70-680 Exam - TS:Windows 7,Configuring

certleader.com

Q1. - (Topic 1) 

You have a computer that runs Windows 7. 

You run the Configure Backup wizard as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that you can back up the computer to a local disk drive. What should 

you do before you run the Configure Backup wizard? 

A. Connect a removable disk. 

B. Log on as an administrator. 

C. Start the Volume Shadow Copy Service (VSS). 

D. Add your user account to the Backup Operators group. 

Answer:

Explanation: 

An external hard drive External hard drives can be removed and stored in a secure location. However, they are typically slower than internal hard drives and tend to be less reliable, mainly because they are by default formatted using FAT rather than NTFS. You cannot use an external hard drive for a System Image backup unless you convert its filing system to NTFS. Because it is easily removable, it is more likely that an external hard drive will be missing when a scheduled backup is required. (Local disk drive was specified, not internal)NOT AdministratorYou need administrator credentials to configure scheduled backups or to manually initiate a backup. However, restoring files does not require administrator privileges unless a user attempts to restore another user's file. (NOTE: The issue was a lack of location to store the Backup, not being about to run the Configure Backup, thus it was assumed that the user in this scenario had administrator credentials)NOT Backup OperatorsMembers of this group are able to override file and folder access restrictions for the purpose of backing up data. You can allow a user to back up files and directories by assigning them to the Backup Operators group rather than by modifying the Back Up Files and Directories policy.NOT VSSVSS is installed on computers running Windows 7. Its startup type is Manual. The service starts as needed. If the service does not start when required, shadow copies are unavailable for backup and Windows Backup does not succeed. Nor can you create restore points and previous versions. In this case, check the service and ensure that it has not been disabled. 

Q2. - (Topic 6) 

You have a computer that runs Windows 7. 

The computer's hard disks are configured as shown in the following table. 

You need to ensure that you can recover the operating system and all the files on the computer if hard disk 0 experiences hardware failure. 

What should you do? 

A. Use the Backup and Restore tool to create a system image on an external hard disk. 

B. Create a restore point for both hard disks. 

C. Use the Backup and Restore tool to back up data files for all users. 

D. Shrink drive C and then create a new partition. 

Answer:

Explanation: System Image in Windows 7 The new backup utilities in Windows 7 are actually pretty impressive and creating an image will be possible in all versions. Today we take a look at creating a backup image of your machine without the need for a third party utility like Ghost or True Image. 

You are just finished installing a fresh copy of Windows 7 on your computer and have it set up to your liking. One of the first things you should do now is create an image of the disc so in the event of a crash you will be able to restore it to its current state. An image is an exact copy of everything on the drive and will restore it back to its current state. It's probably best to create an image when everything is clean and organized on your system. This will make the image file smaller and allows you to restore the system with a smooth running set up. 

Q3. - (Topic 2) 

You have 15 computers that run Windows 7. 

You need to implement a monitoring solution that meets the following requirements: 

. Sends an e-mail notification when an application error is logged in the event log . Runs a script to restart the computer if an application error occurs between 17:00 and 07:00 . Minimizes the administrative effort required to monitor applications 

What should you do? 

A. On all the computers, configure a custom view. Configure a custom task for the application error events. 

B. On a computer, configure a custom view to display the application errors. Configure a custom task for the application error events. 

C. On a central computer, configure an event subscription. On all of the computers, configure a custom task in the Forwarded Events log. 

D. On all the computers, configure an event subscription to a central computer. On the central computer, configure a custom task in the Forwarded Events log. 

Answer:

Explanation: 

Event ForwardingEvent forwarding enables you to transfer events that match specific criteria to an administrative (or collector) computer. This enables you to manage events centrally. A single event log on the collector computer holds important events from computers anywhere in your organization. You do not need to connect to the local event logs on individual computers. SubscriptionsIn a source-initiated subscription (sometimes termed a source computer–initiated subscription), the computer on which an event is generated (the source computer) sends the event to the collector computer. You would use a source-initiated subscription when you have a large number of source computers and you configure these computers through Group Policy. 

Q4. DRAG DROP - (Topic 6) 

You capture a Windows Image (.wim) file from a reference computer. 

You place the image file into a shared folder. 

You need to deploy the image to a computer without an operating system. 

What should you do? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.) 

Answer:  

Q5. - (Topic 5) 

You install Windows 7 on a new computer. 

Every time you start the computer, you receive a "STOP" error message. 

You suspect that the RAM on the computer has a problem. 

You need verify the RAM on the computer. 

What should you do first? 

A. Start the computer, press F8, and select Repair Your Computer. 

B. Start the computer, press F8, and then select Debugging Mode. 

C. Start the computer by using Windows PE and then run the bootsect.exe /all command 

D. Start the computer by using Windows PE and then run the bcdedit /bootsequence command 

Answer:

Q6. - (Topic 4) 

Your company network has a single-domain Active Directory forest. The forest functionality level is set to Windows Server 2008 R2. All computers are members of the domain. 

You plan to deploy Windows Bitlocker Encryption (BitLocker) on the portable computers that have Window 7 Enterprise installed. 

You need to be able to automatically back up recovery passwords for BitLocker-protected disk volumes on the portable computers. 

What should you do before you start encrypting the disk on volumes with BitLocker? 

A. Run the cscript Add-TPMSelfWriteACE.vbs script on the portable computers 

B. Run the cscript List-ACEs.vbs script on the portable computers. 

C. Run the cscript Get-TPMOwnerInfo.vbs script on the client computers. 

D. Select the Turn on BitLocker backup to Active Directory option in local policy on the portable computers. 

Answer:

Q7. - (Topic 5) 

Your company network contains 20 client computers that run Windows 7 Enterprise. The network does not have a DNS server and is using IPv6 only. 

Users are complaining they are unable to see others' computers on the network. 

You notice that the settings of the network are configured as shown in the exhibit. (Click the Exhibit button.) 

You need to ensure that users can see all computers on the network in Windows Explorer. 

What should you do on each computer? 

A. Turn on Public folder sharing. 

B. From a command prompt, run the net view command. 

C. Turn on Network discovery. 

D. Run Windows Network Diagnostics. 

E. From a command prompt, run the net config command 

Answer:

Q8. - (Topic 2) 

You have a computer that runs Windows 7. 

You create an application shim for a third-party application by using the Microsoft Application Compatibility Toolkit (ACT). 

You need to ensure that the application shim is applied the next time you run the application. 

What should you do first? 

A. Run Sdbinst.exe. 

B. Run Msiexec.exe. 

C. Right-click the application executable file and modify the compatibility settings. 

D. Right-click the application executable file and modify the advanced security settings. 

Answer:

Explanation: 

Deploying a custom shim database to users requires the following two actions: Placing the custom shim database (*.sdb file) in a location to which the user's computer has access (either- locally or on the network)- Calling the sdbinst.exe command-line utility to install the custom shim database locally 

Demystifying Shims - or - Using the Application Compatibility Toolkit to make your old stuff work with your new stuff 

What is a Shim? A shim is one of the very few four-letter words in use by Microsoft that isn't an acronym of some sort. It's a metaphor based on the English language word shim, which is an engineering term used to describe a piece of wood or metal that is inserted between two objects to make them fit together better. In computer programming, a shim is a small library which transparently intercepts an API, changes the parameters passed, handles the operation itself, or redirects the operation elsewhere. Shims can also be used for running programs on different software platforms than they were developed for. 

How Shims work The Shim Infrastructure implements a form of Application Programming Interface (API) hooking. The Windows API is implemented using a collection of DLLs. Each application built for Windows imports these DLLs, and maintains a table of the address of each of these functions in memory. Because the address of the Windows functionality is sitting in a table, it is straightforward for the shim engine to replace this address with the address of the shim DLL instead. The application is generally unaware that the request is going to a shim DLL instead of to Windows itself, and Windows is unaware that the request is coming from a source other than the application (because the shim DLL is just another DLL inside the application's process). In this particular case, the two objects are the application program and Windows, and the shim is additional code that causes the two to behave better together, as shown below: 

Figure 1 Before the shim is applied, the application interacts directly with Windows. 

Figure 2 After the shim is applied, the application interacts with Windows indirectly; the shim code is injected and can modify the request to Windows, the response from Windows, or both. 

Specifically, it leverages the nature of linking to redirect API calls from Windows to alternative code—the Shim. Calls to external binary files take place through the Import 

Address Table (IAT). Consequently, a call into Windows looks like: 

Figure 1 

Application calling into Windows through the IAT Specifically, you can modify the address of the Windows function resolved in the import table, and then replace it with a pointer to a function in the alternate shim code, as shown in 

Figure 2 

This redirection happens for statically linked .dll files when the application is loaded. You can also shim dynamically linked .dll files by hooking the GetProcAddress API. Why Should we be using Shims This is the cost-saving route—help the application by modifying calls to the operating system before they get there. You can fix applications without access to the source code, or without changing them at all. You incur a minimal amount of additional management overhead (for the shim database), and you can fix a reasonable number of applications this way. The downside is support as most vendors don't support shimmed applications. You can't fix every application using shims. Most people typically consider shims for applications where the vendor is out of business, the software isn't strategic enough to necessitate support, or they just want to buy some time. For example, a very commonly used shim is a version-lie shim. To implement this shim, we intercept several APIs that are used to determine which version of Windows the application is running on. Normally, this information is passed on to Windows itself, and it answers truthfully. With the shim applied, however, these APIs are intercepted. Instead of passing on the request to Windows, a different version of Windows is returned (for example, Windows XP instead of Windows 7). If the application is programmed to run only on Windows XP, this is a way to trick the application into believing it's running on the correct OS. (Frequently this is all that is necessary to resolve an application compatibility problem!) There are a huge number of tricks you can play with shims. For example: The ForceAdminAccess shim tries to trick the application into believing that the current user is a member of the local Administrator group, even if he is not. (Many applications outright fail if you are not a local administrator, though you may be able to use other tricks, such as UAC File and Registry Virtualization, to resolve the issues that caused the check in the first place.) How it implements this check can be fairly straightforward. For example, this shim intercepts the API IsUserAnAdmin from shell32.dll. The complete source code of the shimmed function (which has wonderful performance characteristics compared to the actual API) is simply return TRUE. The WrpMitigation shim tricks application installers into believing they can write to files that are protected by Windows Resource Protection (WRP). If you try to write to a file that's protected, the shim first creates a new temporary file, marks it to be deleted once the handle is closed, and then returns the handle to the temporary file as if it were the actual protected file. The application installs the crusty old version of kernel32.dll or shell32.dll (or whichever other file it picked up while it was being packaged) into a temp file, but then that temp file goes away and the matching, patched, up-to-date version of the protected file remains on the file system. So, WRP can still ensure that you don't end up with an ancient copy of shell32.dll from Windows 95 on your computer, but the installer won't fail with ACCESS_DENIED when you use this shim. The CorrectFilePaths shim can redirect files from one location to another. So, if you have an application that is trying to write to c:\myprogramdir (which isn't automatically fixed using UAC File and Registry Virtualization), you can redirect the files that are modified at runtime to a per-user location. This allows you to run as a standard user without having to loosen access control lists (ACLs), because you know your security folks hate it when you loosen ACLs. NOTE: As shims run as user-mode code inside a user-mode application process, you cannot use a shim to fix kernel-mode code. For example, you cannot use shims to resolve compatibility issues with device drivers or with other kernel-mode code. (For example, some antivirus, firewall, and antispyware code runs in kernel mode.) 

When can we use a Shim: You acquired the application from a vendor that is no longer in business. Several applications are from vendors that have since gone out of business; so clearly, support is no longer a concern. However, because the source code is not available, shimming is the only option for compatibility mitigation. You developed the application internally. While most customers would prefer to fix all their applications to be natively compatible, there are some scenarios in which the timing does not allow for this. The team may not be able to fix all of them prior to the planned deployment of new version of Windows, so they may choose to shim the applications that can be shimmed and modify the code on the ones where shims are insufficient to resolve the compatibility issue. You acquired the application from a vendor that will eventually be releasing a compatible version, but support is not critical. When an off-the-shelf application is neither business critical nor important, some customers use shims as a stopgap solution. Users could theoretically wait until a compatible version is available, and its absence would not block the deployment, but being able to provide users with a shimmed and functional version can bridge that gap until a compatible version is available. 

Creating an Application Compatibility Shim If you are trying to run an application that was created for 2000 or XP and had problems running in Windows 7, you could always turn on compatibility mode for the executable on your machine. However if you are trying to create a shim that could be used on other machines as well, you could use the following instructions to create the shim and send it. It is a very small size and once executed, will always be associated with that executable on that machine. 

ACT is the Application Compatibility Toolkit. Download it from here: http://www.microsoft.com/downloads/details.aspx?familyid=24da89e9-b581-47b0-b45e-492dd6da2971&displaylang=en 

Once we launch the Compatibility Administrator Tool, from Start Menu – Microsoft Application Compatibility Toolkit: 

Right-click on New Database: 

Choose Application Fix here. In this below dialog, give the application details and the executable you would want to fix: 

1. Type the name of the program to fix 

2. Type the vendor name 

3. Browse to location of executable 

When you press the next button, you will get to see the list of the compatibility modes listed by default. If you have an issue with just version incompatibility then choose the version in which the application was working earlier. At this point I have already determined that Windows 2000 compatibility mode will work for this program. 

In the list box, scroll down and select "Windows 2000". 

In the next window (when you have combination of shims to be chosen). As shown below, you have lots of shims to choose from. Select all the shims which would fix your application. 

Click on Finish. This will give you the complete summary of the application and the fixes applied. 

Now you need to save this shim database file (A small database including the shim information is created), and install it. You can either install it by right-clicking on the shim and pressing the install button, or by using a command-line option, sdbinst.exe <database. sdb>. 

NOTE: "sdbinst.exe" is already located by default in c:\windows\system32 

Once the Application Compatibility Database is installed, we can run the program from the location specified earlier (in the first window). Now the program should be running in the Compatibility mode that you specified during the process. 

Q9. - (Topic 5) 

Your company network has a single-domain Active Directory forest. The forest functional level is set to Windows Server 2008 R2. All computers are members of the domain. 

You plan to deploy Windows BitLocker Drive Encryption (BitLocker) on portable computers that have Windows 7 Enterprise installed. 

You need to be able to automatically back up recovery passwords for BitLocker-protected disk volumes on the portable computers. 

What should you do before you start encrypting the disk volumes with BitLocker? 

A. Run the cscript Get-TPMOwnerlnfo.vbs script on the client computers. 

B. Select the Turn on BitLocker backup to Active Directory option in local policy on the portable computers. 

C. Run the cscript Get-BitLockerRecoverylnfo.vbs script on the portable computers. 

D. Run the Idifde -i -v -f BitLockerTPMSchemaExtension.ldf -c script on a domain controller. 

Answer:

Q10. - (Topic 1) 

You have a computer that runs Windows 7. 

Multiple users log on to your computer. 

You enable auditing on a folder stored on your computer. 

You need to ensure that each access to the folder is logged. 

What should you do? 

A. Start the Problem Steps Recorder. 

B. From Event Viewer, modify the properties of the Security log. 

C. From the local Group Policy, configure the Audit object access setting. 

D. From the local Group Policy, configure the Audit directory service Access setting. 

Answer:

Explanation: 

Audit object access Determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. By default, this value is set to No auditing in the Default Domain Controller Group Policy object (GPO) and in the local policies of workstations and servers. If you define this policy setting, you can specify whether to audit successes, audit failures, or not to audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. You can select No auditing by defining the policy setting and unchecking Success and Failure.