70-685 Exam
10 Tips For 70-685 customers
We provide real 70-685 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Microsoft 70-685 Exam quickly & easily. The 70-685 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Microsoft 70-685 dumps pdf and vce product and material, you can easily pass the 70-685 exam.
Q41. A client computers on your company network run Windows 7. Employees log on to their computers as Standard users.
There is a zero-day malicious software attack affecting your network. Employees receive User AccountControl (UAC) messages frequently requesting permission to elevate privileges. You know that this malicious software attack is responsible for these UAC prompts.
You need to ensure that employees are unable to provide elevated credentials.
What should you do?
A. Configure the Group Policy User Account Control: Only elevate executables that are signed and validated setting to Disabled.
B. Configure the Group Policy User Account Control: Switch to the secure desktop when prompting for elevation setting to Disabled.
C. Configure the Group Policy User Account Control: Behavior of the elevation prompt for standard users setting to Automatically deny elevation requests.
D. Configure the Group Policy User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting to Prompt for consent for non-Windows binaries.
Answer: C
Q42. The help desk reports that users receive a security warning message when they try to access the internal Web site shown in the exhibit:
The help desk confirms that users never received this security warning message before.
You need to provide a solution to prevent users from receiving the security warning when they try to access the internal Web site.
What should you do?
Exhibit:
A. Instruct the users to download the certificate of the Web server.
B. Instruct the users to download a new certificate revocation list (CRL).
C. Request that a domain administrator renew the Web server SSL certificate.
D. Request that a domain administrator renew the user authentication certificates for all users.
Answer: C
Q43. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series.
Topic 13, Enterprise Company
Scenario:
Background
You are the desktop support technician for an Enterprise Company. The company offices, sizes, and platforms are shown in the following table:
Software Environment
The company has a single Active Directory Domain Services (AD DS) forest with one domain. All domain controllers run Windows Server 2008 R2. The forest and domain functional levels are set to Windows Server 2008 R2.
The company outsources sales support to a third party.
Each member of the Sales Support team has an AD DS user account in a global security group named Sales.
The Sales security group and the AD DS user accounts for the Sales Support team reside in an organizational unit (OU) named Sales Support.
Members of the Sales Support team do not use domain-joined client computers.
With the exception of the Sales Support team, all user accounts reside in an OU named Employees.
All client computers reside in an OU named Client Computers.
A global security group named Accounting contains users with domain accounts. They use portable computers running Windows 7 that are joined to the domain.
The company uses DirectAccess for remote access connectivity. Windows 7 domain-joined computers have been configured to use DirectAccess.
The company uses Microsoft Exchange and Outlook Web App (OWA) for email and collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO is linked to the domain.
The company mandates that all domain-joined computers must connect to corporate WAPs automatically. The company's 802.1 X authentication server must be used for client computer connections to the WAP.
Visitors and contractors are unable to connect to the corporate wireless network.
Management has mandated that a guest wireless network be established that meets the following criteria:
Users should not have to provide credentials.
Maximize wireless network performance.
Minimize administrative overhead.
Data Protection Environment
Full system backups are performed on client computers on Sundays with one week of retention.
All client computers are configured with System Protection settings to restore only previous versions of files.
The company's help desk technicians spend a significant amount of time researching whether remote access issues are related to the corporate network or to Accounting group users' Internet connectivity.
You need to recommend a solution that minimizes time spent indentifying the cause of the remote access issues.
What should you recommend?
A. Deploy the DirectAccess Connectivity Assistant on the Accounting group's portable computers.
B. Deploy the DirectAccess Connectivity Assistant on the help desk technicians' computers.
C. Enable Windows Firewall logging on DirectAccess servers.
D. Enable Windows Firewall logging on the portable computers.
Answer: A
Q44. Humongous Insurance users who work at Fabrikam report that when they move between different wireless networks, they are prompted to manually reconnect to the VPN.
You need to ensure that the users can automatically reconnect to the VPN when they move between wireless networks.
What should you request?
A. that a network administrator create a CNAME record named AUTODISCOVER in the humongousinsurance.com DNS zone
B. that a network administrator enable Network Load Balancing on NPAS1
C. that users use only IKEv2-based VPN connections
D. that users use only SSTP-based VPN connections
Answer: C
Q45. All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain.
You deploy network printers.
You need to ensure that employees are able to find these printers.
What should you do first?
A. Ensure that your print servers include Windows 7 print drivers.
B. In the Location Aware Printing applet, choose the Change my default printer when I change networks setting.
C. Create a group policy to enable the Automatically publish new printers in Active Directory policy.
D. Create a group policy to enable the Prune printers that are not automatically republished policy.
In the Prune non-republishing printers drop-down list, select the Whenever printer is not found option.
Answer: C
Q46. A user's computer fails. The help desk provides the user with a new computer. The user's Documents folder is restored from the backup.
The user reports that he can no longer access his encrypted files. The help desk recovers the files by using a data recovery agent (DRA).
You need to ensure that when users receive new computers, they can access their encrypted files without administrative intervention.
What should you request?
A. credential roaming be enabled
B. BitLocker be enabled on all computers
C. user accounts be trusted for delegation
D. the CA be configured for key archival and recovery
Answer: A
Q47. A corporate environment includes client computers running Windows 7 Enterprise. The hard drives of all client computers are encrypted by using Windows BitLocker Drive Encryption. The operating system of a client computer is not found. You are unable to repair the operating system. You need to recommend an approach for salvaging data from the client computer. What is the best approach to achieve the goal? (More than one answer choice may achieve the goal. Select the BEST answer.)
A. Use the BitLocker Active Directory Recovery Password Viewer.
B. Use the BitLocker Drive Encryption Recovery Console.
C. Use a data recovery agent.
D. Use the BitLocker Repair Tool.
Answer: D
Q48. A company has a main office and a branch office. The network contains a single Active Directory domain. All computers are members of the domain.
Five users in the branch office report that their Windows 7 computer is slow when it runs multiple applications.
From your computer, you need to identify the application that consumes the most processor resources on the computers.
Which tool should you use?
A. Event Viewer
B. Performance Monitor
C. CPU Meter gadget
D. Task Manager
Answer: B
Q49. When visiting certain websites, users receive a message in Internet Explorer.
The message is shown in the exhibit:
You need to ensure that the Internet Explorer settings for all client computers follow company requirements.
What should you modify in Group Policy?
Exhibit:
A. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode setting.
B. Disable the Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors setting.
C. Enable the Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors setting.
D. Disable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.
E. Enable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.
F. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificate or only one certificate setting.
Answer: C
Q50. Users in branch office 2 map drives to shared folders on SRV1.
The users report that they cannot access files in the shared folders when the WAN link between branch office 2 and the main office is unavailable. When they attempt to access the files, they are prompted to enter their credentials but are denied access.
You need to ensure that the users can access the shared folders if the WAN link fails.
What should you do?
A. Instruct a desktop support technician to configure Offline Files on the Windows 7 computers.
B. Instruct a desktop support technician to configure BranchCache on the Windows 7 computers.
C. Request that a domain administrator deploy a domain controller in branch office 2.
D. Request that a domain administrator enable Universal Group Membership Caching for branch office 2.
Answer: B