Practical of microsoft 70 680 training materials and braindumps for Microsoft certification for examinee, Real Success Guaranteed with Updated exam 70 680 pdf dumps vce Materials. 100% PASS TS:Windows 7,Configuring exam Today!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Microsoft 70-680 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-680 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/70-680-exam-dumps.html
Q251. - (Topic 2)
An employee who works from home telephones your help desk. A virus attack has deleted his computer's single internal hard disk. He carried out a System Image backup on his computer three months ago and automatically backs up his personal files every night. He uses an external USB hard drive formatted with the NTFS file system to hold his backups.
All his personal files are in his Documents library. What do you advise? (Choose all that apply; the answers form a complete solution.)
A. Carry out a System Image restore.
B. Carry out a system restore.
C. Use Restore Previous Versions to restore his Documents library from a shadow copy.
D. Use Restore My Files in the Backup And Restore console to restore his Documents library folder.
Answer: A,D
Q252. - (Topic 2)
You have a computer that runs windows 7.
You have a third-party application.
You need to ensure that only a specific version of the application runs on the computer.
You have the application vendor's digital signature.
What should you do?
A. From Application Control Policies, configure a path rule.
B. From Application Control Policies, configure a publisher rule.
C. From Software Restriction policies, configure a path rule.
D. From Software Restriction policies, configure a certificate rule.
Answer: B
Explanation:
AppLocker Application Control Policies AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. As you learned earlier in this chapter, hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer ConfigurationWindows Settings Security Settings Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO. AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies. AppLocker Application Control Policies - Publisher Rules Publisher rules in AppLocker work on the basis of the code-signing certificate used by the file's publisher. Unlike a Software Restriction Policy certificate rule, it is not necessary to obtain a certificate to use a publisher rule because the details of the digital signature are extracted from a reference application file. If a file has no digital signature, you cannot restrict or allow it using AppLocker publisher rules. Publisher rules allow you more flexibility than hash rules because you can specify not only a specific version of a file but also all future versions of that file. This means that you do not have to re-create publisher rules each time you apply a software update because the existing rule remains valid. You can also allow only a specific version of a file by setting the Exactly option.AppLocker Application Control Policies - Path RulesAppLocker path rules work in a similar way to Software Restriction Policy path rules. Path rules let you specify a folder, in which case the path rule applies to the entire contents of the folder, including subfolders, and the path to a specific file. The advantage of path rules is that they are easy to create. The disadvantage of path rules is that they are the least secure form of AppLocker rules. An attacker can subvert a path rule if they copy an executable file into a folder covered by a path rule or overwrite a file that is specified by a path rule. Path rules are only as effective as the file and folder permissions applied on the computer.
Software Restriction Policies Software Restriction Policies is a technology available to clients running Windows 7 that is available in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. You manage Software Restriction Policies through Group Policy. You can find Software Restriction Policies in the Computer Configuration Windows SettingsSecurity SettingsSoftware Restriction Policies node of a group policy. When you use Software Restriction Policies, you use the Unrestricted setting to allow an application to execute and the Disallowed setting to block an application from executing. You can achieve many of the same application restriction objectives with Software Restriction Policies that you can with AppLocker policies. The advantage of Software Restriction Policies over AppLocker policies is that Software Restriction Policies can apply to computers running Windows XP and Windows Vista, as well as to computers running Windows 7 editions that do not support AppLocker. The disadvantage of Software Restriction Policies is that all rules must be created manually because there are no built-in wizards to simplify the process of rule creation.Software Restriction Policies - Path Rules Path rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: Program filesApplicationApp.exe to Unrestricted and one that sets the folder C:Program filesApplication to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:Program filesApplication*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:AppsFilesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed. Software Restriction Policies - Certificate Rules Certificate rules use a code-signed software publisher's certificate to identify applications signed by that publisher. Certificate rules allow multiple applications to be the target of a single rule that is as secure as a hash rule. It is not necessary to modify a certificate rule in the event that a software update is released by the vendor because the updated application will still be signed using the vendor's signing certificate. To configure a certificate rule, you need to obtain a certificate from the vendor. Certificate rules impose a performance burden on computers on which they are applied because the certificate's validity must be checked before the application can execute. Another disadvantage of certificate rules is that they apply to all applications from a vendor. If you want to allow only 1 application from a vendor to execute but the vendor has 20 applications available, you are better off using a different type of Software Restriction Policy because otherwise users can execute any of those other 20 applications.
Q253. - (Topic 1)
You have a computer that runs Windows 7. You create a HomeGroup. You need to secure the HomeGroup to meet the following requirements:
. Allow access to the HomeGroup when you are connected to private networks
. Block access to the HomeGroup when you are connected to public networks
What should you do?
A. From Network and Sharing Center, modify the advanced sharing settings.
B. From the HomeGroup settings in Control Panel, modify the advanced sharing settings.
C. Configure the HomeGroup exception in Windows Firewall to include Home or work (private) networks and block Public networks.
D. Configure the File and Printer Sharing exception in Windows Firewall to include Home or work (private) networks and block Public networks.
Answer: C
Explanation:
Windows Firewall does not allow you to create firewall rules for specific network locations on the basis of port address. Windows Firewall does not allow you to create rules that differentiate between the home and work network locations. You can only create rules that differentiate on the basis of home and work or public network locations.
HomeGroup Connections This option decides how authentication works for connections to HomeGroup resources. If all computers in the HomeGroup have the same user name and passwords configured, you can set this option to allow Windows to manage HomeGroup connections. If different user accounts and passwords are present, you should configure the option to use user accounts and passwords to connect to other computers. This option is available only in the Home/Work network profile.
Q254. - (Topic 5)
You use a computer that has Windows 7 SP1 installed. The computer has a shared folder named C:Software.
User1 is a local user account on the computer. The account is a member of several groups that have access to the C:Software folder.
You need to verify whether User1 can save files to C:Software.
What should you do?
A. Run the Net Share command.
B. Run the Wfs C:Software command.
C. In the Advanced Security Settings for the Documents folder, select the Effective Permissions tab.
D. Run the Fsutil C:Software command.
Answer: C
Explanation: To view effective permissions on files and folders . Open Windows Explorer, and then locate the file or folder for which you want to view effective permissions.
Right-click the file or folder, click Properties, and then click the Security tab.
Click Advanced, click the Effective Permissions tab, and then click Select.
In Enter the object name to select (examples), enter the name of a user or group, and then click OK. The selected check boxes indicate the effective permissions of the user or group for that file or folder.
Q255. - (Topic 2)
You have a computer that runs Windows 7.
You need to identify how much disk space is occupied by previous versions.
What should you do?
A. At a command prompt, run Diskpart.
B. At a command prompt, run Vaultcmd.
C. From System, view the System Protection settings.
D. From the properties of drive C, view the previous versions settings.
Answer: C
Explanation:
NOT Diskpart:
Microsoft command-line tool Diskpart is used to create and format volumes on the target computer.NOT Vaultcmd:Creates, displays and deletes stored credentials.NOT Properties of drive C:Allows you to view contents, but does not show size.
Q256. - (Topic 4)
A network contains computers that run Windows 7 and Windows Vista. A computer named Computer1 runs Windows 7.
You need to ensure that only users running Windows 7 and Windows Vista can connect to Computer1 using remote desktop.
In the System Properties window, on the Remote tab, what should you do?
A. Click the Advanced button. Select the Allow this computer to be controlled remotely check box on Computer1.
B. Select the Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) check box on Computer1.
C. Select the Allow connections from computers running any version of Remote Desktop (less secure) check box on Computer1.
D. Select Allow Remote Assistance connections to this computer check box on Computer1.
Answer: B
Q257. - (Topic 1)
You have a stand-alone computer named Computer1 that runs Windows 7. Several users share Computer1.
You need to prevent all users who are members of a group named Group1 from running Windows Media Player. All other users must be allowed to run Windows Media Player.
You must achieve this goal by using the least amount of administrative effort. What should you do?
A. From Software Restriction Policies, create a path rule.
B. From Software Restriction Policies, create a hash rule.
C. From Application Control Policies, create the default rules.
D. From Application Control Policies, create an executable rule.
Answer: D
Explanation:
Executable Rules Executable rules apply to files that have .exe and .com file extensions. AppLocker policies are primarily about executable files, and it is likely that the majority of the AppLocker policies that you work with in your organizational environment will involve executable rules. The default executable rules are path rules that allow everyone to execute all applications in the Program Files folder and the Windows folder. The default rules also allow members of the administrators group to execute applications in any location on the computer. It is necessary to use the default executable rules, or rules that mirror their functionality, because Windows does not function properly unless certain applications, covered by these default rules, are allowed to execute. When you create a rule, the scope of the rule is set to Everyone, even though there is not a local group named Everyone. If you choose to modify the rule, you can select a specific security group or user account. NOT Default rulesDefault rules are a set of rules that can be created automatically and which allow access to default Windows and program files. Default rules are necessary because AppLocker has a built-in fallback block rule that restricts the execution of any application that is not subject to an Allow rule. This means that when you enable AppLocker, you cannot execute any application, script, or installer that does not fall under an Allow rule. There are different default rules for each rule type. The default rules for each rule type are general and can be tailored by administrators specifically for their environments. For example, the default executable rules are path rules. Security-minded administrators might replace the default rules with publisher or hash rules because these are more secure.NOT Path RulesPath rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: Program filesApplicationApp.exe to Unrestricted and one that sets the folder C:Program filesApplication to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:Program filesApplication*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:AppsFilesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed.NOT Hash RulesHash rules, work through the generation of a digital fingerprint that identifies a file based on its binary characteristics. This means that a file that you create a hash rule for will be identifiable regardless of the name assigned to it or the location from which you access it. Hash rules work on any file and do not require the file to have a digital signature. The drawback of hash rules is that you need to create them on a per-file basis. You cannot create hash rules automatically for Software Restriction Policies; you must generate each rule manually. You must also modify hash rules each time that you apply a software update to an application that is the subject of a hash rule. Software updates modify the binary properties of the file, which means that the modified file does not match the original digital fingerprint.
Q258. - (Topic 2)
You have a virtual hard disk (VHD) file. You need to view the files in the VHD. The solution must prevent users that log on to your computer from modifying files in the VHD.
What should you do?
A. From Disk Management, attach the VHD as read-only.
B. From Disk Management, convert the VHD to a GPT disk.
C. From Windows Explorer, modify the permissions of the VHD file.
D. From Windows Explorer, modify the read-only attribute of the VHD file.
Answer: A
Q259. - (Topic 3)
You have a portable computer that runs Windows 7. The computer is joined to a domain. Multiple users log on to the computer.
You need to prevent the computer from displaying the username of the last user who logged on.
What should you do?
A. From Control Panel, modify the User Profiles settings.
B. From Control Panel, modify the Personalization settings.
C. From the local computer policy, add a policy template.
D. From the local computer policy, modify the local security policy.
Answer: D
Explanation:
How to Prevent the Last Logged-On User Name from Being Displayed
1. Click Start and type secpol.msc in the search box.
2. Press Enter.
3. Within the Local Security Policy, navigate to Security Settings | Local Policies | Security Options.
4. In the details pane, scroll through the options and locate Interactive logon: Do not display last user name.
5. Double click this security option and click Enabled.
6. Click OK.
Q260. - (Topic 4)
You create a new virtual hard disk (VND) on a Windows 7 Enterprise computer. Then you install Windows 7 on the VHD.
After you reboot the computer, the Windows 7 boot menu shows two different Windows 7 installations titled "Windows 7".
What should you do?
A. Add a boot image in WDS.
B. Run the BCDEdit command.
C. User Sysprep with an answer file and set the PersistAllDeviceInstalls option in the file to true.
D. Run the PEImg /Prep command
E. Create a capture image in WDS.
F. Run the DiskPart command and the Attach command option.
G. Run the Start /w ocsetup command.
H. Use Sysprep with an answer file and set the PersistAllDeviceInstalls option in the answer file to False.
I. Run the Dism command with the /Add-Package option.
J. Use Sysprep with an answer file and set the UpdateInstalledDrivers option in the answer file to Yes.
K. Run the Dism command with the /Mount-WIM option.
L. Run the ImageX command with the /Mount parameter.
M. Run the Dism command with the /Add-Driver option.
N. User Sysprep with an answer file and set the UpdateInstalledDrivers option in the answer file to No.
Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc709667(ws.10).aspx