You have a Windows 7 computer that is a member of a workgroup. You need to prevent members of a local group from starting a specific application. You must achieve this goal by using the minimum amount of administrative effort.
What should you create?
A. Administrative template
B. Application control policy
C. IPSec policy
D. Software restriction policy
AppLocker Application Control Policies
AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software
Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. Hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer Configuration\Windows Settings\ Security Settings\Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO.
AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies.
Your network contains computers that run either Windows Vista (x86) or Windows 7 (x86). All computers are joined to a domain. You install a computer named Computer1 that runs Windows 7 (64-bit). You share a printer named Printer1 on Computer1. You need to ensure that any user can
automatically download and install the drivers for Printer1. What should you do from Printer Properties?
A. Install a new driver.
B. Enable bidirectional support.
C. Modify the Additional Drivers settings.
D. Assign the Manage this printer permission to the Domain Users group.
If you are going to be sharing a printer with computers running previous versions of Microsoft Windows, you can add the drivers for the printer using Additional Drivers. When you add additional drivers, other computers on the network that do not have the printer drivers installed are able to download them from the computer that is sharing the printer.
You have a computer that runs Windows 7. Multiple users share the computer.
The computer contains a folder named C:\folder1. You need to identify all of the encrypted files in C:\folder1. Which command should you run?
A. Cipher C:\folder1
B. Dir C:\folder1 /OE
C. Fsutil C:\folder1
D. Wfs C:\folder1
CipherDisplays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains.
You have a computer that runs Windows 7. Four users share the computer.
You create a folder named C:\data.
The Users group has Full control permission to the folder.
You need to configure security on the folder to meet the following requirements:
– Allow users to create files.
– Allow users to delete files that they create.
– Prevent users from deleting files created by other users.
What should you do?
A. Remove all NTFS permissions from the Users group and assign the CREATOR OWNER group the Full
control NTFS permission.
B. Remove the Modify NTFS permission from the Users group and assign the CREATOR OWNER group
the Modify NTFS permission.
C. Deny the Users group the Modify NTFS permission and assign the Authenticated Users group the Read
and Write NTFS permissions.
D. Deny the Users group the Full control NTFS permission and assign the Authenticated Users group the
Read & execute NTFS permission.
The Creator Owner GroupThe person who created the file or directory is a member of this group. This group is used by Windows NT to automatically grant access permissions to the creator of a file or directory.
File and Folder Permissions
ReadFolders: Permits viewing and listing of files and subfoldersFiles: Permits viewing or accessing of the file’s contentsWriteFolders: Permits adding of files and subfoldersFiles:
Permits writing to a fileRead & Execute
Folders: Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and foldersFiles: Permits viewing and accessing of the file’s contents as well as executing of the fileList Folder ContentsFolders: Permits viewing and listing of files and subfolders as well as executing of files; inherited by folders onlyFiles:
N/AModifyFolders: Permits reading and writing of files and subfolders; allows deletion of the folderFiles: Permits reading and writing of the file; allows deletion of the fileFull ControlFolders: Permits reading, writing, changing, and deleting of files and subfoldersFiles: Permits reading, writing, changing and deleting of the file
You have a computer that runs Windows 7. Your network has a SSTP VPN server that uses a self-signed certificate. When you connect to the VPN server, you receive the following error message: "Your computer does not trust the issuing certification authority (CA) of the SSTP VPN servers certificate". You need to prevent the error message from appearing when you connect to the VPN server. What should you do?
A. From the properties of the VPN connection, modify the dialing options.
B. From the properties of the VPN connection, modify the data encryption settings.
C. From Certificate Manager, import the servers certificate into the Personal store.
D. From Certificate Manager, import the server’s certificate into the Trusted Root Certification Authorities store..
A certificate manager can approve certificate enrollment and revocation requests, issue certificates, and manage certificates. This role can be configured by assigning a user or group the Issue and Manage Certificatespermission. When you assign this permission to a user or group, you can further refine their ability to manage certificates by group and by certificate template. For example, you might want to implement a restriction that they can only approve requests or revoke smart card logon certificates for users in a certain office or organizational unit that is the basis for a security group.Importing CertificatesYou may restore certificates and the corresponding private keys from a file.
4. Right-click the certificate store you want to import, and click Install PFX on the context menu.
5. The Certificate Import Wizard launches. Click Next.
6. In the File name text box, type the name of the certificate file that you want to import. Alternatively, you can find the file by clicking Browse.
7. Click Next. If the file specified is a Personal Information Exchange-KCS #12 (*.pfx), you will be prompted for the password. Enter the password to import the file. Click Next.
8. On the next page, select where you’d like to store the certificate. Click Next.
9. The next wizard page contains summary information about the file that you are importing. Click Finish to import the file. The certificate(s) are now ready for use by the system.
You perform a clean installation of Windows 7 on a computer. You need to ensure that you can run Windows XP Mode in Windows 7. What should you do?
A. Enable hardware-assisted virtualization.
B. Create a Data Execution Prevention (DEP) exception.
C. Install Windows XP in the same partition as Windows 7.
D. Install Windows XP in a different partition than Windows 7.
Windows XP Mode requires a processor that supports hardware virtualization using either the AMD-V or Intel VT options. Most processors have this option disabled by default; to enable it, you must do so from the computer’s BIOS. After the setting has been configured, it is necessary to turn the computer off completely. The setting is not enabled if you perform a warm reboot after configuring BIOS. As 256 MB of RAM must be mallocated to the Windows XP Mode client, the computer running Windows 7 on which you deploy Windows XP Mode requires a minimum of 2 GB of RAM, which is more than the 1 GB of RAM Windows 7 hardware requirement.
You have a computer that runs Windows 7 Home Premium. You need to upgrade the computer to Windows 7 Ultimate. You must achieve this goal in the minimum amount of time. What should you do?
A. Perform a Windows Anytime Upgrade.
B. Download and run the Windows 7 Upgrade Advisor.
C. Insert the Windows 7 installation media. From the Install Windows dialog box, select the Upgrade option.
D. Start the computer from the Windows 7 installation media. From the Install Windows dialog box, select the
Windows Anytime Upgrade With Windows Anytime Upgrade, shown in Figure,you can purchase an upgrade to an application over the Internet and have the features unlocked automatically. This upgrade method is more suitable for home users and users in small businesses where a small number of intra-edition upgrades is required.
You have a custom image of Windows 7. You discover that the boot configuration data store in the custom image is corrupted. You need to create a new configuration data store within the custom image. What should you do?
A. Run Imagex.exe and specify the /append parameter. Run Bcdedit.exe.
B. Run Imagex.exe and specify the /mountrw parameter. Run Bcdedit.exe.
C. From Windows System Image Manager (Windows SIM), select the image and then create a configuration set.
D. From Windows System Image Manager (Windows SIM), select the image and then create a catalog.
ImagexImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack./appendAppends a volume image to an existing Windows image (.wim) file. Creates a single instance of the file, comparing it against the resources that already exist in the .wim file, so you do not capture the same file twice/mountrwMounts a .wim file from Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1 (SP1), or Windows Vista with read/write permission to a specified directory. Once the file is mounted, you can view and modify all the information contained in the directory.BcdeditBCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements:
BCDEdit exposes a wider range of boot options than Bootcfg.exe, and BCDEdit has improved scripting support.NOT Windows SIMOpens Windows images, creates answer files, and manages distribution shares and configuration sets. NOTE: question specifies configuration data store, not configuration set.
You need to back up your Encrypting File System (EFS) certificate. You must achieve this goal in the minimum amount of time. What should you do?
A. Run Cipher.exe /x.
B. Run Ntbackup.exe /p.
C. From Backup and Restore, click Back up now.
D. From Backup and Restore, click Create a system image.
Cipher is used to manage certificates.
NOT Backup and Restore:Only the EFS certificate needs to be backed up and time is a factor.
You download a Windows PowerShell snap-in. You need to ensure that the snap-in is automatically imported when you open a new PowerShell session.
What should you do?
A. Modify the PowerShell execution policy.
B. Create a new PowerShell manifest file. Update the PowerShell shortcut and specify the file option.
C. Create a new PowerShell console file. Update the PowerShell shortcut and specify the psconsolefile option.
D. Create a new PowerShell formatting and type file. Copy the file to the %SystemRoot%\system32 \Windows
Loads the specified Windows PowerShell console file. To create a console file, use the Export-Console cmdlet in Windows PowerShell.
The Export-Console cmdlet exports the names of the Windows PowerShell snap-ins in the current session to a Windows PowerShell console file (.psc1). You can use this cmdlet to save the snap-ins for use in future sessions. To add the snap-ins in the .psc1 console file to a session, start Windows PowerShell (Powershell.exe) at the command line by using Cmd.exe or another Windows PowerShell session, and then use the PSConsoleFile parameter of Powershell.exe to specify the console file.
If you want to pass Microsoft 70-680 successfully, donot missing to read latest lead2pass Microsoft 70-680 practice tests.
If you can master all lead2pass questions you will able to pass 100% guaranteed.
|One Time Purchase||✔||✖||✖||✖||✖|
|100% Pass Guarantee||✔||✖||✖||✖||✖|
|100% Money Back||✔||✖||✖||✖||✖|