Q1. Your company uses Microsoft Windows Server Update Services (WSUS) to deploy software updates and service packs. Microsoft releases a security update for Windows 7. You have the following requirements: The security update must be deployed by 5:00 P.M. on Friday. Computers that are off when the security update is deployed must install the security update as soon as they are turned on. You need to manage the software update process to meet the requirements. What should you do?
A. Approve the security update for installation through the WSUS console with no deadline.
B. Approve the security update for download through the WSUS console with a deadline of Friday at 5:00 P.M.
C. Approve the security update for installation through the WSUS console with a deadline of Friday at 5:00 P.M.
D. Approve the security update for download through the WSUS console with no deadline.
Answer: C
Explanation:
Hints:
1. question mention at friday 5pm
2. question request install update in stead of download update
Q2. When a user attempts to connect to a server named Server1 by using Remote Desktop Connection (RDC), he receives the following error message.
You need to assign the least amount of privilege to the user to ensure that he can connect to Server1 by using RDC.
To which group should you add the user?
A. Add the user to the Power Users group on Server1.
B. Add the user to the Remote Desktop Users group on Server1.
C. Add the user to the domain Windows Authorization Access group.
D. Add the user to the domain Remote Desktop Users group
Answer: B
Q3. You have a single Active Directory domain. All domain controllers run Windows Server 2003 with Service Pack 1 (SP1).
You plan to store Windows BitLocker Drive Encryption recovery passwords in Active Directory.
You need to recommend the solution that uses the least amount of administrative effort.
What should you recommend?
A. Upgrade the domain controller that has the role of operations master to Windows Server 2008 R2.
B. Upgrade all domain controllers to Windows Server 2008 R2.
C. Upgrade all domain controllers to Windows Server 2003 SP2.
D. Extend the Active Directory schema.
Answer: D
Explanation:
BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory
This section provides information about how BitLocker and TPM recovery information can be backed up in Active Directory. By default, no recovery information is backed up. Administrators can configure Group Policy settings to enable backup of BitLocker or TPM recovery information. Before configuring these settings, as a domain administrator you must ensure that the Active Directory schema has been extended with the necessary storage locations and that access permissions have been granted to perform the backup. http://technet.microsoft.com/en-us/library/cc766015(v=ws.10).aspx
Q4. You are designing a Windows 7 deployment image. You receive a baseline image over the network, from a different geographic location.
You need to verify that the baseline image is valid.
Which tool should you use?
A. ImageX
B. the Deployment Image Servicing and Management (DISM) tool
C. Windows Compatibility Evaluator
D. windows System Image Manager (Windows SIM)
Answer: A
Explanation:
imagex /append image_path image_file {"description"}{/boot | /check | /config configuration_file.ini | /scroll | /verify}/check
Checks the integrity of the .wim file. If not provided, existing checks are removed.
http://technet.microsoft.com/en-us/library/cc749447(v=ws.10).aspx
Q5. You have a single Active Directory Domain Services (AD DS) site. All client computers run Windows 7. Users in the marketing department use a custom application.
You create a new Group Policy object (GPO) and link it to the site. Users in the marketing department then report that they are unable to use the custom application.
You need to ensure that all users in the marketing department are able to use the custom application. You need to ensure that all other users continue to receive the new GPO.
What should you do?
A. Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Allow-Apply Group Policy permission for the GPO.
B. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the OU.
C. Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Deny-Apply Group Policy permission for the GPO.
D. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the domain.
Answer: C
Q6. You have an image that is used to deploy Windows 7 on client computers.
You need to add drivers to the Windows 7 image.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Use the Deployment Image Servicing and Management (DISM) tool offline.
B. Use INF files for driver packages.
C. Use executable files for driver packages.
D. Use Windows Installer files for driver packages.
E. Use the Deployment Image Servicing and Management (DISM) tool online.
Answer: A,B
Explanation:
Deployment Image Servicing and Management able to attach INF driver file to image at offline mode
Q7. Your network has 1,000 client computers that run Windows 7.
You need to install an application, in the Local System account context, on the client computers.
What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. Configure a logon script.
B. Configure a startup script.
C. Configure a shutdown script.
D. Configure a logoff script.
Answer: B,C
Q8. You are planning a zero-touch deployment of Windows 7 Enterprise to client computers on your corporate network.
Each client computer has three available boot methods:
boot from the network by using PXE
boot from USB media
boot from the local hard disk
You have the following requirements:
Set the boot method for a zero-touch deployment.
Ensure that client computers that fail on deployment can be manually configured.
You need to design a zero-touch deployment strategy that supports the requirements.
What should you do?
A. Remove USB media and local hard disk from the available boot methods
B. Remove USB media and network from the available boot methods
C. Set network as the first boot method, USB media as the second boot method, and local hard disk as the third boot method
D. Set USB media as the first boot method and local hard disk as the second boot method. Remove network from the available boot methods
Answer: C
Explanation:
hints: zero-touch deployment of Windows 7 Enterprise to client computers on your corporate network so, set network as 1st boot.
Q9. You deploy Windows 7 to the computers that are used by your companys Web developers. All Web developer user accounts are in a single organizational unit (OU).
Internet Explorer is blocking pop-up windows for multiple internal Web applications that are hosted on different servers.
You need to use Group Policy to ensure that Internet Explorer does not block pop-up windows for internal Web applications.
What should you do?
A. Enable Compatibility View in Internet Explorer.
B. Add each server to the Intranet zone.
C. Add each server to the Trusted Sites zone.
D. Set the default security setting in Internet Explorer to Medium.
Answer: B
Explanation:
Pop-up Blocker features Pop-up Blocker is turned on by default. There are restrictions on the size and position of pop-up windows, regardless of the Pop-up Blocker setting. Pop-up windows cannot be opened larger than or outside the viewable desktop area. For more information, see "Windows Restrictions" in this document. When this functionality is enabled, automatic and background pop-up windows are blocked, but windows that are opened by a user click will still open in the usual manner. Note that sites in the
Trusted Sites and Local
Intranet zones do not have their pop-up windows blocked by default, as they are considered safe. This setting can be configured in the Security tab in Internet Options.
http://technet.microsoft.com/en-us/library/cc784600(v=ws.10).aspx
hints: internal web , so i choose intranet zones.
Local Intranet Zone
By default, the Local Intranet zone contains all network connections that were established by using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local), as long as they are not assigned to either the Restricted Sites or Trusted Sites zone. The default security level for the Local Intranet zone is set to Medium (Internet Explorer 4) or Medium-low (Internet Explorer 5 and 6). Be aware that when you access a local area network (LAN) or an intranet share, or an intranet Web site by using an Internet Protocol (IP) address or by using a fully qualified domain name (FQDN), the share or Web site is identified as being in the Internet zone instead of in the Local intranet zone.
Trusted Sites Zone
This zone contains Web sites that you trust as safe (such as Web sites that are on your organization's intranet or that come from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.
http://support.microsoft.com/kb/174360
Q10. All client computers in your network run Windows 7 Enterprise.
You need to prevent all standard user accounts from running programs that are signed by a
specific publisher.
What should you do?
A. Use AppLocker application control policies. Create an Executable rule.
B. Use software restriction policies. Create a hash rule.
C. Use AppLocker application control policies. Create a Windows Installer rule.
D. Use software restriction policies. Create a path rule.
Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/dd759068.aspx The AppLocker Microsoft Management Console (MMC) snap-in is organized into four areas called rule collections. The four rule collections are executable files, scripts, Windows Installer files, and DLL files. These collections give the administrator an easy way to differentiate the rules for different types of applications. Rule conditions are criteria that the AppLocker rule is based on. Primary conditions are required to create an AppLocker rule. The three primary rule conditions are publisher, path, and file hash.
Publisher - This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application. The publisher may be a software development company, such as Microsoft, or the information technology department of your organization.
Path - This condition identifies an application by its location in the file system of the computer or on the network. AppLocker uses path variables for directories in Windows. File hash - When the file hash condition is chosen, the system computes a cryptographic hash of the identified file.