Q1. HOTSPOT
A company runs Windows 10 Enterprise on all devices and has a single Active Directory Domain Services (AD DS) domain. The company uses Microsoft Intune to manage
Windows Phones and iOS devices.
Security updates must be installed as quickly as possible. The update management solution must be able to automatically uninstall updates. You must not deploy any additional development or custom tools.
You need to implement a solution.
In the table below, identify the feature that each solution supports.
NOTE: Make only one selection in each column. Each correct answer is worth one point.
Answer:
Q2. The company apps need to be made available to all mobile devices. You recently published the new applications in Azure.
What should you do?
A. In the Microsoft Azure admin portal, add users to the app collection for the apps.
B. In the MicrosoftAzure admin portal, enable multi-factor authentication.
C. Instruct users to download the Remote Desktop app from the appropriate vendor app store.
D. Run the following Windows PowerShell cmdlet:Update-AzureRemoteAppCollection
Answer: D
Q3. You configure Windows Remote Desktop to allow remote connections. You are testing the remote desktop connection.
When users that are not administrators sign in to the Remote Desktop Connection, the following error message displays: “To sign in remotely, you need the right to sign in through Remote Desktop Services.”
You need to ensure that all employees can access resources by using Remote Desktop Connection.
What should you do?
A. In the local group policy, configure the Remote Desktop Connection Client to prompt for credentials on the client.
B. Create a Group Policy Object that enables the Windows Firewall to allow inbound Remote Desktop Exceptions.
C. Ensure that the employee’s device is joined to the domain.
D. In Computer Management, add the Authenticated Users group to the Remote Users group.
Answer: D
Q4. You configure Windows Remote Desktop to allow remote connections. You are testing the remote desktop connection.
When users that are not administrators sign in to the Remote Desktop Connection, the following error message displays: “To sign in remotely, you need the right to sign in through Remote Desktop Services.”
You need to ensure that all employees can access resources by using Remote Desktop Connection.
What should you do?
A. In the local group policy, configure the Remote Desktop Connection Client to prompt for credentials on the client.
B. Create a Group Policy Object that enables the Windows Firewall to allow inbound Remote Desktop Exceptions.
C. Ensure that the employee’s device is joined to the domain.
D. In Computer Management, add the Authenticated Users group to the Remote Users group.
Answer: D
Q5. HOTSPOT
You upgrade 15 client devices to Windows 10 Enterprise.
You need to configure the devices.
Which Control Panel applets should you use? To answer, select the appropriate applet from each list in the answer area. Each correct answer is worth one point.
Answer:
Q6. You are a network administrator for a company that has an Office 365 E3 subscription. You purchase Enterprise Mobility Suite licenses. You implement synchronization by using a federated identity model.
Passwords for Sales team users often expire while they are travelling. When this happens, the users are not able to log on to the virtual private network (VPN) to perform their duties. Users must be able to reset their own passwords.
You need to enable password write-back. Which application should you configure?
A. Web Application Proxy
B. Active Directory Federation Services (AD FS)
C. Microsoft Online Services Sign-in Assistant
D. Directory Synchronization (DirSync)
E. Azure Active Directory Connect
Answer: E
Q7. You manage an Active Directory Domain Services (AD DS) domain that has 500 devices. All devices run Windows 7 Enterprise Edition. You deploy System Center 2012 R2 Configuration Manager SP1.
You plan to upgrade all devices to Windows 10 Enterprise and encrypt the devices by using Microsoft BitLocker Administration and Monitoring (MBAM), Data secured with BitLocker must not be stored on USB devices.
You need to ensure that existing devices are ready for the upgrade. What should you do?
A. Implement MBAM in thedomain. Create an MBAM group policy and apply the policy to all devices.
B. Verify that the System Center Configuration Manager agent is installed on all devices.
C. In the system BIOS, verify that all devices have a Trusted Platform Module (TPM) 1.2 or higher chip. Enable the TPM chip.
D. Integrate MBAM with System Center Configuration Manager. Deploy the BitLocker prepare task sequence to all laptop computers.
E. From System Center Configuration Manager, create a custom deploy task sequence that enables MBAM. Deploy the task sequence to all Windows 7 devices.
Answer: B
Q8. A company deploys Office 365 in a federated identity model. The environment has two Active Directory Domain Services (AD DS) servers and two Web Application Proxy servers that are not joined to the domain.
All externally published applications that use Windows Authentication and are hosted on- premises must use Active Directory Federation Services (AD FS) to log on.
You need deploy pre-authentication on the Web Application Proxy (WAP) servers. What should you do first?
A. Enable Kerberos constrained delegation.
B. Join the WAP servers to the AD DS domain.
C. Remove and reinstall the AD FS role.D Remove and reinstall the WAP role.
Answer: B
Q9. You manage an Active Directory Domain Services (AD DS) domain that has 500 devices. All devices run Windows 7 Enterprise Edition. You deploy System Center 2012 R2 Configuration Manager SP1.
You plan to upgrade all devices to Windows 10 Enterprise and encrypt the devices by using Microsoft BitLocker Administration and Monitoring (MBAM), Data secured with BitLocker must not be stored on USB devices.
You need to ensure that existing devices are ready for the upgrade. What should you do?
A. Implement MBAM in thedomain. Create an MBAM group policy and apply the policy to all devices.
B. Verify that the System Center Configuration Manager agent is installed on all devices.
C. In the system BIOS, verify that all devices have a Trusted Platform Module (TPM) 1.2 or higher chip. Enable the TPM chip.
D. Integrate MBAM with System Center Configuration Manager. Deploy the BitLocker prepare task sequence to all laptop computers.
E. From System Center Configuration Manager, create a custom deploy task sequence that enables MBAM. Deploy the task sequence to all Windows 7 devices.
Answer: B
Q10. A company has tablet devices that run Windows 10. You configure auditing for devices. You need to determine which audit policies are configured on the devices.
What should you do?
A. At a command prompt, run the following command:auditpol
B. Run the following Windows PowerShell cmdlet:Get-AdminAuditLogConfig
C. At a command prompt, run the following command:Dsget
D. At a command prompt, run the following command:Winrm
E. Run the following Windows PowerShell cmdlet:Get-AuditLogSearch
Answer: A
ProseWare Inc.
Background
ProseWare, Inc.is a software company that specializes in developing smartphone apps that work on multiple platforms. The main office for the company is located in Atlanta. The company has branch offices in Tokyo and Paris.
The company recently published a new game. The game has sold over 10 million copies in
the first year. In the same period, 25 million copies of the free version of the game were downloaded. ProseWare also developed a user productivity app named MyNotesPro.
Employees
Due to the massive demand for the game and for potential new versions and features, ProseWare plans to increase their staff from 100 to 1,000 employees. The employees will be evenly distributed between the three locations. Each employee will have a tablet device that runs Windows 10.
ProseWare plans to connect all offices together by using high-speed internet links. Each employee will be issued a smartphone that runs Apple iOS, Android, or Windows 10. The quality assurance (QA) department includes 50 employees. Each QA department employee will be issued three smartphone devices, one device for each of the operating systems. ProseWare uses Microsoft Intune to manage devices. The company has joined the Apple Device Enrollment program.
Current environment
You create a virtual machine (VM) named RemApp1 in Microsoft Azure by using the Windows Server Remote Desktop Session Host gallery image. Users in the Training department connect to the VM and run several training apps.
You have a file server named FILER01 that runs Windows Server 2012 R2.
In Azure, you create a virtual network and a DNS record. You implement directory synchronization between the on-premises domain and Azure.
You have purchased Remote Desktop Services Client Access Licenses.
Business Requirements
All employees will be given access to a suite of ProseWare premium apps that includes MyNotesPro. You must provide access to the apps by using Azure RemoteApp.
The Atlanta corporate headquarters performs training on a weekly basis for all Tokyo and Paris employees. The training is conducted by using Microsoft Skype for Business on Windows 10 Enterprise devices. You configure the devices to display content in the respective language for the location. Some of the trainers in Atlanta speak Japanese or French.
The Chief Technology Officer requires the following reports:
Technical Requirements
Employees must be able to download and install the appropriate RemoteApp client for their specific mobile device. The procedure for installing RemoteApp clients differs for each mobile operating system. All users must have access to the Azure RemoteApp infrastructure on their mobile devices in order to access the ProseWare premium apps.
All apps must be centrally managed and updated. You must ensure that the apps are available to all employees. Employees must install all apps from a common source location. The ProseWare apps must only be installed on employee devices.
You must import RemApp1 into the Azure RemoteApp Template Image Library. RemApp1 will host the Proseware premium apps.
Some of the apps must be able to access data kept in the on-premises servers at the Atlanta office.
You must design a Work Folders solution on a FILER01. You have the following requirements:
*You must encrypt all data that is synchronized.
*You must synchronize settings every 60 minutes.
*You must restrict the size of each file that is synchronized to 5 gigabytes.