Q1. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series.

Topic 12, Tailspin Toys

Scenario::

Background

You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and distributes children's toys. The network environment includes a server infrastructure running on Windows Server 2003 Service Pack (SP) 2 and Windows Server 2008 R2, Active Directory with the forest and domain levels set at Windows Server 2003, and Active Directory Certificate Services (AD CS) running on Windows Server 2008 R2. The company has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA).

The company sites, network connectivity, and site technologies are shown in the following table:

The company uses Microsoft SharePoint 2010 as the company intranet and as a document repository for company-related Microsoft Office documents. The URL for the intranet is intranet.tailspintoys.com . There is a Group Policy object (GPO) that applies to all client computers that allows employees who are connected to the corporate network to go to the intranet site without having to enter authentication information.

All users are using Microsoft Internet Explorer 8. All users have enabled the Internet Explorer SmartScreen Filter and the Internet Explorer phishing filter. All of the desktop support technicians are members of a security group named Desktop Admins. The Desktop Admins group is a member of the local Administrators group on all client computers. The desktop support technicians use the Microsoft Diagnostics and Recovery Toolset to perform various troubleshooting and repairs.

All Windows 7 client computers have a directory named tailspintoys\scripts in the root of the operating system drive. The directory contains four unique .vbs files named scriptl.vbs, script2.vbs, script3.vbs, and script4.vbs.

Software Environment

An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that:

   No .bat files are allowed to be run by users and rules are enforced

An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that:

   No .bat files are allowed to be run by users and rules are enforced

Data Protection Environment

Some users at the Manufacturing site use EFS to encrypt data.

A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA).

The DRA certificate and private key are stored on a portable USB hard drive.

As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company's existing security configurations related to network security and data security. The management team has issued the following requirements:

New software requirements

All installation programs must be digitally signed.

Minimum permissions must be granted for installation of programs.

Internet Explorer requirements

Users must not be able to bypass certificate warnings.

Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT.

Data protection requirements

All portable storage devices must use a data encryption technology. 

The solution must meet the following requirements: 

Allow all users a minimum of read access to the encrypted data while working from their company client computers. Encrypt entire contents of portable storage devices. Minimize administrative overhead for users as files and folders are added to the portable storage devices.

Recovery information for client computer hard drives must be centrally stored and protected with data encryption.

Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin's certificate is not available.

You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them.

What should you recommend that the users do?

A. From the command line, run the cipher.exe /e command.

B. From the command line, run the certutil.exe /backupKey command.

C. Enroll for a secondary EFS certificate.

D. Export their EFS certificates with private keys to an external location.

View Answer

Q2. All client computers on your company network run Windows 7.

The preview displayed in the Content view of Windows Explorer and the Search box is considered a security risk by your company.

You need to ensure that documents cannot be previewed in the Content view.

What should you do?

A. Change the Windows Explorer view to the List view and disable all Search indexes.

B. Set Group Policy to enable the Remove See More Results/Search Everywhere link setting.

C. Set Group Policy to enable the Turn off the display of snippets in Content view mode setting.

D. Set Group Policy to enable the Turn off display of recent search entries in the Windows Explorer search box setting.

View Answer

Q3. You have an Active Directory domain. All client computers run Windows 7 and are joined to the domain. All administrators have laptop computers that have integrated smart card readers. All administrator accounts are configured to require the smart cards to log on to the domain.

A smart card reader fails on your laptop. You order a replacement smart card reader. The new reader will be delivered next week.

You need to ensure that you can log on to the domain by using your administrative user account.

You request that a domain administrator modify the properties of your user account.

What else should you request the domain administrator to do?

A. Reset your computer account.

B. Reset your user account password.

C. Disable and enable your user account.

D. Remove your computer from the domain, and then join your computer to the domain.

View Answer

Q4. When visiting certain websites, users receive a message in Internet Explorer. 

The message is shown in the exhibit:

You need to ensure that the Internet Explorer settings for all client computers follow company requirements.

What should you modify in Group Policy?

Exhibit:

A. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode setting.

B. Disable the Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors setting.

C. Enable the Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors setting.

D. Disable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.

E. Enable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.

F. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificate or only one certificate setting.

View Answer

Q5. The company purchases 500 USB flash drives from a new hardware vendor and distributes them to the users.

The help desk reports that the users are unable to access the new USB flash drives.

You need to ensure that users can save data on the USB flash drives.

What should you do?

A. Instruct the help desk to modify the BitLocker settings.

B. Instruct the help desk to modify the Windows Defender settings.

C. Request that an administrator modify the driver signing policy.

D. Request that an administrator modify the device installation restriction policy.

View Answer

Q6. All client computers on your company network run Windows 7. The Finance department staff run an application that collects data from 09:30 hours to 15:00 hours everyday. After data collection, the application generates reports that contain data aggregation for the day and the previous week.

During report generation, the Finance department staff experience slow performance on their computers.

You discover that the usage of the processor on these computers is between 90 and 100 percent. You need to reduce the impact of report generation on the Finance computers.

What should you do?

A. Set the priority of the application to Low.

B. Set the priority of the application to Real-time.

C. Configure the processor affinity mask to ensure that the application uses all the available processors.

D. Modify the memory settings of the computers to optimize the performance of the background applications.

View Answer

Q7. All client computers on your company network run Windows 7. All servers in your company run Windows Server 2008 R2. Employees use a VPN connection to connect to the company network from a remote location.

Employees remain connected to the VPN server to browse the Internet for personal use.

You need to ensure that employees are unable to use the VPN connection for personal use.

What should you do?

A. Configure the VPN connection to append a connection-specific DNS suffix.

B. Configure the VPN connection to use machine certificates for authentication.

C. Use Group Policy to disable the Use default gateway on remote network setting on each client computer.

D. Use Group Policy to configure the firewall on each computer to block outgoing connections when using the VPN connection.

View Answer

Q8. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series.

Topic 3, A. Datum Corporation

Scenario:

You are an enterprise desktop support technician for A. Datum Corporation.

Active Directory Configuration

The company has three offices. The offices are configured as shown in the following table:

Wireless Network

A wireless network is implemented in the main office. The wireless network is configured to use WPA2-Enterprise security.

Client Configuration

All client computers run Windows 7 Enterprise and are configured to use DHCP. 

Windows Firewall is disabled on all client computers.

All computers in the research department have Windows XP Mode and Windows Virtual PC installed. 

You deploy a custom Windows XP Mode image to the research department computers.

An application named App1 is installed in the image.

Each research department computer has the following hardware:

     4-GB of RAM

     Intel Core i7 processor

     500-GB hard disk drive

Corporate Security Policy

The corporate security policy includes the following requirements:

Users without domain accounts must be denied access to internal servers.

All connections to the company's wireless access points must be encrypted.

Only employees can be configured to have user accounts in the Active Directory domain.

The hard disk drives on all portable computers must be encrypted by using Windows BitLocker Drive Encryption (BitLocker).

Users in the research department report that they cannot run App1 or Windows XP Mode.

You need to ensure that all research department users can run App1. You need to achieve this goal by using the minimum amount of administrative effort.

What should you do?

A. Approve all Windows 7 updates on WSUS1.

B. Enable hardware virtualization on the research department computers.

C. Give each member of the research department a computer that has an Intel Core i5 processor.

D. Request that a domain administrator create a GPO that configures the Windows Remote Management (WinRM) settings.

View Answer

Q9. A corporate environment includes client computers running Windows 7 Enterprise. Remote access to the corporate network utilizes Network Access Protection (NAP) and DirectAccess.

You need to recommend an approach for providing support technicians with the ability to easily determine the cause of client-side remote access issues.

What is the best approach to achieve the goal? (More than one answer choice may achieve the goal. Select the BEST answer.)

A. Run network tracing for DirectAccess on client computers.

B. Grant the support technicians access to the DirectAccess Management Console.

C. Deploy the DirectAccess Connectivity Assistant (DCA) to client computers.

D. Run Windows Network Diagnostics on client computers.

View Answer

Q10. An administrator modifies the external IP address of Web1 and creates a Hosts (A) record for website1.wingtiptoys.com on the external DNS servers.

Your users report that they can no longer connect to website1.wingtiptoys.com from the Internet.

You need to ensure that users can connect to website1.wingtiptoys.com from the Internet.

What should you do?

A. Instruct the users to modify the DNS client settings on their computers.

B. Instruct the users to remove an entry from the Hosts file that is located on their computers.

C. Request that an administrator create a Pointer (PTR) resource record for the new IP address of Web1.

D. Request that an administrator create an alias (CNAME) resource record for website1.wingtiptoys.com .

View Answer