Latest Braindump2go 70-687 Certification PDF With 100% Guarantee Pass (31-45)

Official Microsoft Exam Center – 70-687 Latest Added Dumps Questions are Free Download from Braindump2go Now! 100% Time Saving and 100% Guaranteed Pass!

Vendor: Microsoft
Exam Code: 70-687
Exam Name: Configuring Windows 8.1

110

QUESTION 31
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1.
You need to minimize the amount of Trusted Platform Module (TPM) authorization information that is stored in the registry. What should you do?

A.    Enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 for the Configure TPM
validation profile for native UEFI firmware configuration policy setting.

B.    Create a Group Policy object (GPO) that disables the Configure the level of TPM owner authorization
information available to operating system policy setting.

C.    Create a Group Policy object (GPO) that sets the Configure the level of TPM owner authorization
information available to operating system policy setting to None.

D.    Create a Group Policy object (GPO) that enables the Turn on TPM Local Encryption policy setting.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/jj679889.aspx#BKMK_tpmgp_oauthos
Configure the level of TPM owner authorization information available to the operating system
This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information that is stored locally, the Windows operating system and TPM- based applications can perform certain actions in the TPM that require TPM owner authorization without requiring the user to enter the TPM owner password.
There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of Full, Delegate, or None. Full – This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM- based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.
Delegated – This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM- based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value–for example, backing up the value in Active Directory Domain Services (AD DS).
None – This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.

QUESTION 32
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1 and are joined to the domain.
You have the following requirements:
– Ensure that files in shared network folders are available offline.
– Minimize all data access times.
– Reduce network bandwidth usage.
You need to configure Group Policy settings to meet the requirements.
What should you do first?

A.    Enable the Enable file synchronization on costed networks policy setting.
B.    Enable and configure the Configure slow-link mode policy setting.
C.    Enable and configure the specify administratively assigned Offline Files policy setting.
D.    Enable the Synchronize all offline files when logging on policy setting.

Answer: B
Explanation:
Enable the Always Offline Mode to Provide Faster Access to Files:
To enable the Always Offline Configure slow-link mode policy setting and set the latency to mode, use Group Policy to enable the 1 (millisecond).
Doing so causes client computers running Windows 8 or Windows Server 2012 to automatically use the Always Offline mode.
http://technet.microsoft.com/en-us/library/hh968298.aspx

QUESTION 33
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1 and are joined to the domain.
You have the following requirements:
– Ensure that files in shared network folders are available offline.
– Maximize efficiency for users who connect to shared network folders from a mobile device.
You need to configure Group Policy settings to meet the requirements.
What should you do first?

A.    Enable and configure the Configure slow-link mode policy setting.
B.    Enable the Enable file synchronization on costed networks policy setting.
C.    Enable the Synchronize all offline files when logging on policy setting.
D.    Enable and configure the Specify administratively assigned Offline Files policy setting.

Answer: B
Explanation:

wpsFB43.tmp_thumb[2]

wps3A17.tmp_thumb

http://technet.microsoft.com/en-us/library/jj127408.aspx
Enable Background File Synchronization on Metered Networks
This document describes how to enable background file synchronization of Offline Files while using metered connections that have usage limits, and while roaming on another provider’s network.
Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 support cost-aware synchronization by automatically tracking roaming and bandwidth usage limits while on metered connections. By default, when the user is using a metered connection (such as a 4G mobile network) and is near or over their bandwidth limit or roaming on another provider’s network, Windows switches to Offline mode and disables background synchronization. Users can still manually initiate synchronization, and administrators can override cost-aware synchronization for specific users, such as executives.

QUESTION 34
A company has a main office and several branch offices. The company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 8.1.
All printers are deployed to all client computers by using Group Policy.
When a user attempts to print from his portable client computer while at a branch office, the main office printer is set as his default printer.
You need to ensure that a location-specific default printer for each branch office is set for the user.
What should you do?

A.    Create a Group Policy object (GPO) that enables the Computer location policy setting.
B.    In the Manage Default Printers dialog box, select the Always use the same printer as my default
printer option.

C.    In the Manage Default Printers dialog box, select the Change my default printer when I change
networks option.

D.    Create a Group Policy object (GPO) that enables the Allow Print Spooler to accept client connections
policy setting.

Answer: C
Explanation:
http://windows.microsoft.com/en-us/windows-8/set-change-your-default-printer Set or change your default printer
To set a different default printer for each network
3. Tap or click any printer, and then tap or click Manage default printers.
4. Select Change my default printer when I change networks.
5. Under Select network, choose the first network you want to set a printer for.
6. Under Select printer, choose the printer you want to be the default on that network, and then tap or click Add.
7. When you’re finished setting a default printer for each network, tap or click OK.

QUESTION 35
A computer runs Windows 8.1.
You install an application by running an .msi file.
You need to apply a patch to the application.
Which command should you run?

A.    dism /Online /add-package:C:\MyPatch.msp
B.    dism /get-AppPatches /get-PackageInfo:C:\MyPatch.msp
C.    msiexec /x "C:\MyPatch.msp"
D.    msiexec /p "C:\MyPatch.msp"

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc759262%28v=ws.10%29.aspx Msiexec (command-line options)
To apply an update
Syntax
msiexec /p UpdatePackage
Parameters
/p Applies an update.
UpdatePackage Specific update.

QUESTION 36
A company has client computers that run Windows 8.1.
Users can run applications that have been downloaded from the Internet only with administrator approval.
You need to ensure that users can run downloaded applications without administrator approval. What should you do?

A.    Set the Internet zone privacy level to Low.
B.    Set the Internet zone security level to Medium.
C.    Set the User Account Control (UAC) settings to Never notify.
D.    Turn off Windows SmartScreen.

Answer: A

QUESTION 37
You manage computers that run Windows 8.1.
You plan to install a desktop app named MarketingApp on one of the client computers.
You need to display a progress bar to the user while installing the app.
Which command should you run?

A.    msiexec /i marketingapp.msi /qn
B.    msiexec /i marketingapp.msi /qb
C.    msiexec /x marketingapp.msi /qb
D.    msiexec /x marketingapp.msi /qn

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/cc759262(v=ws.10).aspx
/i installs or configures a product
/qb displays a basic user interface
/qn Displays no user interface.
/x Uninstalls a product.

QUESTION 38
A company has client computers that run Windows 8.1.
You set up new virtual private network (VPN) connections on all client computers.
The VPN connections require the use of a smart card for authentication.
Users are unable to connect to the corporate network by using the VPN connections.
The connection properties are configured as shown in the exhibit. (Click the Exhibit button.)

wps6FC8.tmp_thumb

You need to ensure that the client computers can connect to the corporate network.
What should you do?

A.    Enable Challenge Handshake Authentication Protocol (CHAP).
B.    Change the VPN type to IKEv2.
C.    In the advanced settings, select Use preshared key for authentication.
D.    Change the authentication setting to Use Extensible Authentication Protocol (EAP).

Answer: D
Explanation:
http://support.microsoft.com/kb/259880
Configuring a VPN to Use Extensible Authentication Protocol (EAP)
EAP can be used to provide an added layer of security to VPN technologies such as Point- to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). EAP enables this functionality through Certificate Authority (CA) and SmartCard technologies, which provide mutual authentication of the client and the server.
http://technet.microsoft.com/en-us/library/cc739449%28v=ws.10%29.aspx
Smart cards and remote access VPN connections
The use of smart cards for user authentication is the strongest form of authentication in the Windows Server 2003 family. For remote access VPN connections, you must use Extensible Authentication Protocol (EAP) with the Smart card or other certificate (TLS) EAP type, also known as EAP-Transport Level Security (EAP-TLS).

QUESTION 39
You update the video card driver on a portable computer that runs Windows 8.1.
When a user connects the portable computer to an external monitor, the external monitor duplicates the display on the portable computer screen.
You need to ensure that the user can display additional desktop space on the external monitor.
What should you do?

A.    Run the DisplaySwitch /extend command.
B.    Start the computer from the Windows 8 installation media and perform a system image recovery.
C.    Roll back the video card driver to the previous version.
D.    Run the sic /scannow command.

Answer: A
Explanation:
http://jeffwouters.nl/index.php/2012/06/switch-your-display-through-the-command-line/
Switch your display through the command line
displayswitch.exe parameters:

wps9B6B.tmp_thumb[2]

QUESTION 40
A company has client computers that run Windows 8.1.
You attempt to roll back a driver for a specific device on a client computer.
The Roll Back Driver button is unavailable in Device Manager.
You need to roll back the driver to the previous version.
What should you do first?

A.    In the system properties for hardware, modify the device installation settings.
B.    Disable driver signature enforcement.
C.    In the local Group Policy, modify the device installation restrictions.
D.    Run Device Manager as an Administrator.

Answer: D
Explanation:
http://technet.microsoft.com/en-us/library/cc732648.aspx
Roll Back a Device Driver to a Previous Version
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review the details in "Additional considerations" in this topic.

QUESTION 41
You update the video card driver on a computer that runs Windows 8.1.
You can no longer configure the display settings to extend the display to a projector.
You need to restore the display options as quickly as possible and retain all user data.
What should you do?

A.    Roll back the video card driver to the previous version.
B.    Run the DisplaySwitch/extend command.
C.    Run the sic /scannow command.
D.    start the computer from the Windows 8.1 installation media and perform a system image recovery.

Answer: A
Explanation:
Rolling back the driver is the simplest and fastest solution.
Example:

wpsD57F.tmp_thumb

wpsEFC3.tmp_thumb

Further Information:
The DisplaySwitch /extend command might not work is the driver is broken.
The sfc /scannow command checks system files for consistency.
And a system image recovery will affect the user data.

QUESTION 42
A company has client computers that run Windows 8.1.
Each computer has two hard drives.
You need to create a dynamic volume on each computer that maximizes write performance.
Which kind of dynamic volume should you create?

A.    Striped volume
B.    RAID 5 volume
C.    Spanned volume
D.    Mirrored volume

Answer: A
Explanation:
http://technet.microsoft.com/en-us/library/cc737048%28v=ws.10%29.aspx
What Are Dynamic Disks and Volumes?
Types of Dynamic Volumes
A dynamic volume is a volume that is created on a dynamic disk. Dynamic volume types include simple, spanned, and striped volumes.
Striped Volumes
Striped volumes improve disk input/output (I/O) performance by distributing I/O requests across disks. Striped volumes are composed of stripes of data of equal size written across each disk in the volume. They are created from equally sized, unallocated areas on two or more disks.
Striped volumes cannot be extended or mirrored and do not offer fault tolerance. If one of the disks containing a striped volume fails, the entire volume fails, and all data on the striped volume becomes inaccessible. The reliability for the striped volume is less than the least reliable disk in the set.
Further Information:
RAID-5 Volumes
A RAID-5 volume is a fault-tolerant volume that stripes data and parity across three or more disks. Parity is a calculated value that is used to reconstruct data if one disk fails. RAID-5 volumes are typically created by the user who requires fault-tolerance and who has at least three disks in their computer. If one of the disks in the RAID-5 volume fails, the data on the remaining disks, along with the parity information, can be used to recover the lost data. RAID-5 volumes are well-suited to storing data that will need to be read frequently but written to less frequently. Database applications that read randomly work well with the built-in load balancing of a RAID-5 volume.
Spanned Volumes
Spanned volumes combine areas of unallocated space from multiple disks into one logical volume. The areas of unallocated space can be different sizes. Spanned volumes require two disks, and you can use up to 32 disks.
Mirrored Volumes
A mirrored volume is a fault-tolerant volume that provides a copy of a volume on another disk. Mirrored volumes provide data redundancy by duplicating the information contained on the volume. The two disks that make up a mirrored volume are known as mirrors. Each mirror is always located on a different disk. If one of the disks fails, the data on the failed disk becomes unavailable, but the system continues to operate by using the unaffected disk.
Mirrored volumes are typically created by the user who requires fault-tolerance and who has two disks in their computer. If one disk fails, the user always has a copy of their data on the second disk. Mirrored volumes provide better write performance than RAID-5 volumes.

QUESTION 43
A company has client computers that run Windows 8.1.
The corporate network is configured for IPv4 and IPv6.
You need to disable Media Sensing for IPv6 on the client computers without affecting IPv4 communications.
What should you do on each client computer?

A.    Run the Disable-NetAdapterBinding Windows PowerShell cmdlet.
B.    Run the Disable-NetAdapter Windows PowerShell cmdlet.
C.    Run the Set-NetlPv6Protocol Windows PowerShell cmdlet.
D.    Run the Set-NetlPv4Protocol Windows PowerShell cmdlet.

Answer: C
Explanation:
http://technet.microsoft.com/en-us/library/hh826144.aspx
Set-NetIPv6Protocol [-DhcpMediaSense<DhcpMediaSense>]
Modifies the DHCPMediaSense property. This parameter value provides a mechanism for the network adapter to notify the protocol stack of media connect and disconnect events. These events trigger the DHCP client to take some action, such as attempting to renew a DHCP lease or removing routes related to a disconnected network. One application of Media Sense enables the network parameters on the notebook computer of a roaming user to automatically and transparently update without rebooting when the user moves from one location to another.
The acceptable values for this parameter are:
— Enabled: DhcpMediaSense set to Enabled.
— Disabled: DhcpMediaSense is set to Disabled.
The default value is Enabled.

QUESTION 44
A company has 100 client computers that run Windows 8.1.
The client computers are members of a workgroup.
A custom application requires a Windows Firewall exception on each client computer.
You need to configure the exception on the client computers without affecting existing firewall settings.
Which Windows PowerShell cmdlet should you run on each client computer?

A.    New-NetFirewallRule
B.    Set-NetFirewallSetting
C.    Set-NetFirewallRule
D.    Set-NetFirewallProfile
E.    New-NetIPSecMainModeRule

Answer: A
Explanation:
Creates a new inbound or outbound firewall rule and adds the rule to the target computer.
http://technet.microsoft.com/en-us/library/jj554908.aspx
New-NetFirewallRule
The New-NetFirewallRule cmdlet creates an inbound or outbound firewall rule and adds the rule to the target computer.
Further information:
Set-NetFirewallSetting
The Set-NetFirewallSetting cmdlet configures properties that apply to the firewall and IPsec settings, regardless of which network profile is currently in use. This cmdlet allows the administrator to specify global firewall behavior.
Set-NetFirewallRule
The Set-NetFirewallRule cmdlet modifies existing firewall rule properties.
Set-NetFirewallProfile
The Set-NetFirewallProfile cmdlet configures options for the profiles, including domain, public, and private, that are global, or associated with the input rules.
New-NetIPSecMainModeRule
The New-NetIPsecMainModeRule cmdlet creates an IPsec main mode rule. A main mode rule contains a set of local and remote end points to determine the peers to which it applies. When an application on the local computer attempts to communicate with one of these specified remote hosts, the computer attempts to establish a security association (SA) with the remote server.

QUESTION 45
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 8.1 and are members of the domain. Client computers maintain a list of sites in the Internet Explorer Restricted Sites security zone. Users of one client computer are able to download and install an application from a site within the Restricted Sites zone.
You need to ensure that users of the computer can install applications only from sites that are not in the Restricted Sites zone.
What should you do?

A.    Run the Set-ExecutionPolicy Windows PowerShell cmdlet.
B.    Configure the Software Restriction Policy settings in the local Group Policy of the computer.
C.    Add the blocked application as a software restriction policy to the GPO that configures AppLocker.
D.    Run the Cet-AppLockerPolicy Windows PowerShell cmdlet.
E.    Add the blocked application as an additional AppLocker rule to the GPO that configures AppLocker.

Answer: B
Explanation:
Only Software Restriction policy allows for the control of applications from a network zone; AppLocker does not.

wps3156.tmp_thumb


Want Pass 70-687 Exam At the first try? Come to Braindump2go! Download the Latest Microsoft 70-687 Real Exam Questions and Answers PDF & VCE from Braindump2go,100% Pass Guaranteed Or Full Money Back!

15

http://www.braindump2go.com/70-687.html