Application\*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:\Apps\Filesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed. Software Restriction Policies - Certificate Rules Certificate rules use a code-signed software publisher's certificate to identify applications signed by that publisher. Certificate rules allow multiple applications to be the target of a single rule that is as secure as a hash rule. It is not necessary to modify a certificate rule in the event that a software update is released by the vendor because the updated application will still be signed using the vendor's signing certificate. To configure a certificate rule, you need to obtain a certificate from the vendor. Certificate rules impose a performance burden on computers on which they are applied because the certificate's validity must be checked before the application can execute. Another disadvantage of certificate rules is that they apply to all applications from a vendor. If you want to allow only 1 application from a vendor to execute but the vendor has 20 applications available, you are better off using a different type of Software Restriction Policy because otherwise users can execute any of those other 20 applications.
Q193. - (Topic 2)
You have a computer that runs windows 7.
The computer is configured as shown in the following table.
You plan to install a new application that requires 40 GB of space. The application will be installed to C:\app1.
You need to provide 40 GB of free space for the application.
What should you do?
A. Create a shortcut.
B. Create hard link.
C. Create a mount point.
D. Change the quota settings.
Answer: C
Explanation:
Assign a mount point folder path to a driveYou can use Disk Management to assign a mount-point folder path (rather than a drive letter) to the drive. Mount-point folder paths are available only on empty folders on basic or dynamic NTFS volumes.Volume Mount PointsVolume mount points are new system objects in the internal namespace of Windows 2000 that represent storage volumes in a persistent, robust manner. This feature allows multiple disk volumes to be linked into a single tree, similar to the way Dfs links remote network shares. You can have many disk volumes linked together, with only a single drive letter pointing to the root volume. The combination of an NTFS junction and a Windows 2000 volume mount point can be used to graft multiple volumes into the namespace of a host NTFS volume. Windows 2000 offers this new mounting feature as an alternative to drive letters so system administrators can transcend the 26-drive letter limit that exists in Windows NT. Volume mount points are robust against system changes that occur when devices are added or removed from a computer. Important-icon Important A volume is a self-contained unit of storage administered by a file system. The file system that administers the storage in a volume defines a namespace for the volume. A volume mount point is a directory name in an NTFS file system that denotes the root of an arbitrary volume. A volume mount point can be placed in any empty directory of the namespace of the containing NTFS volume. Because volumes can be denoted by arbitrary directory names, they are not required to have a traditional drive letter. Placing a volume mount point on an NTFS directory causes the storage subsystem to resolve the directory to a specified local volume. This "mounting" is done transparently and does not require a drive letter to represent the volume. A Windows 2000 mount point always resolves to the root directory of the desired volume. Volume mount points require that the version of NTFS included with Windows 2000 be used because they are based on NTFS reparse points.
Q194. - (Topic 4)
Your company office network includes a file server that has Windows Server 2008 R2 installed and client computers that have Windows 7 Enterprise installed. The computers are members of an Active Directory domain. The file server has the BrachCache features installed.
All client computers have Windows Firewall along with Advanced Security enabled for all network profiles.
You need to ensure that client computers can access cached files stored on the file server.
What should you do?
A. Run the Netsh branchcache set service mode=HOSTEDSERVER client authentication=NONE command
B. Configure firewall exception rules for multicast traffic, inbound and outbound traffic for local UDP port 3702, and inbound and outbound trafficfor local TCP port 80.
C. Create a Group Policy that sets Hash Publication for BranchCache as disabled.
D. Run the netsh branchcache set service mode=DISTRIBUTED command.
E. Create a Group Policy object and configure the Set percentage of disk space used for client computer cache option.
F. Check permisions.
G. Run the netsh branchcache set service mode=HOSTEDCLIENT command.
H. Create a Group Policy object and enable the Set BranchCache Hosted Cache mode policy.
I. Configure firewall exception rules for inbound and outbound traffic for local TCP port 80 and for inbound and outbound traffic for local TCP port 8443.
Answer: G
Q195. - (Topic 6)
You manage a network device by using a web interface.
You perform all critical Windows updates so that the computer now runs Internet Explorer 10. After performing these updates, the layout of the network device web page displays incorrectly.
Other web pages display correctly.
You need to resolve this issue.
What should you do?
A. Clear Internet Explorer's browsing history.
B. Enable Compatibly Mode for the network device web page.
C. Set the local Intranet security zone to Low.
D. Add the network device web page to the trusted sites zone.
Answer: D
Q196. - (Topic 6)
Your company network has a single-domain Active Directory forest. The forest functional level is set to Windows Server 2008 R2. All computers are members of the domain.
You plan to deploy Windows BitLocker Drive Encryption (BitLocker) on portable computers that have Windows 7 Enterprise installed.
You need to be able to automatically back up recovery passwords for BitLocker-protected disk volumes on the portable computers.
What should you do before you start encrypting the disk volumes with BitLocker?
A. Run the cscript Get-BitLockerRecoverylnfo.vbs script on the portable computers.
B. Select the Turn on BitLocker backup to Active Directory option in local policy on the portable computers.
C. Run the cscript List-ACEs.vbs script on the portable computers.
D. Run the Idifde -i -v -f BitLockerTPMSchemaExtension.Idf -c script on a domain controller.
Answer: B
Q197. - (Topic 4)
Your company network has a single-domain Active Directory forest. The forest functional level is set to Windows Server 2008 R2. All computers are members of the domain.
You plan to deploy Windows BitLocker Drive Encryption (BitLocker) on portable computers that have Windows 7 Enterprise installed.
You need to be able to automatically back up recovery passwords for BitLocker-protected disk volumes on the portable computers.
What should you do before you start encrypting the disk volumes with BitLocker?
A. Select the Turn on BitLocker backup to Active Directory option in Group Policy linked to the portable computers.
B. Run the cscript Get-TPMOwnerlnfo.vbs script on the client computers.
C. Run the manage-bde -on C: -RecoveryPassword command on the portable computers.
D. Run the Idifde -i -v -f BitLockerTPMSchemaExtension.ldf -c script on a domain controller.
Answer: C
Q198. - (Topic 4)
A company has client computers that run Windows 7 Enterprise.
Users complain that Windows displays too many notifications when they try to install software or make changes to their computer.
You need to decrease the number of notifications that Windows displays when users try to install software or make changes to their computer.
Which two choices should you use to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Local Users and Groups
B. the Services management console
C. the netsh command
D. the Group Policy management console
E. share permissions
F. the folder Properties window
G. Device Manager
H. the icacls command
I. the User Account Control Settings Control Panel window
Answer: D,I
Q199. HOTSPOT - (Topic 4)
You are performing an audit of the installed updates on a computer running Windows 7 Enterprise.
You need to find a list of the installed updates on the computer.
Which settings categories should you choose? (To answer, select the appropriate settings in the work area.)
Answer:
Q200. DRAG DROP - (Topic 6)
You have a Windows XP computer.
You need to migrate to Windows 7 and determine that all third-party applications installed on the computer continue to operate with the new operating system.
Which four actions should you perform in sequence? (To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order. )
Answer: