A company has client computers that run Windows 7. You create an AppLocker policy for the client computers.
You need to ensure that the AppLocker policy is enforced after the computers restart.
Which service startup type should you use? (To answer, select the appropriate setting or settings in the work area.)
You have a computer that runs Windows 7. The Encrypting File System (EFS) key is compromised. You need to create a new EFS key. Which command should you run?
A. Certutil -GetKey
B. Cipher.exe /k
C. Lcacls.exe /r
Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains.Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The updated version adds another security option. This new option is the ability to overwrite data that you have deleted so that it cannot be recovered and accessed.When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a low-level disk editor or data-recovery software.If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such data.
/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is genereated. By default, /R creates an 2048-bit RSA recovery key and certificate. If EECC is specified, it must be followed by a key size of 356, 384, or 521.
You have a computer that runs Windows 7. The computer contains one hard disk. The hard disk is configured as shown in the following table:
You install a new 250-GB hard disk in the computer. You need to ensure that all the files on the computer are available if a single disk fails. What should you do?
A. Create a mount point on C and D and then create a striped volume.
B. Create a mount point on C and D and then create two striped volumes.
C. Convert both disks to dynamic disks and then create a mirrored volume.
D. Convert both disks to dynamic disks and then create two mirrored volumes.
Creating a Mirrored Volume (RAID-1)A mirrored or RAID-1 volume provides availability and fault tolerance but does not improve performance. It uses two disks (or two portions on separate disks) that are the same size. Any changes made to the first disk of a mirror set are also made to its mirror disk. If the first disk fails, the mirror is broken and the second disk is used until the first is repaired or replaced. The mirror is then re-created, and the information on the working disk is mirrored on the repaired disk. The disadvantage of RAID-1 is that you need (for example) two 200-GB disks to hold 200 GB of data. The advantage is that you can mirror a system disk containing your operating system.You create a mirrored volume using a very similar procedure to the one that creates a striped volume, except that you right-click the first disk of your mirror and click New Mirrored Volume to start the appropriate wizard. You then select the second disk. The second disk needs to have a portion of unallocated space that is at least as large as the disk you want to mirror. The drive letter for a mirrored volume is the same as the drive letter of the first disk.
You can also use the Diskpart tool to create a mirrored volume. At the DISKPART> prompt you first use the select disk command to select the first disk. You then enter a command with the syntax add disk=<n>to specify the mirror disk.
Which three statements are true about a job chain?
A. It can contain a nested chain of jobs.
B. It can be used to implement dependency-based scheduling.
C. It cannot invoke the same program or nested chain in multiple steps in the chain.
D. It cannot have more than one dependency.
E. It can be executed using event-based or time-based schedules.
This MDADM output:
Which two aspects can be determined from this output?
A. A device failed and has been removed from this RAID set.
B. It is no longer possible to write to this RAID set.
C. Read and write performance is no longer optimal on this RAID set.
D. This RAID set was built without a spare device.
E. Only Write performance is no longer optimal on this RAID set.
You have a customized image of Windows 7 Professional. You need to create a new unattended file to automate the deployment of the image. You must achieve this goal by using the minimum amount of administrative effort. What should you do first?
A. Run Imagex.exe and specify the /mount parameter.
B. Run Dism.exe and specify the /Mount-WIM parameter.
C. From Microsoft Deployment Toolkit (MDT), add the custom Windows image (WIM).
D. From Windows System Image Manager (Windows SIM), open the custom Windows image (WIM).
Windows SIMOpens Windows images, creates answer files, and manages distribution shares and configuration sets.NOT DismDeployment Image Servicing and Management (DISM) is a command-line tool used to service Windows?images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system.NOT ImagexImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack./mountMounts a .wim file from Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1 (SP1), or Windows Vista with read-only permission to a specified directory. Once the file is mounted, you may view, but not modify, all the information contained in the directory.NOT MDT MDT 2010 is the Microsoft solution accelerator for operating system and application deployment and offers flexible driver management, optimized transaction processing, and access to distribution shares from any location. You can use the MDT on imaging and deployment servers to implement the automatic deployment of Windows 7 (for example) on client computers. It is possible to run MDT 2010 on a client running Windows 7, but in practice it would typically run from a distribution server running Windows Server 2008. The MDT provides detailed guidance and job aids and offers a common deployment console that contains unified tools and processes that you can use for client and server deployment. The toolkit offers standardized desktop and server images, along with improved security and ongoing configuration management.
You have a computer named Computer1 that runs Windows 7. Computer1 is a member of an Active Directory domain. Remote Desktop is enabled on the computer. You share a folder on Computer1. You need to configure Computer1 to meet the following requirements:
– Allow computers in the local subnet to access the shared folder.
– Prevent computers in remote subnets from accessing the shared folder.
– Allow all computers to connect to Computer1 by using Remote Desktop.
What should you do?
A. Modify the subnet mask.
B. Modify the Public folder sharing settings.
C. Disable network discovery on all computers located in remote subnets.
D. Modify the properties of the File and Printer Sharing firewall exceptions.
Network ProfilesNetwork profiles are important because you can use them to apply different collections of firewall rules based on which network profile is active. A significant difference between Windows Vista and Windows 7 is that in Windows 7, profiles apply on a per-network interface basis. This means that if you have one network adapter connected to the Internet and another connected to your office LAN, different sets of rules apply for each connection. The firewall in Windows Vista chooses the most restrictive network profile when a computer has connections to different network types and applies the most restrictive set of rules to all interfaces.Allowing Programs Through Windows FirewallWindows Firewall allows you to configure exceptions based on programs. This differs from Windows Vista where Windows Firewall would allow you to configure exceptions based on port address. You can still create rules based on port address; you just have to do it using WFAS, covered later in this lesson. You can also allow specific Windows 7 features, such as Windows Virtual PC, through Windows Firewall. Feature rules become available when you enable the feature using the Programs And Features item in Control Panel. To add a rule for a feature or program, click Allow A Program Or Feature Through Windows Firewall item in the Windows Firewall section of Control Panel. The figure shows a list of currently installed features and any programs for which rules have been created as well as the profiles for which rules concerning those programs and features are enabled.File and Printer Sharing
This feature is used for sharing local files and printers with other users on the network.
(Uses NetBIOS, LLMNR, SMB and RPC)
You have two computers named Computer1 and Computer2 that run Windows 7. Both computers are members of an Active Directory domain. Windows Remote Management (WinRM) is
enabled on both computers.
You need to remotely create additional disk volumes on Computer1 from Computer2. What should you do?
A. On Computer2, run Winrs and then run Diskpart.
B. On Computer2, run Winrs and then run Diskmgmt.msc.
C. On Computer1, install the Telnet Client and then run Diskpart from Computer2.
D. On Computer1, install the Telnet Client and then use Disk Management from Computer2.
Winrs You can use WinRS to execute command-line utilities or scripts on a remote computer. To use WinRS, open a command prompt and prefix the command that you want to run on the remote computer with the WinRS -r: RemoteComputerName command. For example, to execute the Ipconfig command on a computer named Aberdeen, issue the command: WinRS -r:Aberdeen ipconfig The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt.
Diskpart: Microsoft command-line tool Diskpart is used to create and format volumes on the target computer.
You have a portable computer that runs Windows 7. You configure the computer to enter sleep mode after 10 minutes of inactivity. You do not use the computer for 15 minutes and discover that the computer has not entered sleep mode. You need to identify what is preventing the computer from entering sleep mode. What should you do?
A. At a command prompt, run Powercfg energy.
B. At a command prompt, run Systeminfo /s localhost.
C. From Performance Monitor, review the System Summary.
D. From Performance Information and Tools, review the detailed performance and system information.
Command-line Power Configuration
Powercfg.exe is a command-line utility that you can use from an administrative command prompt to manage Windows 7 power settings. It is possible to use Powercfg.exe to configure a number of Windows 7 powerrelated settings that you cannot configure through Group Policy or the Advanced Plan Settings dialog box. You can use Powercfg.exe to configure specific devices so that they are able to wake the computer from the Sleep state. You can also use Powercfg.exe to migrate power policies from one computer running Windows 7 to another by using the import and export functionality.
Check the computer for common energy-efficiency and battery life problems. Provides report in Hypertext Markup Language (HTML) format.For more information on Powercfg.exe, consult the following Microsoft TechNet document:
You have a computer that runs Windows 7. The computer has System Protection enabled. You need to retain only the last System Protection snapshot of the computer. All other snapshots must be deleted. What should you do?
A. Run Disk Cleanup for Programs and features.
B. Run Disk Cleanup for System Restore and Shadow Copies.
C. From the System Protection Restore settings, select Turn off System Restore.
D. From the System Protection Restore settings, select Only restore previous versions of files.
Shadow copies are automatically saved as part of a restore point. If system protection is enabled, Windows 7 automatically creates shadow copies of files that have been modified since the last restore point was created. By default, new restore points are created every seven days or whenever a significant system change (such as a driver or application installation) occurs.