Question No: 31 – (Topic 7)
The sales users that were part of the VPN server pilot project report that they can no longer establish VPN connections to the internal network.
You need to ensure that all authorized users can establish VPN connections to the internal network.
What should you request a domain administrator to do?
Enable auto-renewal for certificates.
Increase the lifetime of the Kerberos user ticket.
Increase the lifetime of the Kerberos service ticket.
Increase the certification validity period for the computer certificate template.
Question No: 32 – (Topic 7)
Portable computer users report that they can use Internet Explorer to browse Internet Web sites only when they are connected to the company network.
You need to ensure that portable computer users can access Internet Web sites from wherever they connect.
What should you do?
Instruct the users to configure static IPv4 settings.
Instruct the users to configure automatic IPv4 settings.
Request that a domain administrator link GPO-IE to Active Directory site objects.
Request that a domain administrator create a new GPO that modifies the Internet Explorer Maintenance settings, and then link the new GPO to the Users OUs.
Question No: 33 – (Topic 7)
A new print device is installed on Floor 1 and shared on Print1.
Users report that when they search Active Directory for printers on Floor 1, the new shared printer is missing. All other shared printers on Floor 1 appear.
The help desk reports that users can manually connect to the shared printer.
You need to ensure that the new shared printer is displayed when users search for printers on Floor 1.
What should you do?
Modify the permissions of the printer.
Configure a network location for the printer.
Request that a domain administrator modify the Active Directory site configuration.
Request that a domain administrator modify the GPO that is linked to each departmental OU.
Topic 8, Fourth Coffee Scenario:
You are an enterprise desktop support technician for Fourth Coffee. The network contains a single domain named fourthcoffee.com.
The company has three offices. The offices are configured as shown in the following table.
The relevant servers are configured as shown in the following table.
Fourth Coffee deploys an application named App1 to users in the main office by using a Group Policy object (GPO) named APP1Deploy. App1 requires that a drive named M be mapped to
\\AppServer1\AppData$. App1 saves information on a local computer if drive M is unavailable. All client computers have drive M.
The corporate security policy states that domain controllers can only be deployed in secure data centers. Branch office 2 does not have a secure data center.
All users connect remotely through VPN1. VPN1 is configured to accept only SSTP-based VPN connections.
All client computers receive IP configurations from DHCP.
You recently purchased 100 desktop computers from a new hardware vendor.
Question No: 34 – (Topic 8)
Users in branch office 2 map drives to shared folders on SRV1.
The users report that they cannot access files in the shared folders when the WAN link between branch office 2 and the main office is unavailable. When they attempt to access the files, they are prompted to enter their credentials but are denied access.
You need to ensure that the users can access the shared folders if the WAN link fails. What should you do?
Instruct a desktop support technician to configure Offline Files on the Windows 7 computers.
Instruct a desktop support technician to configure BranchCache on the Windows 7 computers.
Request that a domain administrator deploy a domain controller in branch office 2.
Request that a domain administrator enable Universal Group Membership Caching for branch office 2.
Answer: B Explanation:
changed answer from A. to B.
You should use BranchCache in distributed mode and not offline files.
Offline files are for single-user files and this question specifies it#39;s a shared folder.
Question No: 35 – (Topic 8)
The help desk reports that the new computers experience intermittent failures that generate stop errors.
You need to collect all the critical errors from the new computers. What should you configure?
a boot configuration data (BCD) store
the system protection settings
Question No: 36 – (Topic 8)
The application support team reports that the App1 data of some users is not saved to AppServer1. The team reports that the users deleted the mapped drive.
You need to prevent the users from deleting the mapped drive.
Which settings should you request be modified in the APP1Deploy GPO?
Group Policy Preferences
Software Restriction Policies
Answer: C Explanation:
A. Administrative Templates
The Administrative Template files allow you to configure and manage registry-based Group Policy settings.
They are Unicode text files with the extension .adm in Windows XP with SP2 and Windows Server 2003 with SP1, and XML files with the extensions .admx and .adml in Windows Vista and later versions of Windows.
Standard Administrative Templates are deployed with your Windows operating systems. Administrative Templates display the registry settings that you can apply to your users#39;
computers in your GPOs. Information in the templates populates the administrative interface in Group Policy Object Editor, which you use to set secure registry-based policy information.
A number of standard templates automatically populate the Group Policy Object Editor, and you can add or remove templates later. Developers can create custom templates as needed.
C. Group Policy Preferences
You can use Group Policy preferences to better deploy and manage operating system and application settings.
Group Policy preferences enable IT professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. Examples include mapped drives, scheduled tasks, and Start menu settings. For many types of operating system and application settings, using Group Policy preferences is a better alternative to configuring them in Windows images or using logon scripts.
Group Policy preferences can be used to implement settings which are “preferred” but not mandatory. This enables IT professionals to deploy software (including Internet Explorer 8) in a standardized initial configuration and still permit users to customize some aspects to their liking.
Question No: 37 – (Topic 8)
VPN users report that they cannot access shared resources in the branch offices. They can access shared resources in the main office.
Users in the main office report that they can access shared resources in the branch offices. You need to ensure that the VPN users can access shared resources in the branch offices.
What should you request?
that a change be made to the routing table on VPN1
that VPN1 be configured to support PPTP-based VPN connections
that the routers between the main office and the branch offices be reconfigured
that a DNS record for servers in the branch offices be added to the Internet DNS zone for fourthcoffee.com
Topic 9, Wingtip Toys Scenario:
You are an enterprise desktop support technician for Wingtip Toys. Wingtip Toys has two offices.
Active Directory Configuration
The network contains a single Active Directory domain. An Active Directory site exists for each office. The network contains the organizational units (OUs) that are shown in the following table.
The network contains an enterprise root certification authority (CA). Certificate autoenrollement is enabled for all users.
Each office has a wireless network. You control access to the wireless network in office 1 by using Network Access Protection (NAP). A Group Policy object (GPO) named GPO1 configures the NAP settings for the computers in office 1.
The Documents folders of all users are encrypted by using Encrypting File System (EFS). The Documents folders of all users are backed up daily.
A Web server named Web1 hosts an internal Web site named WebSite1. Users connect to WebSite1 from the Internet by using the URL http://website1.wingtiptoys.com. The domain name website1.wingtiptoys.com is resolved by using the Hosts file that is located on each client computer.
Users frequently work from home. Home users connect to the internal network by using SSTP-based VPN connections.
Line of Business Applications
Your company has a line-of-business application named App1. App1 is installed only on
computers that run Windows XP. You test App1 by using the Microsoft Application Compatibility Toolkit (ACT). ACT reports that App1 can be made compatible to run on Windows 7.
Question No: 38 – (Topic 9)
You deploy App1 on a test Windows 7 computer and notice that it fails to run. You need to ensure that App1 runs on Windows 7 computers.
What should you do?
Digitally sign App1.
Develop and deploy a shim for App1.
Configure an AppLocker policy.
Configure a Software Restriction Policy.
Answer: B Explanation:
Question No: 39 – (Topic 9)
The help desk reports that they receive many calls from remote users who cannot access Internet Web sites while they are connected to the VPN. The help desk instructs the users to manually configure the VPN connection so that the users can access Internet Web sites while connected to the VPN.
You need to provide a recommendation to reduce the number of calls to the help desk regarding this issue.
What should you recommend?
Deploy a Network Policy Server (NPS).
Replace the SSTP-based VPN with a PPTP-based VPN.
Issue computer certificates from a trusted root certification authority (CA) to all remote users.
Create and distribute Connection Manager Administration Kit (CMAK) profiles to all remote users.
Question No: 40 – (Topic 9)
A group of users from office 2 travels to office 1 to work on a project. The users from office 2 report that they are unable to connect to the wireless network in office 1 from their portable computers.
A help desk administrator manually provides the users with access to the wireless network.
You need to ensure that the next time users from office 2 travel to office 1 they can connect to the wireless network in office 1.
What should you request?
Link GPO1 to Office2-Users-OU.
Link GPO1 to Office2-Computers-OU.
Change the office attribute for the user accounts.
Change the location attribute for the computer accounts.
100% Ensurepass Free Download!
–Download Free Demo:70-685 Demo PDF
100% Ensurepass Free Guaranteed!
–Download 2018 EnsurePass 70-685 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|