Microsoft.Certify-Me.70-685.v2012-11-13.by.Cris.191q (1

70-685

Number: 000-000Passing Score: 800Time Limit: 120 minFile Version: 1.0

Microsoft 70-685

70-685

Version: Pro: Windows 7, Enterprise Desktop Support Technician

V 1.3Microsoft 70-685 Exam

Topic 1, Consolidated Messenger

Scenario:

You are an enterprise desktop support technician for Consolidated Messenger.

Network Configuration

The company has three offices named Office1, Office2, and Office3. The offices connect to each other overthe Internet by using VPN connections. Each office has an 802.11g wireless access point. All wirelessaccess points are configured to use Radius01 for authentication.

Active Directory Configuration

The network contains one Active Directory domain named consolidatedmessenger.com. The relevantorganizational unit structure is shown in the following diagram.

The relevant Group Policy objects (GPOs) in the domain are configured as shown in the following table.

www.certify-me.co.uk 2Microsoft 70-685 ExamApplications

The relevant applications on the network are shown in the following table.

Server Configuration

The relevant servers are configured as shown in the following table.

Client Configuration

Each office has 500 desktop computers that run Windows 7 Enterprise.

There are 250 mobile users that travel regularly between all three offices. The mobile users have laptopcomputers that run Windows 7 Enterprise.

To prevent the spread of malware, the company restricts the use of USB devices and only allows the use ofapproved USB storage devices.

www.certify-me.co.uk 3Microsoft 70-685 ExamPrinters

The marketing group has several printers that are shared on File01. A shared printer name Printer1 is ahigh-performance, black-and-white printer. A shared printer named Printer2 is a high- definition, photo-quality, color printer. Printer2 should only be used to print marketing brochures.

Exam A

QUESTION 1O diretor financeiro (CFO) divulga novas diretrizes que especificam que apenas os usurios de finanasesto autorizados a executar FinanceApp1.

Usurios no relatrio OU Marketing que eles podem executar FinanceApp1.

Voc precisa garantir que apenas os usurios na OU Finanas pode executar FinanceApp1.

O que voc deve fazer?

A. Na GPO AllComputers, criar uma regra de novo executvel AppLocker.B. In the Desktops GPO and the Laptops GPO, create a new Windows Installer rule.C. In the AllComputers GPO, create a software restriction policy and define a new hash rule.D. In the Desktops GPO and the Laptops GPO, create a software restriction policy and define a new path

rule.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:Chapter 10 p 467- 468Understanding the difference between SRP and AppLocker You might want to deploy application controlpolicies onto Windows operating systems earlier than WindowsServer2008R2 or Windows7. You can use AppLocker policies only on the supported editions of WindowsServer2008R2 and Windows7, but you can use SRP on supported editions of Windows beginning withWindows Server2003 and WindowsXP.http://technet.microsoft.com/en-us/library/ee460955(WS.10).aspx http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspxwww.certify-me.co.uk 4Microsoft 70-685 Exam

QUESTION 2Os usurios dos ERPApp1 piloto projeto de relatrio questes aplicao intermitente.Voc precisa consolidar todos os eventos de aplicativos para os usurios em um local central.


A. Configurar inscries de eventos.B. Configure the Advanced Audit Policy Configuration settings.C. Create a custom view in Event Viewer.D. Create a user-defined Data Collector Set.


Explanation/Reference:Explanation:Chapter 8 Lesson 1 p 302 - 305

A. Configurar inscries de eventos.Visualizador de Eventos permite visualizar os eventos em um nico computador remoto. No entanto, asoluo de um problema pode exigir que voc examinar um conjunto de eventos armazenados em vrioslogs em vrios computadores.O Windows 7 inclui a capacidade de recolher cpias de eventos a partir de vrios computadores remotos earmazen-los localmente. Para especificar quais eventos para coletar, voc cria uma assinatura evento.

Entre outros detalhes, a assinatura especifica exatamente quais eventos sero coletados e na qual logeles sero armazenados localmente. Uma vez que a assinatura est ativa e eventos esto sendocoletados, voc pode visualizar e manipular esses eventos encaminhados como faria quaisquer outroseventos armazenados localmente.

B. Configurar as definies de configurao avanadas de auditoria Poltica. http://technet.microsoft.com/en-us/library/dd408940 (WS.10). aspxC. Criar uma exibio personalizada no Visualizador de Eventos.Voc pode criar um filtro que inclui eventos de vrios logs de eventos que satisfazem os critriosespecificados. Voc pode, ento, nomear e salvar esse filtro como uma exibio personalizada. Paraaplicar o filtro associado com uma exibio personalizada salvo, voc navegar para a exibiopersonalizada na rvore do console e clique em seu nome.

D. Criar um definido pelo usurio Conjunto de Coletores de Dados.Voc pode criar um coletor de dados personalizado conjunto contendo contadores de desempenho econfigurar atividades de alerta com base nos contadores de desempenho superiores ou deixar cair abaixodos limites que voc definir. Depois de criar o Conjunto de Coletores de Dados, voc deve configurar asaes que o sistema ir tomar quando os critrios de alerta so cumpridos.Filiao em Usurios de desempenho locais de registro ou de grupo Administradores, ou equivalente, o

www.certify me.co.uk-5Microsoft Exam 70-685

mnimo exigido para a realizao desses procedimentos.

http://www.youtube.com/watch?v=4xxKPgT5irUhttp://www.youtube.com/watch?v=fKelHBve57k

QUESTION 3A ajuda relatrios mesa que os usurios na comercializao OU rascunhos de impresso, e-mails e outrosdocumentos diversos relativos Printer2.

Voc precisa recomendar uma soluo para que os usurios de marketing imprimir documentos paraPrinter1 por padro.


A. Enable printer pooling.B. Configurar Preferncias de Diretiva de Grupo.C. Modify the priorities of the shared printers.D. Modify the permissions of the shared printers.

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc732092.aspx Action: This type of preference item provides achoice of four actions: Create, Replace, Update, and Delete.The behavior of the preference item varies with the action selected and whether the printer connectionalready exists.Set this printer as the default printer - Select this check box to make the shared printer connection thedefault Windows printer for the current user.Only if a local printer is not present - Select this check box to bypass changing the default printer if there isa local printer configured on the computer. This setting is unavailable until you select the Set this printer asthe default printer check box.Note: A local printer is any printer that is not connected to a shared network printer. This includes physicalprinters connected to parallel, serial, and USB ports, TCP/IP printers, and virtual printers installed throughsoftware.To create a new Shared Printer preference itemOpen the Group Policy Management Console. Right-click the Group Policy object (GPO) that shouldcontain the new preference item, and then click Edit. In the console tree under User Configuration, expandthe Preferences folder, and then expand the ControlPanel Settings folder.Right-click the Printers node, point to New, and select Shared Printer. In the New Shared Printer Propertiesdialog box, select an Action for Group Policy to perform. Enter shared printer settings for Group Policy toconfigure or remove. Click the Common tab, configure any options, and then type your comments in theDescription box.Click OK. The new preference item appears in the details pane.

QUESTION 4O link de rede Office1 trazido offline para manuteno de emergncia.

Usurios em Office2 e Office3 relatrio que eles no podem se conectar rede sem fio.

Voc precisa recomendar mudanas para assegurar que os usurios em todos os escritrios podem seconectar rede sem fio se um link WAN falhar.

O que voc deve recomendar?

A. that redundant DHCP scopes be createdB. que os servidores RADIUS adicionais ser implantadoC. that universal group caching be implementedD. that additional default gateways be configured


Explanation/Reference:Explanation:

QUESTION 5A empresa compra 500 unidades flash USB de um fornecedor de hardware novo e os distribui para osusurios.

A ajuda relatrios mesa que os usurios no so capazes de acessar os novos drives flash USB.Voc precisa assegurar que os usurios podem salvar os dados sobre as unidades flash USB.


A. Instruct the help desk to modify the BitLocker settings.B. Instruct the help desk to modify the Windows Defender settings.C. Request that an administrator modify the driver signing policy.D. Pedir que um administrador modificar o dispositivo poltica de restrio de instalao.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Explanation:Open Group Policy Management and edit the applicable GPO in your Active Directory.Disable autorun:Computer Configuration \ Administrative Templates \ Windows Components \ AutoPlay Policies Turn offAutoplay: Enabled

www.certify-me.co.uk 8Microsoft 70-685 Exam

Limit to approved devices:Computer Configuration \ Administrative Templates \ System > Device Installation \ Device InstallationRestrictions Allow installation of devices that match any of these device IDs: (add the corporate device)Prevent installation of devices not described by other policy settings: Enabled

Topic 2, City Power & Light

Scenario:

You are an enterprise desktop support technician for City Power & Light.

City Power & Light is a utility company. The company has a main office and a branch office. The

www.certify-me.co.uk 9Microsoft 70-685 Exammain office is located in Toronto. The branch office is located in Boston. The main office has 1,000employees. The branch office has 10 employees.


The network contains a single Active Directory domain named cpandl.com. The functional level of the forestis Windows Server 2008 R2.


All servers run Windows Server 2008 R2. The relevant servers in the main office are configured as shownin the following table.

All computers in the main office are configured to use DHCP. All computers in the branch office areconfigured to use static IP addresses.

User Information

- All user accounts are standard user accounts.- All client computers run Windows 7 Enterprise.- Each portable computer has a PPT P-based VPN connection to the internal network.

Corporate Security Guidelines

www.certify-me.co.uk 10Microsoft 70-685 Exam- All users must be granted the least privileges possible.- All locally stored documents must be encrypted by using Encrypting File System (EFS).- The hard disk drives on all port able computers must be encrypted by using Windows BitLocker DriveEncryption (BitLocker).- All encryption certificates must be stored on smart cards.

QUESTION 6A empresa est implantando uma nova aplicao.

Quando os usurios tentam instalar o aplicativo, eles recebem uma mensagem de erro indicando que elesprecisam de privilgios administrativos para instal-lo.

Voc precisa recomendar uma soluo para garantir que os usurios podem instalar o aplicativo. Asoluo deve seguir as orientaes de segurana corporativa. O que voc deve recomendar?

A. Publicar o aplicativo usando uma Diretiva de Grupo.B. Disable User Account Control (UAC) by using a Group Policy.C. Add all domain users to the local Power Users group by using Restricted Groups.D. Add the current users to the local Administrators group by using Group Policy preferences.


Explanation/Reference:Explanation:http://magalan.co.uk/install_software_via_group_policy.html

QUESTION 7Vrios usurios mveis acessar a Internet usando conexes celulares.

O help desk relata um alto volume de chamadas de usurios mveis que relatam os problemas deconexo a seguir:

- Quando suas conexes celulares falhar, suas conexes de VPN tambm falham.- Quando suas conexes celulares so restabelecidos, eles devem conectar manualmente para o servidorVPN.

Voc precisa recomendar uma soluo para garantir que as conexes VPN so automaticamenterestabelecida.


A. Implementar uma VPN IKEv2.B. Implement an SSTP-based VPN.C. Configure credential roaming.D. Configure a Kerberos user ticket lifetime.


Explanation/Reference:Explanation:Chapter 6 Lesson 1 p 232 - 233Internet Key Exchange version 2 (IKEv2) support was added in Windows Server2008R2 and Windows7 toaccommodate a new VPN type that supports VPN Reconnect. VPN Reconnect refers to the ability of a VPNconnection to survive short interruptions in network connectivity, such as when you move from one wirelessaccess point to another, or when you switch from a wired to a wireless network adapter. By takingadvantage of features in IKEv2, even changes in IP address at the client do not drop the VPN connection orrequire any user actions. As soon as connectivity to the RRAS VPN server is restored, then the VPN tunnelis automatically reestablished.

QUESTION 8Cinco usurios do curso sede para a filial. Os usurios levem seus computadores portteis.

O help desk relata que os usurios no conseguem acessar os recursos de rede do escritrio da filial.

Usurios de filiais podem acessar os recursos de rede.

Voc precisa se certificar de que os usurios de escritrios principais podem acessar todos os recursos derede usando seus computadores portteis na filial. A soluo deve seguir as orientaes de seguranacorporativa.

O que voc deveria instruir o help desk para fazer nos computadores portteis?

A. Create a new VPN connection.B. Add the users to the local Administrators group.C. Add the users to the Network Configuration Operators group.D. Configurar a configurao alternativa para a ligao de rea local.



QUESTION 9Usurios relatam que suas conexes DirectAccess falhar.

Voc instrui o help desk para dizer aos usurios para executar a conexo a um local de trabalho utilizandoo DirectAccess soluo de problemas.

O help desk informa que a conexo a um local de trabalho utilizando o DirectAccess soluo de problemasno funcionar.

Voc precisa se certificar de que a conexo com um local de trabalho utilizando funes DirectAccesssoluo de problemas corretamente.O que voc deve fazer?

A. Instruct the help desk to enable IPv6 on the users' computers.B. Instruct the help desk to modify the users' Windows Firewall settings.C. Request that the domain administrator configure the Teredo State Group Policy setting.D. Pedir que o administrador de domnio configurar o Website Corporativo Sonda URL definio de

poltica de grupo.


Explanation/Reference:Explanation:Troubleshooting item in Control PanelTo focus troubleshooting on DirectAccess and collect additional information, you can use the Connection toaWorkplace Using DirectAccess troubleshooter in the Troubleshooting item of Control Panel.To start the DirectAccess troubleshooter:Click Start, and then click Control Panel.

In System and Security, click Find and fix problems. Click Network and Internet, and then click Connectionto a Workplace Using DirectAccess.

Note: For this troubleshooting tool to work correctly, you must configure the Computer Configuration/Policies/Administrative Templates/Network/Network Connectivity Status Indicator/Corporate WebsiteProbe URL Group Policy setting in the Group Policy object for DirectAccess clients.www.certify-me.co.uk 15Microsoft 70-685 Exam

http://technet.microsoft.com/en-us/library/ee624046(WS.10).aspxQUESTION 10A empresa implementa um agente de recuperao de dados (DRA) para o BitLocker.Um computador porttil falhar.

A ajuda relatrios mesa que incapaz de usar a DRA para recuperar os dados do disco do computadordisco rgido.

Voc precisa se certificar de que a DRA pode ser usado para recuperar os dados dos discos rgidos detodos os computadores portteis.

Qual ferramenta voc deve usar?

A. CertUtil.exeB. Cipher.exeC. Gerenciar-bde.exeD. SDelete.exe

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/dd875513(WS.10).aspx

Topic 3, A. Datum Corporation

Scenario:

You are an enterprise desktop support technician for A. Datum Corporation.


The company has three offices. The offices are configured as shown in the following table.


The network contains a single Active Directory domain named adatum.com. Two Group Policy objects(GPOs) are configured as shown in the following table.

The relevant servers in the main office are configured as shown in the following table.

www.certify-me.co.uk 17Microsoft 70-685 ExamWireless Network

A wireless network is implemented in the main office. The wireless network is configured to use WPA2-Enterprise security.


All client computers run Windows 7 Enterprise and are configured to use DHCP. Windows Firewall isdisabled on all client computers.

All computers in the research department have Windows XP Mode and Windows Virtual PC installed. Youdeploy a custom Windows XP Mode image to the research department computers.An application named

App1 is installed in the image.

Each research department computer has the following hardware:

- 4 GB of RAM- Intel Core i7 processor- 500 -GB hard disk drive

Corporate Security Policy

The corporate security policy includes the following requirements:

- Users without domain accounts must be denied access to internal servers.- All connections to the company's wireless access points must be encrypted.- Only employees can be configured to have user accounts in the Active Directory domain.- The hard disk drives on all portable computers must be encrypted by using Windows BitLocker DriveEncryption (BitLocker).QUESTION 11Usurios no relatrio departamento de pesquisa que no podem executar App1 ou Windows XP Mode.

Voc precisa garantir que todos os usurios do departamento de pesquisa pode executar App1. Vocprecisa alcanar este objetivo, usando o mnimo de esforo administrativo.O que voc deve fazer?

A. Approve all Windows 7 updates on WSUS1.B. Habilitar virtualizao de hardware nos computadores do departamento de pesquisa.C. Give each member of the research department a computer that has an Intel Core i5 processor.


D. Request that a domain administrator create a GPO that configures the Windows Remote Management(WinRM) settings.


Explanation/Reference:Explanation:Chapter 9 Lesson 2 p 361 36Chapter 1 p 29Using WindowsXP Mode, you can run programs that were designed for WindowsXP on computers running:Windows7 Professional, Enterprise, or Ultimate editions.Requirements:Download and install Windows Virtual PCDownload and install Wind0ws XP ModeCPU with Intel-VT or AMD-V technology enabled in the BIOS - hardware virtualization

QUESTION 12Usurios em um escritrio filial relatrio que eles no conseguem acessar o site da empresa na Webintranet localizado na Web1.

Eles tambm no conseguem acessar sites na Internet.

A reinicia tcnico de suporte de desktop de um computador desktop em uma filial e descobre aconfigurao de IP mostrado na tela seguinte.

Voc precisa resolver o problema de conectividade de rede.

Quais so as duas maneiras possveis para alcanar essa meta? (Cada resposta correta apresenta umasoluo completa. Escolha dois.)

A. Instruct branch office 1 users to disable IPv6.B. Instrua filiais 1 aos usurios executar ipconfig / renew.C. Request that a network administrator configure the DHCP router option for branch office 1.D. Solicitar que um administrador de rede verificar difuses DHCP esto sendo retransmitidas para o

escritrio principal.

Correct Answer: BDSection: (none)Explanation


Chapter 2 Lesson 1 p 68

Chapter 25 p 1218Chapter 31 p 1562

QUESTION 13 Datum contrata consultores diversos para trabalhar no escritrio principal por seis meses. Os consultoresrequerem acesso Internet.

O help desk informa que os consultores no pode acessar a rede sem fio da empresa.

Voc precisa se certificar de que os consultores tm acesso sem fio Internet. A soluo deve aderir poltica de segurana corporativa.

O que voc deve pedir?

A. that a wireless access key be given to each consultantB. that a user certificate be generated and imported to each consultant's computerC. that a computer certificate be generated and imported to each consultant's computerD. que um administrador de rede instalar um ponto de acesso sem fio que conectado diretamente

Internet


Explanation/Reference:Explanation:answer is D. because of the "users without domain accounts" policy.Chapter 2 Lesson 3 p 89

QUESTION 14A placa-me em um computador porttil falhar. Os dados sobre a unidade de disco rgido do computadorno pode ser recuperado.Voc precisa recomendar uma soluo para garantir que os dados em discos rgidos podem serrecuperados se a placa-me em outros computadores portteis falham

Que duas configuraes que voc recomendaria? (Cada resposta correta apresenta parte da soluo.Escolha dois.)

A. Desativar o BitLocker em todos os computadores portteis.B. Convert the hard disks on all portable computers to dynamic disks.C. Export and securely store the computer certificates on all portable computers.D. Configurar as definies do BitLocker em todos os computadores portteis usando a Diretiva de Grupo.

Correct Answer: ADSection: (none)Explanation


QUESTION 15O help desk relata que vrios computadores cliente em uma filial faltam atualizaes de segurana.

Voc precisa identificar quais atualizaes de segurana esto em falta.


A. that a WSUS administrator generate a Computer Report from WSUS1B. que um administrador de domnio executar o Microsoft Baseline Security Analyzer (MBSA)C. that a desktop support technician run a Windows Defender scan on each computerD. that a desktop support technician generate a System Configuration report for each computer


Explanation/Reference:Explanation:Microsoft Baseline Security Analyzer (MBSA): to detect common security miss-configurations and missingsecurity updates on your computer systems.

Topic 4, Margie's Travel

Scenario:

You are an enterprise desktop support technician for Margie's Travel.

www.certify-me.co.uk 21Microsoft 70-685 ExamMargie's Travel is a company that specializes in booking travel for large corporations. The company has amain office in New York and operates a call center in New York and a call center in Los Angeles. Thecompany has 1,000 employees.


The network contains an Active Directory forest named margiestravel.com. The functional level of the forestis Windows Server 2008 R2. The Active Directory sites are configured as shown in the following table.

All sites connect to each other by using high-speed WAN links.



Security Configuration

www.certify-me.co.uk 22Microsoft 70-685 ExamThe relevant security settings for the domain are configured as shown in the following table.

The relevant network policies on the NPS servers and the RRAS servers are configured as shown in thefollowing table.

User Information

All client computers run Windows 7 Professional. Sales staff is located in the main office and uses portablecomputers. All portable computers are members of the MargiesTravel\Wireless group.

Application Configuration

Call center staff uses a custom application to book airline tickets. The application is packaged as

www.certify-me.co.uk 23Microsoft 70-685 Examan MSI file and is signed by using a code signing certificate that was issued by CA3. The application is

published by using Group Policies.

QUESTION 16A empresa contrata um adicional de 100 usurios. Os usurios no conseguem instalar o aplicativopersonalizado.

Voc precisa se certificar de que os usurios podem instalar o aplicativo personalizado.


A. Disable User Account Control (UAC).B. Add the users to the local Administrators group.C. Solicitar que o pacote de aplicativos ser assinado novamente.D. Request that the user certificates be issued to the new users.



QUESTION 17Implantar o Microsoft Office 2007 para um grupo piloto no escritrio principal.

Usurios no relatrio do grupo piloto que todos os aplicativos do Office 2007 executado com xito.

Implantar o Office 2007 para usurios no centro de Nova Iorque chamada. Os usurios de call centerrelatam que eles so incapazes de lanar os aplicativos do Office 2007.

Voc precisa se certificar de que os usurios de call center pode executar todos os aplicativos do Office2007.


A. Modificar a regra AppLocker.B. Disable User Account Control (UAC).C. Deploy the 2007 Office system Administrative Template files.D. Configure the Office 2007 applications to run in Windows Vista compatibility mode.




QUESTION 18s 08:00 de uma manh de tera-feira, um administrador no Site 3 leva DC3 offline para atualizar oservidor.

Usurios no relatrio Site 3 que eles no podem fazer logon em seus computadores. Os usurios recebema seguinte mensagem de erro: "Sua conta tem restries de tempo que o impedem de fazer logon nomomento.Por favor, tente novamente mais tarde. "

Voc precisa se certificar de que todos os usurios podem fazer logon em seus computadores quandoDC3 est offline para manuteno. Sua soluo deve aderir s polticas de segurana corporativa.


A. Modify the logon hours for all users in Site 3.B. Change the time zone settings for all client computers in Site 3 to UTC-05:00.C. Solicitar que um segundo controlador de domnio ser implantado no Site 3.D. Request that the time zone settings for DC1 and DC2 be changed to UTC-08:00.



QUESTION 19Voc tem dois consultores externos. Os consultores utilizar os seus prprios computadores pessoaisportteis.

Os consultores afirmam que eles so incapazes de se conectar rede sem fio.

Voc precisa dar os consultores de acesso sem fio Internet. A soluo deve evitar consultores externosde acessar recursos internos.


A. Issue a user certificate to the consultants.B. Emitir um certificado de computador para os consultores.C. Join both portable computers to the domain. Add the computer accounts to the MargiesTravel\Wireless

group.D. Create a domain user account for each consultant. Add the user accounts to the MargiesTravel

\Wireless group.www.certify-me.co.uk 25Microsoft 70-685 Exam



QUESTION 20Usurios acessar um site de terceiros.

O site atualizado para usar o Microsoft Silverlight.

Aps a atualizao, o help desk recebe um grande volume de chamadas telefnicas de usurios quereportam que o site no funcionar.

Voc precisa se certificar de que o site funciona corretamente para os usurios.


A. Modify the Windows Internet Explorer AJAX settings by using a Group Policy object (GPO).B. Modificar o Windows Internet Explorer add-ons configuraes usando um objeto Group Policy (GPO).C. Add the Web site to the Windows Internet Explorer Restricted sites by using a Group Policy object

(GPO).D. Add the Web site to the Windows Internet Explorer Compatibility View list by using a Group Policy

object (GPO).

Correct Answer: B

Section: (none)Explanation


Topic 5, Alpine Ski House

Scenario:

You are an enterprise desktop support technician for Alpine Ski House.

Alpine Ski House manages chalets in ski resorts around the world. The main office is located in Vancouver.

Chalets are located in Japan, France, and Australia. Alpine Ski House has 500 employees.


www.certify-me.co.uk 26Microsoft 70-685 ExamThe network contains an Active Directory forest. The forest contains a domain named alpineskihouse.com.

The network contains four Active Directory sites. All sites have high-speed Internet connections andconnect to each other by using VPNs. The site information is shown in the following table.


All servers run Windows Server 2008 R2. The relevant servers are configured as shown in the followingtable.

DHCP Configuration

The DHCP servers are configured as shown in the following table.


Computer Information

All corporate computers run Windows 7 Professional and are joined to the alpineskihouse.com domain. Allcorporate users can access the internal network remotely by using a VPN connection. The VPN connectionrequires the use of a smart card.

During the next year, Alpine Ski House plans to replace the existing VPN with DirectAccess. The companyis running a pilot project to test DirectAccess for users in France.Each chalet contains five public computers that run Windows 7 Ultimate. Guests use the public computersto access the Internet. The public computers are members of a workgroup. Every week, a standard imageof Windows 7 Ultimate is re-applied to the computers.

QUESTION 21O help desk informa que conexes de desktop remoto no esto habilitados nos computadores pblicosnos chals. Consequentemente, o help desk deve instruir pessoal local para permitir conexes de desktopremoto em cada computador pblico.

Voc precisa se certificar de que as conexes remotas so ativados quando computadores pblicos soimplantados nos chals.


A. Ativar o Remote Desktop Connection na imagem padro do computador.B. Instruct the help desk to enable Windows Remote Management (WinRM) on the public computers.C. Request that a network administrator create a logon script for the domain.D. Request that a network administrator create a new Group Policy to enable remote desktop connections.

Link the new Group Policy to each site.www.certify-me.co.uk 28Microsoft 70-685 Exam



QUESTION 22Os usurios remotos relatam que depois de renovar os seus certificados de cartes inteligentes, soincapazes de fazer logon em seus computadores usando seus cartes inteligentes.

Voc precisa assegurar que os usurios podem fazer logon usando seus cartes inteligentes.

O que voc deve instruir os usurios a fazer?

A. Change their smart card PINs.B. Request a new smart card certificate.C. Log on by using their user names and passwords, and then lock and unlock their computers.D. Estabelecer uma conexo VPN a partir da tela de logon e usar seus cartes inteligentes para

autenticao.



QUESTION 23A conexo VPN entre um site e Site 3 falhar. Usurios no relatrio Site 3 que seus computadores levar umlongo tempo para iniciar e que eles no so capazes de acessar a Internet.

Voc precisa assegurar que os usurios do Site 3 so capazes de acessar a Internet, se a conexo VPNentre um site e Site 3 falhar.

O que voc deve solicitar um administrador para fazer?

A. Add the DHCP server role to DC3.B. Add the DNS server role to Server3.C. Modify the 003 Router option in the DHCP scope on Server3.D. Modificar a 006 DNS Servers opo no escopo DHCP em Server3.


Explanation/Reference:Explanation: 239Chapter 6 Lesson 1 p 223Chapter 7 p 325


003 Router option - configured at the scope level server-level options and apply to all clients served by this DHCP server 006 DNS Servers optionThe answer is D.The PC can't get internet access because the DNS servers are at site 1. DC3 already has the DNS serviceon it, you just need to change the DNS settings in DHCP.003 Router option is for changing gateways.

QUESTION 24Usurios relatam que leva um longo tempo para acessar recursos usando o DirectAccess.

Voc precisa fornecer o administrador de rede com uma captura de rede de trfego DirectAccess.

Qual ferramenta voc deve usar?

A. Netsh.exeB. Netstat.exeC. Perfmon.exeD. Winsat.exe

Correct Answer: A

Section: (none)Explanation


QUESTION 25Seus usurios acessar um site de terceiros para cumprir ordens de compra.

O site atualizado.

Os usurios recebem a seguinte mensagem de erro ao acessar o site atualizado:

"O Internet Explorer bloqueou este site usando um controle ActiveX de forma insegura. Como resultado,esta pgina no pode ser exibida corretamente."

Voc precisa assegurar que os usurios podem acessar o site e que o contedo do site exibidacorretamente.


A. Modify the Internet Explorer AJAX settings.B. Modificar as configuraes do Internet Explorer zona da Internet.C. Add the Web site to the Internet Explorer Restricted Sites zone.D. Add the Web site to the Internet Explorer Compatibility View List.


Explanation/Reference:

Explanation:

Topic 6, Fabrikam, Inc

Scenario:

You are an enterprise desktop support technician for Fabrikam, Inc.

www.certify-me.co.uk 31Microsoft 70-685 ExamActive Directory Information

The company has a main office and a branch office. The main office hosts all of the company's servers.The main office connects to the branch office by using a WAN link.

The network contains a single Active Directory domain that has 500 users. The domain contains threedomain controllers and an enterprise root certification authority (CA).All servers run Windows Server 2008 R2.

All user accounts are in an organizational unit (OU) named Employees. The computer accounts for alldesktop computers are in an OU named Desktops. The computer accounts for all portable computers arein an OU named Laptops.

A startup script is deployed to all computers by using Group Policy objects (GPOs).Client Configurations

All client computers run Windows 7 Enterprise. All users have desktop computers. All computers aremembers of the domain.

All desktop computers use wired connections to connect to the network. All portable computers use

wireless connections to connect to the network. The wireless network is secured by using EAP-TLS.

Company policy states that all client computers must be configured by using DHCP.

The company has an internal Web site. The Web site is configured to use SSL encryption and to requireclient certificates. All company users can access the internal Web site.

QUESTION 26A empresa contrata um tcnico de suporte de desktop nova. O tcnico adicionado ao grupo deadministradores em todos os computadores do cliente e do servidor DHCP grupo de usurios em todos osservidores DHCP.

O novo tcnico relata que o snap-in DHCP no est disponvel no seu computador.

Voc precisa se certificar de que o tcnico pode ver as configuraes dos servidores DHCP.O que voc deve fazer?

A. Instruct the technician to customize the Start menu to display the administrative tools.B. Instrua o tcnico para instalar Remote Server Administration Tools (RSAT) e para modificar os

recursos do Windows.C. Request that the technician be added to the Server Operators group in Active Directory.D. Request that the technician be added to the Network Configuration Operators group in Active Directory

and modify the Windows Features.


Explanation/Reference:Explanation:http://www.microsoft.com/download/en/details.aspx?id=7887 http://www.youtube.com/watch?v=7mCMYVJEmCs

QUESTION 27Usurios no escritrio desempenho relatrio ramo de rede lenta quando eles ligam para oscompartilhamentos de arquivos no escritrio principal.

Voc precisa recomendar uma soluo para melhorar o desempenho quando os usurios acessam oscompartilhamentos de arquivos do escritrio da filial. A soluo deve minimizar os custos de hardware.

O que voc deve recomendar a implementao?

A. BranchCacheB. DirectAccessC. Distributed File System Replication (DFSR)D. Universal Group Membership Caching


Explanation/Reference:Explanation:http://www.youtube.com/watch?v=vZboHyu9isA

QUESTION 28O help desk relatrios que os usurios recebem uma mensagem de aviso de segurana quando elestentam acessar o site interno mostrado na exposio. (Clique no boto Exibir.)

O help desk confirma que os usurios nunca recebeu esta mensagem de aviso de segurana antes.

Voc precisa fornecer uma soluo para evitar que os usurios recebam o aviso de segurana quandotentam acessar o site interno.


A. Instruct the users to download the certificate of the Web server.B. Instruct the users to download a new certificate revocation list (CRL).C. Solicitar que um administrador de domnio renovar o certificado de servidor SSL.D. Request that a domain administrator renew the user authentication certificates for all users.



QUESTION 29O help desk informa que todos os

computadores instalados recentemente no pode acessar o servidor de arquivos da empresa. O help deskenvia a captura de tela mostrada na exposio. (Clique no boto Exibir.)

Voc precisa resolver o problema de conectividade de rede. A soluo deve aderir poltica da empresa.O que voc deveria instruir o help desk para fazer?

A. Modify Windows Firewall and enable File and Printer Sharing in the public profile.B. Modify Windows Firewall and enable File and Printer Sharing in the domain profile.C. Modify the network configuration and define the IPv4 default gateway.D. Modificar a configurao de rede para obter automaticamente um endereo IP e um endereo de

servidor DNS.



Topic 7, Contoso, Ltd

Scenario:

www.certify-me.co.uk 35Microsoft 70-685 ExamYou are an enterprise desktop support technician for Contoso, Ltd.

IP Addressing

Contoso has one office. The IP addressing for Contoso is configured as shown in the following table.


You have an Active Directory forest that contains one domain named contoso.com. All domain controllersrun Windows Server 2008 R2.

An OU exists for each department in the company.

The MainOffice Users and Computers OU contains the OUs for each department in the company. TheUsers OUs contains the user accounts for each department. The Computers OUs contain thecomputeraccounts for each department. The Domain Controllers OU contains the computer accounts for alldomain controllers. The Servers OU contains the computer accounts for all other servers.

Custom Group Policy objects (GPOs) are linked to each departmental OU, the Domain Controllers OU, andthe Servers OU.




A year ago, a Windows Server 2008 R2 VPN server was deployed. Ten sales users participated in a pilotproject to test the new VPN. The pilot project lasted two months. After the pilot project, the VPN server wasput into production. The VPN server allows L2TP/IPSec-based VPN connections only. The VPN server

requires certificate authentication.

Printer Configuration

Network printers are located in a single room on each floor. Users can search Active Directory to findprinters that are nearby. Print1 is the print server for all printers.

Client Computer Configuration

Most users have desktop computers. Several users in the sales and management departments haveportable computers because they travel frequently. All client computers run Windows 7 Enterprise.

The Windows Internet Explorer proxy settings are configured on all client computers by using a GPOnamed GPO-IE. GPO-IE is linked to the domain.

All users in the company use a custom application named App1. App1 is manually installed on all clientcomputers. A new version of App1 is available. Some features in the new version of App1 are incompatiblewith the previous version of App1.

QUESTION 30A ajuda relatrios mesa que vrios usurios usam a verso anterior do App1, o que faz com que algunsdados para se tornar corruptos.

Voc precisa recomendar uma soluo para impedir que todos os usurios usem a verso anterior doApp1.


A. que um administrador de domnio criar um GPO vinculado ao domnio e configurar as definies doAppLocker no GPO

B. that a domain administrator create a GPO linked to the domain and configure Software Installationsettings in the GPO

C. that the new version of App1 be added to the Data Execution Prevention (DEP) settings on each clientcomputer

D. that the previous version of App1 be added to the Data Execution Prevention (DEP) settings on eachclient computer



QUESTION 31Usurios de computadores portteis relatam que eles podem usar o Internet Explorer para navegar emsites de Internet apenas quando eles estiverem conectados rede da empresa.

Voc precisa assegurar que os usurios de computadores portteis podem acessar sites da Internet apartir de onde eles se conectam.


A. Instruct the users to configure static IPv4 settings.B. Instruct the users to configure automatic IPv4 settings.C. Solicitar que um link administrador de domnio GPO-IE para objetos de site do Active Directory.D. Request that a domain administrator create a new GPO that modifies the Internet Explorer Maintenance

settings, and then link the new GPO to the Users OUs.

Correct Answer: CSection: (none)

Explanation


QUESTION 32Um dispositivo de impresso novo est instalado no Piso 1 e compartilhado em Print1.

Usurios relatam que, quando se busca o Active Directory para impressoras no piso 1, a nova impressoracompartilhada est faltando. Todas as outras impressoras compartilhadas no Piso 1 aparecer.

A ajuda relatrios mesa que os usurios podem conectar manualmente impressora compartilhada.Voc precisa garantir que a nova impressora compartilhada exibido quando os usurios procurar porimpressoras no piso 1.


A. Modify the permissions of the printer.B. Configure um local de rede para a impressora.C. Request that a domain administrator modify the Active Directory site configuration.D. Request that a domain administrator modify the GPO that is linked to each departmental OU.



QUESTION 33Os usurios de vendas que faziam parte do relatrio do projeto do servidor VPN piloto que eles no podemmais estabelecer conexes VPN com a rede interna.

Voc precisa se certificar de que todos os usurios autorizados podem estabelecer conexes VPN com arede interna.

O que voc deve solicitar um administrador de domnio para fazer?

A. Permitir a renovao automtica de certificados.B. Increase the lifetime of the Kerberos user ticket.C. Increase the lifetime of the Kerberos service ticket.D. Increase the certification validity period for the computer certificate template.




Topic 8, Fourth Coffee

Scenario:

You are an enterprise desktop support technician for Fourth Coffee.

The network contains a single domain named fourthcoffee.com.

Physical Environment

The company has three offices. The offices are configured as shown in the following table.

www.certify-me.co.uk 40Microsoft 70-685 ExamThe relevant servers are configured as shown in the following table.

The Web1 server is accessible only through the URL http://web1.fourthcoffee.local.

Application Configurations

Fourth Coffee deploys an application named App1 to users in the main office by using a Group Policyobject (GPO) named APP1Deploy. App1 requires that a drive named M be mapped to\\AppServer1\AppData$ . App1 saves information on a local computer if drive M is unavailable. All clientcomputers have drive M.

Security Policy

The corporate security policy states that domain controllers can only be deployed in secure data centers.Branch office 2 does not have a secure data center.


All users connect remotely through VPN1. VPN1 is configured to accept only SSTP-based VPNconnections.

All client computers receive IP configurations from DHCP.

You recently purchased 100 desktop computers from a new hardware vendor.

QUESTION 34As aplicaes de apoio equipe relata que os App1 dados de alguns usurios no so guardados paraAppServer1. A equipe relata que os usurios excludos a unidade mapeada.

Voc precisa impedir os usurios de excluir a unidade mapeada.

As configuraes que devem solicitar ser modificado no GPO APP1Deploy?

A. Administrative TemplatesB. AppLockerC. Poltica de Preferncias grupoD. Software Restriction Policies


Explanation/Reference:Explanation:A. Administrative TemplatesThe Administrative Template files allow you to configure and manage registry-based Group Policy settings.They are Unicode text files with the extension .adm in Windows XP with SP2 and Windows Server 2003with SP1, and XML files with the extensions .admx and .adml in Windows Vista and later versions ofWindows.Standard Administrative Templates are deployed with your Windows operating systems. Administrative

Templates display the registry settings that you can apply to your users' computers in your GPOs.Information in the templates populates the administrative interface in Group Policy Object Editor, which youuse to set secure registry-based policy information. A number of standard templates automatically populatethe Group Policy Object Editor, and you can add or remove templates later. Developers can create customtemplates as needed.C. Group Policy PreferencesYou can use Group Policy preferences to better deploy and manage operating system and applicationsettings.Group Policy preferences enable IT professionals to configure, deploy, and manage operating system andapplication settings they previously were not able to manage using Group Policy. Examples include mappeddrives, scheduled tasks, and Start menu settings. For many types of operating system and applicationsettings, using Group Policy preferences is a better alternative to configuring them in Windows images orusing logon scripts."preferred" but notGroup Policy preferences can be used to implement settings which are mandatory. This enables ITprofessionals to deploy software (including Internet Explorer 8) in a standardized initial configuration andstill permit users to customize some aspects to their liking.

QUESTION 35Usurios em filiais 2 unidades de mapa para pastas compartilhadas em SRV1.

Os usurios relatam que no conseguem acessar os arquivos nas pastas compartilhadas quando o linkWAN entre 2 e filial do escritrio principal no est disponvel. Quando tentam acessar os arquivos, elesso

solicitado a digitar suas credenciais, mas no tm acesso.

Voc precisa se certificar de que os usurios podem acessar as pastas compartilhadas que o link WANfalhar.


A. Instruct a desktop support technician to configure Offline Files on the Windows 7 computers.B. Instruir um tcnico de suporte de desktop para configurar BranchCache no Windows 7 computadores.C. Request that a domain administrator deploy a domain controller in branch office 2.D. Request that a domain administrator enable Universal Group Membership Caching for branch office 2.


Explanation/Reference:Explanation:changed answer from A. to B.You should use BranchCache in distributed mode and not offline files. Offline files are for single-user filesand this question specifies it's a shared folder.

QUESTION 36A ajuda relatrios mesa que os novos computadores experimentam falhas intermitentes que geram errosde parada.

Voc precisa coletar todos os erros crticos dos novos computadores.

O que voc deve configurar?

A. a boot configuration data (BCD) storeB. debugging informationC. inscries em eventosD. the system protection settings

Correct Answer: CSection: (none)

Explanation


QUESTION 37

Usurios VPN relatam que eles no podem acessar recursos compartilhados nas filiais. Eles podemacessar os recursos compartilhados no escritrio principal.

Usurios do relatrio escritrio principal que eles possam acessar recursos compartilhados nas filiais.

Voc precisa se certificar de que os usurios VPN podem acessar recursos compartilhados nas filiais.


A. que uma mudana ser feita para a tabela de roteamento em VPN1B. that VPN1 be configured to support PPTP-based VPN connectionsC. that the routers between the main office and the branch offices be reconfiguredD. that a DNS record for servers in the branch offices be added to the Internet DNS zone for

fourthcoffee.com



Topic 9, Wingtip Toys

Scenario:

You are an enterprise desktop support technician for Wingtip Toys. Wingtip Toys has two offices.


The network contains a single Active Directory domain. An Active Directory site exists for each office. Thenetwork contains the organizational units (OUs) that are shown in the following table.

The network contains an enterprise root certification authority (CA). Certificate autoenrollement is enabledfor all users.


www.certify-me.co.uk 44Microsoft 70-685 ExamEach office has a wireless network. You control access to the wireless network in office 1 by using NetworkAccess Protection (NAP). A Group Policy object (GPO) named GPO1 configures the NAP settings for thecomputers in office 1.

Resource Access

The Documents folders of all users are encrypted by using Encrypting File System (EFS). The Documentsfolders of all users are backed up daily.

A Web server named Web1 hosts an internal Web site named WebSite1. Users connect to WebSite1 fromthe Internet by using the URL http://website1.wingtiptoys.com. The domain name website1.wingtiptoys.comis resolved by using the Hosts file that is located on each client computer.

Users frequently work from home. Home users connect to the internal network by using SSTP- based VPNconnections.

Line of Business Applications

Your company has a line-of-business application named App1. App1 is installed only on computers that runWindows XP. You test App1 by using the Microsoft Application Compatibility Toolkit (ACT). ACT reportsthat App1 can be made compatible to run on Windows 7.

QUESTION 38Voc implantar App1 em um teste de computador Windows 7 e perceber que ele no funciona.

Voc precisa se certificar de que App1 funciona em computadores Windows 7.


A. Digitally sign App1.B. Desenvolver e implantar um calo para App1.C. Configure an AppLocker policy.D. Configure a Software Restriction Policy.


Explanation/Reference:Explanation:http://www.youtube.com/watch?v=XgbjlrdkvUkhttp://technet.microsoft.com/en-us/library/dd837645(v=ws.10).aspxwww.certify-me.co.uk 45Microsoft 70-685 Exam

QUESTION 39Um administrador modifica o endereo IP externo de Web1 e cria um Hosts (A) registro parawebsite1.wingtiptoys.com nos servidores DNS externos.

Seus usurios relatam que eles no podem mais se conectar a website1.wingtiptoys.com da Internet.

Voc precisa se certificar de que os usurios podem se conectar a website1.wingtiptoys.com da Internet.


A. Instruct the users to modify the DNS client settings on their computers.B. Instrua os usurios a remover uma entrada do arquivo hosts que est localizado em seus

computadores.C. Request that an administrator create a Pointer (PTR) resource record for the new IP address of Web1.D. Request that an administrator create an alias (CNAME) resource record for website1.wingtiptoys.com .



QUESTION 40Um grupo de usurios de escritrio 2 viaja para o escritrio de um para trabalhar em um projeto. Os

usurios do relatrio do escritrio 2, que so incapazes de se conectar rede sem fio no escritrio de umde seus computadores portteis.

Um administrador de help desk manualmente fornece aos usurios com acesso rede sem fio.

Voc precisa se certificar de que os usurios da prxima vez de viajar escritrio 2 a 1 escritrio elespodem se conectar rede sem fio no escritrio 1.


A. Link GPO1 to Office2-Users-OU.B. Ligao GPO1 para Office2-Computadores-UO.C. Change the office attribute for the user accounts.D. Change the location attribute for the computer accounts.




QUESTION 41A ajuda relatrios mesa que recebem muitas chamadas de usurios remotos que no podem acessar sitesda Internet, enquanto eles esto conectados VPN. O help desk instrui os usurios a configurarmanualmente a conexo VPN de modo que os usurios podem acessar sites da internet enquanto estiverconectado VPN.

Voc precisa fornecer uma recomendao para reduzir o nmero de chamadas para o help desk sobreesta questo.


A. Deploy a Network Policy Server (NPS).B. Replace the SSTP-based VPN with a PPTP-based VPN.C. Issue computer certificates from a trusted root certification authority (CA) to all remote users.D. Criar e distribuir Connection Manager Administration Kit (CMAK) perfis para todos os usurios remotos.



QUESTION 42Computador de um usurio falhar. O help desk fornece ao usurio com um computador novo. Pasta dedocumentos do usurio restaurado a partir do backup.

O usurio relata que ele no pode mais acessar seus arquivos criptografados. O help desk recupera osarquivos usando um agente de recuperao de dados (DRA).Voc precisa se certificar de que quando os usurios recebem novos computadores, eles podem acessarseus arquivos criptografados sem interveno administrativa.


A. credencial de roaming ser activado(credencial de itinerncia Ser ativado)B. BitLocker be enabled on all computers


C. user accounts be trusted for delegationD. the CA be configured for key archival and recovery


Explanation/Reference:Explanation:A. credencial de roaming ser activadoCredencial de roaming permite que as organizaes para armazenar certificados e chaves privadas nodomnio do Active DirectoryServios (AD DS) separadamente de estado do aplicativo ou informaes de configurao. Credencial deroaming usa os mecanismos existentes de logon e registro automtico de forma segura download decertificados e chaves para um computador local sempre que um usurio faz logon e, se desejado, remov-los quando o usurio faz logoff. Alm disso, a integridade destas credenciais mantida sob quaisquercondies, como quando os certificados so atualizados e quando os usurios fazer logon em mais de umcomputador ao mesmo tempo.B. BitLocker ser habilitado em todos os computadoresContas de usurio C. ser confivel para delegaoEssa configurao de segurana determina quais usurios podem definir a configurao Confivel paradelegao em um usurio ou objeto de computador.O usurio ou objeto que concedido este privilgio deve ter acesso de gravao para os sinalizadores decontrole de contas sobre o usurio ou objeto de computador. Um processo servidor rodando em umcomputador (ou em um contexto de usurio) que confivel para delegao pode acessar recursos emoutro computador usando credenciais de delegados de um cliente, desde que a conta do cliente no tem aconta no pode ser delegada bandeira controle de conta de definir .D. o CA ser configurado para a recuperao de arquivos e chave

Tpico 10, Seguros Humongous

cenrio:

Voc um tcnico de suporte de desktop corporativo da Humongous Insurance.

Configurao do Active Directory

A empresa possui dois escritrios nomeados Office1 e Office2.

A rede contm uma floresta do Active Directory chamado humongousinsurance.com. Um site do ActiveDirectory existe para cada escritrio. Os sites so nomeados Site1 e Site2.Server Configuration

www.certify-me.co.uk 48Microsoft 70-685 ExamAll servers run Windows Server 2008 R2 and are joined to the domain. The relevant servers are configuredas shown in the following table.

The corporate security policy states that all domain controllers must have only the following roles:

- AD DS- DNS server- DHCP server


Site1 and Site2 connect to each other by using a WAN link.

Client Computer Configuration

All client computers run Windows 7 Enterprise and are members of the domain. Some client computers areportable computers and some are desktop computers. The computers do not support hardwarevirtualization.

All computers are configured to receive Windows Updates from WSUS1.

Remote Access Configuration

Users can connect to NPAS1 from the Internet by using all of the VPN protocols that are supported byWindows Server 2008 R2.

Fabrikam, Inc. is a customer of Humongous Insurance. Several Humongous Insurance users work at theFabrikam office and access resources on the Humongous Insurance network by using direct VPNconnections to NPAS1. Fabrikam contains several wireless access points.


www.certify-me.co.uk 49Microsoft 70-685 ExamAll computers in the finance department run a custom application suite named App1.

Several users in the sales department install an application named App2. App2 runs as a service and logson by using the credentials of the user who installed the application.

QUESTION 43Vrios usurios do relatrio departamento de vendas que suas contas de usurio so travadas, logodepois que alterar suas senhas de usurios.

Voc precisa minimizar o nmero de bloqueios de conta que ocorrem depois que os usurios alterem suassenhas.

O que voc deve instruir os usurios a fazer?

A. Delete all entries from the Credential Manager vault.B. Change their passwords and then create a password reset disk.C. Alterar suas senhas e configurar App2 fazer logon usando uma conta de servio.D. Change their passwords and then log off and log back on to their computers.



QUESTION 44A cada dia, 100 usurios em Office2 download de um arquivo de 5 MB catlogo de produtos a partir deuma ao em Server1.

Os relatrios de administrador de rede que os downloads causam uma carga excessiva sobre o link WANentre Office1 e Office2.

Voc precisa recomendar uma soluo para minimizar a utilizao da WAN. A soluo no deve exigir queos servidores adicionais ser implantado.


A. BranchCache no modo de cache distribudoB. BranchCache in hosted cache modeC. Distributed File System Replication (DFSR)D. File Server Resource Management (FSRM)




QUESTION 45Humongous usurios de seguros que trabalham na Fabrikam relatrio que quando se deslocam entrediferentes redes sem fio, eles so solicitados a reconectar manualmente VPN.

Voc precisa se certificar de que os usurios podem ligar automaticamente VPN quando se deslocamentre redes sem fio.


A. that a network administrator create a CNAME record named AUTODISCOVER in thehumongousinsurance.com DNS zone

B. that a network administrator enable Network Load Balancing on NPAS1C. que os usurios usar apenas conexes VPN com base em IKEv2D. that users use only SSTP-based VPN connections



Topic 11, Baldwin Museum of Science

Scenario:

You are an enterprise desktop support technician for the Baldwin Museum of Science.

The Baldwin Museum of Science is located in Dublin. The museum has 2,000 employees. All employeeshave laptop computers that have cellular connections.

The museum has a main office and three satellite offices.


The network contains an Active Directory forest. The forest contains a domain namedBaldwinmuseumofscience.com.

www.certify-me.co.uk 51Microsoft 70-685 ExamThe relevant group policy information is shown in the following table.


All servers are located in the main office and run Windows Server 2008 R2. The relevant servers areconfigured as shown in the following table.

Users access the network remotely by using a DirectAccess connection.

Client Computer Information

All client computers run Windows 7 Enterprise (x86). The client computers are configured to receiveWindows Updates from http://WSUS.


All users run Microsoft Office Outlook 2010 and use Outlook Anywhere. Users access the intranet Web siteby using the URL http://intranet.

The museum hosts several Web sites that use the domain suffix fineartschool.net.

Corporate Security Policy

www.certify-me.co.uk 52Microsoft 70-685 ExamThe corporate security policy states that all updates on client computers must be installed from the internalWSUS server.

QUESTION 46Os usurios relatam que eles s podem acessar os servidores Web fineartschool.net digitando a URLcompleta para os servidores.

Voc precisa recomendar uma soluo que permite que os usurios acessem os servidores da Webusando nomes de rtulo nico. Sua soluo deve garantir que os usurios podem acessar o servidor deintranet usando a URL

http://intranet.


A. the DHCP server option for the DNS domain name be removedB. fineartschool.net be added as the primary DNS suffix in the Default Domain PolicyC. fineartschool.net ser adicionado lista de Pesquisa de Sufixo DNS na Diretiva de Domnio PadroD. the Allow DNS Suffix Appending to unqualified Multi-Label Name Queries setting be enabled in the

Default Domain Policy



QUESTION 47A nova impressora est instalado no FP1 e compartilhado como Printer1.

Usurios relatam que receber um erro ao tentar se conectar a \ \ FP1 \ Printer1, e que depois que clicar emOK que for solicitado um driver de impressora.

O administrador do servidor confirma que a impressora est a funcionar correctamente e que ele podeimprimir uma pgina de teste.

Voc precisa se certificar de que os usurios so capazes de se conectar nova impressora com sucesso.Sua soluo deve minimizar o esforo administrativo.


A. um driver de impressora x86 ser instalado em FP1B. the permissions be changed on the shared printerC. a new Group Policy object (GPO) be created that includes a printer mapping for \\FP1\Printer1D. the Devices: Prevent users from installing printer drivers setting in the Default Domain Policy be set to

disabled



QUESTION 48Vinte novos computadores portteis so unidos ao domnio.

Os usurios dos novos computadores portteis relatam que eles podem acessar o servidor Exchange,mas eles no podem acessar os compartilhamentos de arquivos ou sites internos quando esto fora doescritrio.

Outros usurios remotos possam acessar os compartilhamentos de arquivos e sites internos quando estofora do escritrio.

Voc precisa se certificar de que os usurios dos novos laptops podem acessar compartilhamentos dearquivos e sites na rede interna quando esto fora do escritrio.


A. new user certificates for the laptop usersB. new computer certificates for the laptopsC. the user accounts for the laptop users be added to the Baldwin\Direct Access groupD. as contas de computador para os laptops ser adicionado ao grupo de acesso Baldwin \ Direto



QUESTION 49Os tcnicos de help desk descobrir que as definies do Windows Defender no esto up-to-date emcomputadores clientes. Os tcnicos de help desk relatam que outras atualizaes crticas so aplicadasaos computadores clientes.

Voc precisa se certificar de que todos os computadores clientes tm as ltimas definies do WindowsDefender. Sua soluo deve respeitar a poltica de segurana corporativa.

A. a firewall exception be added for msascui.exeB. o servidor WSUS ser configurado para baixar e aprovar automaticamente as atualizaes do Windows

Defender definioC. the Remove access to use all Windows update features setting in the WSUS Policy GPO be set to

disabledD. the Windows Defender\Turn on definition updates through both WSUS and Windows Update setting in

the WSUS Policy GPO be set to enabled



QUESTION 50Os tcnicos de help desk descobrir que alguns computadores no instalou as ltimas atualizaes para oWindows. Os arquivos de log do Windows Update no os computadores mostram que para concluir ainstalao de vrias atualizaes dos computadores deve ser reiniciado.

Voc precisa garantir que as futuras atualizaes so instaladas com xito em todos os computadores.


A. the logon hours for all user accounts be set from 06:00 to 22:00B. the Delay Restart for scheduled installations setting in the WSUS Policy GPO be set to disabledC. the Allow Automatic Updates immediate installation setting in the WSUS Policy GPO be set to enabledD. o Nenhuma reinicializao automtica com usurios conectados para instalaes de atualizaes

automticas agendadas configurao na poltica WSUS GPO ser definido como desativado


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspx http://technet.microsoft.com/en-us/library/ee532075.aspx

Topic 12, Tailspin Toys

www.certify-me.co.uk 55Microsoft 70-685 ExamScenario:

Background

You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and distributeschildren's toys. The network environment includes a server infrastructure running on Windows Server 2003Service Pack (SP) 2 and Windows Server 2008 R2, Active Directory with the forest and domain levels set atWindows Server 2003, and Active Directory Certificate Services (AD CS) running on Windows Server 2008R2. The company has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA).

The company sites, network connectivity, and site technologies are shown in the following table.

The company's domain controller layout and details are shown in the following table.

The company's client computer configuration details are shown in the following table.

The company uses Microsoft SharePoint 2010 as the company intranet and as a document repository forcompany-related Microsoft Office documents. The URL for the intranet is intranet.tailspintoys.com . Thereis a Group Policy object (GPO) that applies to all client computers that allows employees who areconnected to the corporate network to go to the intranet site without having to enter authenticationinformation.

www.certify-me.co.uk 56Microsoft 70-685 ExamAll users are using Microsoft Internet Explorer 8. All users have enabled the Internet Explorer SmartScreenFilter and the Internet Explorer phishing filter. All of the desktop support technicians are members of asecurity group named Desktop Admins. The Desktop Admins group is a member of the local Administratorsgroup on all client computers. The desktop support technicians use the Microsoft Diagnostics and RecoveryToolset to perform various troubleshooting and repairs.

All Windows 7 client computers have a directory named tailspintoys\scripts in the root of the operatingsystem drive. The directory contains four unique .vbs files named scriptl.vbs, script2.vbs, script3.vbs, andscript4.vbs.

Software Environment

- An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensurethat:No .bat files are allowed to be run by users and rules are enforced- An existing GPO named RestrictApps applies to Windows XP client computers and uses a SoftwareRestriction Policy to ensure that:No .bat files are allowed to be run by users and rules are enforced

Data Protection Environment

- Some users at the Manufacturing site use EFS to encrypt data.- A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA).- The DRA certificate and private key are stored on a portable USB hard drive.

As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month toperform the yearly audit. To prepare for the audit, management has asked you to participate in an internalreview of the company's existing security configurations related to network security and data security. The

management team has issued the following requirements:

New software requirements

- All installation programs must be digitally signed.- Minimum permissions must be granted for installation of programs.

Internet Explorer requirements

- Users must not be able to bypass certificate warnings.- Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT.

Data protection requirements

- All portable storage devices must use a data encryption technology. The solution must meet the followingrequirements:Allow all users a minimum of read access to the encrypted data while working from theircompany client computers.Encrypt entire contents of portable storage devices.Minimize administrativeoverhead for users as files and folders are added to the portable storage devices.

www.certify-me.co.uk 57Microsoft 70-685 Exam- Recovery information for client computer hard drives must be centrally stored and protected with dataencryption.

Exam B

QUESTION 1Usurios no local de fabrico deve ter um mtodo secundrio de descriptografar seus arquivos existentes,se perder o acesso ao seu certificado e uma chave privada ou se o certificado do administrador EFS noest disponvel.

Voc precisa recomendar uma soluo para garantir que um mtodo secundrio est disponvel para osusurios. A soluo no deve exigir o acesso ou alterar os ficheiros existentes criptografadas antes dedescriptografar eles.

O que voc deve recomendar que os usurios fazem?

A. From the command line, run the cipher.exe /e command.B. From the command line, run the certutil.exe /backupKey command.C. Enroll for a secondary EFS certificate.D. Exportar seus certificados EFS com chaves privadas para um local externo.



QUESTION 2Voc precisa recomendar uma soluo para fazer backup de informaes de recuperao do BitLockercom base nos requisitos da empresa de proteo de dados existentes. A soluo deve incluir o destino debackup e os pr-requisitos da soluo.

O que voc deve recomendar? (Escolha todas que se aplicam.)

A. Upgrade all Windows XP client computers to Windows 7.B. Armazenar as informaes de recuperao do BitLocker no Active Directory.C. Create a GPO to enroll users for a Basic EFS certificate automatically.D. Raise the forest functional level to Windows Server 2008 R2.E. Store each user's BitLocker recovery information on USB keychain drives.F. Importar o arquivo BitLockerTPMSchemaExtension.ldf ao Active Directory.

Correct Answer: BFSection: (none)Explanation



QUESTION 3Um usurio no local de sede capaz de executar. Morcego arquivos em LAPTOP01. No entanto, vocpercebe que a AppLockdown GPO foi aplicado com sucesso para o computador.

computador do usurio est em conformidade com o actual AppLockdown GPO Voc precisa se certificarde que oconfiguraes.

Que servio voc deve comear em LAPTOP01?

A. Application ExperienceB. Identidade do aplicativo

C. Application ManagementD. Application Information


Explanation/Reference:Explanation:Determines and verifies the identity of an application. Disabling this service will prevent AppLocker frombeing enforced.

QUESTION 4Os usurios so solicitados a fornecer credenciais de autenticao quando se navega para a intranet deservidores da empresa.

Voc precisa assegurar que os usurios podem acessar a intranet de servidores da empresa sem ter deintroduzir a sua informao de autenticao.


A. Add the intranet fully qualified domain name to the local intranet zone.B. Habilite o logon automtico somente na zona da intranet opo nas configuraes do Microsoft Internet

Explorer no GPO.C. Reset the local intranet zone custom settings to Low.D. Disable the Allow websites to prompt for information using scripted windows setting in the Microsoft

Internet Explorer settings in the GPO.


Explanation/Reference:Explanation:answer changed from A. to B.


Logon HTTP authentication honors the zone security policy for Logon credentials, which may have one offour values:Automatic logon only in intranet zone. Prompts for user ID and password in other zones. After the user isprompted, this value can be used silently for the remainder of the session. Anonymous Logon. DisablesHTTP authentication; uses guest account only for Common Internet File System (CIFS).Prompt for username and password. Prompts for user ID and password. After the user is prompted, thisvalue may be used silently for the remainder of the session. Automatic logon with current username andpassword. The logon credential may be tried silently by WindowsNT Challenge response (NTLM), anauthentication protocol between an end-user client and application server, before prompting.http://technet.microsoft.com/en-us/library/dd346862.aspx


QUESTION 5Ao visitar determinados sites, os usurios recebem uma mensagem no Internet Explorer. A mensagem mostrada na exposio. (Clique no boto Exibir.)

Voc precisa se certificar de que as configuraes do Internet Explorer para todos os computadoresclientes seguir as exigncias da empresa.

O que voc deve modificar na Diretiva de Grupo?

A. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on ProtectedMode setting.

B. Disable the Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors setting.C. Permitir que o Internet Explorer \ Painel de Controlo da Internet \ Prevenir ignorando configurao erros

certificado.D. Disable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.E. Enable the Windows Components\Windows Error Reporting\Disable Windows Error Reporting setting.F. Enable the Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client

certificate selection when no certificate or only one certificate setting.



QUESTION 6Existente Internet Explorer configuraes de segurana e GPOs so aplicados em toda a empresa. Noentanto, os usurios esto visitando sites conhecidos pelo Internet Explorer para hospedar contedomalicioso.Voc precisa se certificar de que os usurios no podem visitar esses sites.Qual configurao no GPO que voc deve permitir para atingir esse objetivo?

A. Turn off Managing SmartScreen Filter for Internet Explorer 8B. Ignorando avisos evitar SmartScreen FiltroC. Turn on ActiveX FilteringD. Prevent ignoring certificate errorsE. Turn off Managing Phishing filter


Explanation/Reference:Explanation:The SmartScreen Filter prevents users from navigating to and downloading from sites known to hostmalicious content, including Phishing or malicious software attacks. If you enable this policy setting, theuser is not permitted to navigate to sites identified as unsafe by the SmartScreen Filter.If you disable this policy setting or do not configure it, the user can ignore SmartScreen Filter warnings andnavigate to unsafe sites.

http://maximumpcguides.com/windows-7/prevent-a-user-from-bypassing-the-smartscreen-filter- warnings-ininternet-explorer/http://technet.microsoft.com/en-us/library/cc985351.aspx

QUESTION 7Voc precisa identificar qual dos computadores da empresa do cliente so candidatos a usar o BitLockerem que o sistema operacional do disco rgido.

Que os computadores cliente que voc recomendaria? (Escolha todas que se aplicam.)

A. all client computers at the Sales siteB. todos os computadores clientes no site da SedeC. all client computers in the Manufacturing siteD. all client computers that are not TCG compliant



Answer changed from C. to B.Chapter 4 Lesson 3 p 175BitLocker Drive Encryption is a data protection feature available in Windows 7 Enterprise and Windows 7Ultimate for client computers and in Windows Server 2008 R2. http://technet.microsoft.com/en-us/library/ee449438(v=ws.10).aspxQUESTION 8Um novo computador cliente se juntou recentemente ao domnio da empresa. No entanto, ele no tem asltimas actualizaes do Windows instalado.

Voc precisa se certificar que o computador cliente usa a empresa Enterprise Servers de distribuio deatualizaes para instalar as atualizaes do Windows imediatamente.


A. Start the Windows Installer service.B. Run the wuauclt.exe /resetauthorization command.

C. Execute o comando wuauclt.exe / detectnow.D. Run the net start Trustedlnstaller command.


Explanation/Reference:Explanation:http://technet.microsoft.com/en-us/library/cc708617(WS.10).aspxwww.certify-me.co.uk 63Microsoft 70-685 Exam

QUESTION 9Um laptop pessoal chamada LAPTOP02 usado como um computador cliente no local da sede.LAPTOP02 corre a verso de 64 bits do Windows 7 Professional.

Voc saber que o AppLockdown GPO foi aplicado com sucesso para o computador. No entanto, vocpercebe que o usurio ainda capaz de executar. Bat.

Voc precisa se certificar que o computador possa cumprir com as configuraes existentes AppLockdownGPO.


A. Executar uma instalao limpa da verso de 64 bits do Windows 7 Enterprise.B. Add LAPTOP02 to the security filtering on the AppLockdown GPO.C. Perform a clean installation of the 32-bit version of Windows 7 Professional.D. Run the gpupdate /force command.


Explanation/Reference:Explanation:Chapter 24 p 1143AppLocker is available in all editions of Windows Server2008R2 and in Windows7 Ultimate and Windows7Enterprise. Windows7 Professional can be used to create AppLocker rules. However, AppLocker rulescannot be enforced on computers running Windows7 Professional. Organizations should use AppLocker forall computers that support it. http://technet.microsoft.com/en-us/library/dd759117.aspx

QUESTION 10arrastar e soltar

Um usurio perdeu a chave EFS privado e no pode acessar sua pasta criptografada.

Baseado na configurao atual da empresa, voc precisa saber como recuperar a pasta criptografada.

Que duas aes que voc deve executar em seqncia? (Para responder, mover as aes apropriadas nalista de aes para a rea de resposta e organiz-los na ordem correta.)

A.B.C.D.

Correct Answer: Section: (none)Explanation

Explanation/Reference:

Explanation:


QUESTION 11arrastar e soltar

Voc cria uma exceo para o suplemento existente na poltica da empresa para o Microsoft InternetExplorer.

Voc precisa modificar a poltica de grupo para garantir que os usurios podem gerenciar o InternetExplorer especfica add-ons.

Que duas aes que voc deve executar em seqncia? (Para responder, mover as aes apropriadas nalista de aes para a rea de resposta e organiz-los na ordem correta.)

A.B.C.D.

Correct Answer: Section: (none)Explanation

Explanation/Reference:www.certify-me.co.uk 66Microsoft 70-685 Exam

Explanation:

Topic 13, Enterprise Company

Scenario:

Background

You are the desktop support technician for an enterprise company. The company offices, sizes, andplatforms are shown in the following table.


The Beijing office has been experiencing remote access issues.company's client computers run Windows Vista and Windows 7. The company is in the Theprocess of upgrading the Windows Vista client computers to Windows 7. All client computers have twovolumes, as shown in the following table.

The company's password policy is shown in the following table.

company's account lockout policy is shown in the following table.The

Software Environment

- The company has a single Active Directory Domain Services (AD DS) forest with one domain. All domaincontrollers run Windows Server 2008 R2. The forest and domain functional levels are set to WindowsServer 2008 R2.- The company outsources sales support to a third party.- Each member of the Sales Support team has an AD DS user account in a global security group

www.certify-me.co.uk 68Microsoft 70-685 Examnamed Sales.- The Sales security group and the AD DS user accounts for the Sales Support team reside in anorganizational unit (OU) named Sales Support.- Members of the Sales Support team do not use domain-joined client computers.- With the exception of the Sales Support team, all user accounts reside in an OU named Employees.- All client computers reside in an OU named Client Computers.- A global security group named Accounting contains users with domain accounts. They use portablecomputers running Windows 7 that are joined to the domain.

- The company uses DirectAccess for remote access connectivity. Windows 7 domain-joined computershave been configured to use DirectAccess.- The company uses Microsoft Exchange and Outlook Web App (OWA) for email and collaboration. Thecompany has enabled password reset through OWA.

The company uses AppLocker to prevent users from running certain programs. AppLocker rules aredefined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only contains AppLockerpolicy settings.

Wireless Requirements

The company has wireless access points (WAPs) that provide wireless connectivity at some locations. Thecompany uses a GPO named WiFi to enforce wireless security. The WiFi GPO is linked to the domain.

The company mandates that all domain-joined computers must connect to corporate WAPs automatically.The company's 802.1 X authentication server must be used for client computer connections to the WAP.

Visitors and contractors are unable to connect to the corporate wireless network. Management hasmandated that a guest wireless network be established that meets the following criteria:

- Users should not have to provide credentials.- Maximize wireless network performance.- Minimize administrative overhead.

Data Protection Environment

- Full system backups are performed on client computers on Sundays with one week of retention.- All client computers are configured with System Protection settings to restore only previous versions offiles.

QUESTION 12Voc est implantando um WAP em um dos locais da empresa.

Voc precisa se certificar de que cumpre os requisitos de conectividade sem fio da empresa.

A. Vincular o GPO a uma unidade organizacional que contm todas as contas de computador cliente.B. Create a GPO and define an IP Security policy.C. Criar um GPO e definir uma poltica de rede sem fio (IEEE 802.IX).D. Create a GPO and define a Network List Manager policy.E. Link the GPO to an OU that contains all user accounts.

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:Explanation:Might be related to Exam B Question 12 Topic 13, Enterprise Company no sure about answers

QUESTION 13Depois de modificar Corp GPO, os usurios no podem fazer logon em seus computadores.

Voc precisa assegurar que os usurios podem fazer logon em seus computadores.

O que voc deve fazer? (Escolha todas que se aplicam.)

A. Modificar Corp GPO para que as regras padro so criadosB. Log off the client computers and log back onC. Reinicie os computadores clienteD. Modify Corp GPO so that all rules are deleted

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:Explanation:Might be related to Exam B Question 12 Topic 13, Enterprise Company no sure about answer

QUESTION 14Os tcnicos da empresa de help desk gastar uma quantidade significativa de tempo pesquisando se asquestes de acesso remoto esto relacionados com a rede corporativa ou conectividade usuriosContabilidade do grupo Internet.

Voc precisa recomendar uma soluo que minimiza o tempo gasto identificando a causa dos problemasde acesso remoto.

A. Implantar o assistente de conectividade do DirectAccess em computadores portteis do grupo deContabilidade.

B. Deploy the DirectAccess Connectivity Assistant on the help desk technicians' computers.C. Enable Windows Firewall logging on DirectAccess servers.D. Enable Windows Firewall logging on the portable computers.

Correct Answer: ASection: (none)Expl

Microsoft.Certify-Me.70-685.v2012-11-13.by.Cris.191q (1

Documents

Transcript of Microsoft.Certify-Me.70-685.v2012-11-13.by.Cris.191q (1