★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 70-685 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/70-685-dumps.html
Q11. A Windows 7 client computer named PCO1 has intermittent performance issues.
Each time a performance issue occurs, an associated event log entry is written to the Application event log.
You need to ensure that a Windows 7 administrative computer named PC02 receives the event log entries from PCO1.
What should you do? (Choose all that apply.)
A. E. F. Software Environment An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that: No .bat files are allowed to be run by users and rules are enforced An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that: No .bat files are allowed to be run by users and rules are enforced Data Protection Environment Some users at the Manufacturing site use EFS to encrypt data. A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA). The DRA certificate and private key are stored on a portable USB hard drive. As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company's existing security configurations related to network security and data security. The management team has issued the following requirements: New software requirements All installation programs must be digitally signed. Minimum permissions must be granted for installation of programs. Internet Explorer requirements Users must not be able to bypass certificate warnings. Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT. Data protection requirements All portable storage devices must use a data encryption technology. The solution must meet the following requirements: Allow all users a minimum of read access to the encrypted data while working from their company client computers. Encrypt entire contents of portable storage devices. Minimize administrative overhead for users as files and folders are added to the portable storage devices. Recovery information for client computer hard drives must be centrally stored and protected with data encryption. Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin's certificate is not available. You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them. What should you recommend that the users do? A. From the command line, run the cipher.exe /e command. B. From the command line, run the certutil.exe /backupKey command. C. Enroll for a secondary EFS certificate. D. Export their EFS certificates with private keys to an external location. Answer: D Q15. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series. Topic 2, City Power & Light Scenario: You are an enterprise desktop support technician for City Power & Light. City Power & Light is a utility company. The company has a main office and a branch office. The main office is located in Toronto. The branch office is located in Boston. The main office has 1,000 employees. The branch office has 10 employees. Active Directory Configuration The network contains a single Active Directory domain named cpandl.com. The functional level of the forest is Windows Server 2008 R2. Server Configuration All servers run Windows Server 2008 R2. The relevant servers in the main office are configured as shown in the following table: All computers in the main office are configured to use DHCP. All computers in the branch office are configured to use static IP addresses. User Information All user accounts are standard user accounts. All client computers run Windows 7 Enterprise. Each portable computer has a PPT P-based VPN connection to the internal network. Corporate Security Guidelines All users must be granted the least privileges possible. All locally stored documents must be encrypted by using Encrypting File System (EFS). The hard disk drives on all port able computers must be encrypted by using Windows BitLocker Drive Encryption (BitLocker). All encryption certificates must be stored on smart cards. The company is deploying a new application. When users attempt to install the application, they receive an error message indicating that they need administrative privileges to install it. You need to recommend a solution to ensure that users can install the application. The solution must adhere to the corporate security guidelines. What should you recommend? A. Publish the application by using a Group Policy. B. Disable User Account Control (UAC) by using a Group Policy. C. Add all domain users to the local Power Users group by using Restricted Groups. D. Add the current users to the local Administrators group by using Group Policy preferences. Answer: A Q16. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series. Topic 13, Enterprise Company Scenario: Background You are the desktop support technician for an Enterprise Company. The company offices, sizes, and platforms are shown in the following table: Software Environment The company has a single Active Directory Domain Services (AD DS) forest with one domain. All domain controllers run Windows Server 2008 R2. The forest and domain functional levels are set to Windows Server 2008 R2. The company outsources sales support to a third party. Each member of the Sales Support team has an AD DS user account in a global security group named Sales. The Sales security group and the AD DS user accounts for the Sales Support team reside in an organizational unit (OU) named Sales Support. Members of the Sales Support team do not use domain-joined client computers. With the exception of the Sales Support team, all user accounts reside in an OU named Employees. All client computers reside in an OU named Client Computers. A global security group named Accounting contains users with domain accounts. They use portable computers running Windows 7 that are joined to the domain. The company uses DirectAccess for remote access connectivity. Windows 7 domain-joined computers have been configured to use DirectAccess. The company uses Microsoft Exchange and Outlook Web App (OWA) for email and collaboration. The company has enabled password reset through OWA. The company uses AppLocker to prevent users from running certain programs. AppLocker rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only contains AppLocker policy settings. Wireless Requirements The company has wireless access points (WAPs) that provide wireless connectivity at some locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO is linked to the domain. The company mandates that all domain-joined computers must connect to corporate WAPs automatically. The company's 802.1 X authentication server must be used for client computer connections to the WAP. Visitors and contractors are unable to connect to the corporate wireless network. Management has mandated that a guest wireless network be established that meets the following criteria: Users should not have to provide credentials. Maximize wireless network performance. Minimize administrative overhead. Data Protection Environment Full system backups are performed on client computers on Sundays with one week of retention. All client computers are configured with System Protection settings to restore only previous versions of files. The company's help desk technicians spend a significant amount of time researching whether remote access issues are related to the corporate network or to Accounting group users' Internet connectivity. You need to recommend a solution that minimizes time spent indentifying the cause of the remote access issues. What should you recommend? A. Deploy the DirectAccess Connectivity Assistant on the Accounting group's portable computers. B. Deploy the DirectAccess Connectivity Assistant on the help desk technicians' computers. C. Enable Windows Firewall logging on DirectAccess servers. D. Enable Windows Firewall logging on the portable computers. Answer: A Q17. All client computers on your company network run Windows 7. An application has stopped working. The application is dependent on a service that runs automatically and logs on to the domain by using a dedicated service account. You also discover that an entry in the event log has the following message: "Logon failure: unknown user name or bad password." You need to ensure that the service runs successfully. What should you do? A. Add the dedicated account to the local Administrators group. B. Add the employee user account to the local Administrators group. C. Reset the employee password and configure it to never expire. D. Reset the service account password and configure it to never expire. Answer: D Q18. All client computers on your company network run Windows 7 and are members of an Active Directory Domain Services domain. AppLocker is configured to allow only approved applications to run. Employees with standard user account permissions are able to run applications that install into the user profile folder. You need to prevent standard users from running unauthorized applications. What should you do? A. Create Executable Rules by selecting the Create Default Rules option. B. Create Windows Installer Rules by selecting the Create Default Rules option. C. Create the following Windows Installer Rule: Deny Everyone - %OSDRIVE%\Users\<user name>\Downloads\* D. Create the following Executable Rule: Deny - Everyone - %OSDRIVE%\Users\<user name>\Documents\* Answer: A Q19. All client computers on your company network run Windows 7. The Finance department staff run an application that collects data from 09:30 hours to 15:00 hours everyday. After data collection, the application generates reports that contain data aggregation for the day and the previous week. During report generation, the Finance department staff experience slow performance on their computers. You discover that the usage of the processor on these computers is between 90 and 100 percent. You need to reduce the impact of report generation on the Finance computers. What should you do? A. Set the priority of the application to Low. B. Set the priority of the application to Real-time. C. Configure the processor affinity mask to ensure that the application uses all the available processors. D. Modify the memory settings of the computers to optimize the performance of the background applications. Answer: A Q20. Five users from the main office travel to the branch office. The users bring their portable computers. The help desk reports that the users are unable to access any network resources from the branch office. Branch office users can access the network resources. You need to ensure that the main office users can access all network resources by using their portable computers in the branch office. The solution must adhere to the corporate security guidelines. What should you instruct the help desk to do on the portable computers? A. Create a new VPN connection. B. Add the users to the local Administrators group. C. Add the users to the Network Configuration Operators group. D. Configure the alternate configuration for the local area connection. Answer: D