Вы находитесь на странице: 1из 181

Number: 70-686 Passing Score: 700 Time Limit: 120 min File Version: 8.0

CertifyMe

CertifyMe-70-686

Exam A

QUESTION 1 You are planning to upgrade Internet Explorer.

You have the following requirements:

- Create a report that identifies which computers are successfully upgraded.

- Do not install additional software on the client computers.

You need to design a deployment method that meets the requirements.

What should you do?

A. Use Windows Server Update Services (WSUS).

B. Use Internet Explorer Administration Kit (IEAK) and Group Policy.

C. Use Microsoft System Center Configuration Manager.

D. Use Microsoft System Center Essentials.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Windows Server Update Services 2.0 and above comprise a repository of update packages from Microsoft. It allows administrators to approve or decline updates before release, to force updates to install by a given date, and to obtain extensive reports on what updates each machine requires. System administrators can also configure WSUS to approve certain classes of updates automatically (critical updates, security updates, service packs, drivers, etc.). One can also approve updates for "detection" only, allowing an administrator to see what machines will require a given update without also installing that update. http://en.wikipedia.org/wiki/Windows_Server_Update_Services

QUESTION 2 Your company has a single Active Directory Domain Services (AD DS) domain with Windows Server 2008 R2 member servers and 1,000 Windows 7 client computers.

You are designing the deployment of a custom application.

You have the following requirements:

- The application must be available to only users who need it.

www.certify-me.co.uk 2 Microsoft 70-686 Exam

- Minimize network traffic during deployment.

You need to design a deployment strategy that meets the requirements.

Which deployment method should you use?

A. Microsoft Application Virtualization (App-V)

B. Microsoft System Center Configuration Manager 2007

C. RemoteApp and Desktop Connections

D. software installation in Group Policy

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

http://blogs.msdn.com/b/rds/archive/2009/06/08/introducing-remoteapp-and-desktop- connections.aspx

The RemoteApp and Desktop Connections feature offers several benefits:

RemoteApp programs launch from the Start menu just like any other application. Published Remote Desktop connections are included alongside RemoteApp programs on the Start menu. Changes to the published connection (such as newly published RemoteApp programs) are user's Start menu, without any effort on the user's part. automatically reflected on the RemoteApp programs can be easily launched with Windows Search. Users only have to log on once, to create the connection. From that point on, updates happen with no prompt for user credentials. RemoteApp and Desktop Connections does not require domain membership for client computers.

RemoteApp and Desktop Connections benefits from new features in Windows Server 2008 R2, such as Personal Desktop assignment or per-user application filtering. RemoteApp and Desktop Connections is built on standard technologies such as XML and HTTPS, making it possible for developers to build solutions around it. It also offers APIs that allow the client software to support other types of resources, in addition to RemoteApp programs and Remote Desktop connections.

QUESTION 3 Your network consists of an Active Directory Domain Services (AD DS) forest with 1,000 client computers that run Windows XP. Nine hundred of the computers are on the local area network. One hundred computers are portable computers that connect to the main office only once every few months.

www.certify-me.co.uk 3 Microsoft 70-686 Exam You are planning to deploy Windows 7.

You need to generate a report of the software that is installed on all client computers. You need this information as soon as possible.

What should you use?

A. Microsoft System Center Data Protection Manager

B. Microsoft Desktop Optimization Pack

C. Microsoft System Center Essentials

D. Microsoft System Center Operations Manager

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 4 Your network has client computers that run Windows Vista.

- You are planning to deploy Windows 7.

- You need to detect and analyze the compatibility of an application that requires elevated privileges.

What should you do?

A. Use the Standard User Analyzer (SUA) Wizard.

B. Run a virtual version of the Setup Analysis Tool (SAT).

C. Use the Standard User Analyzer (SUA) tool.

D. Run a stand-alone version of the Setup Analysis Tool (SAT).

Section: (none)

Explanation/Reference:

Explanation:

The Standard User Analyzer (SUA) tool enables you to test your applications to detect potential compatibility issues due to the User Account Control (UAC) feature. http://technet.microsoft.com/en-us/library/cc765948

(v=ws.10).aspx

QUESTION 5 company's network has client computers that run Windows 7. Multiple users share the Your

www.certify-me.co.uk 4 Microsoft 70-686 Exam computers in the shipping department. These computers reside in the Shipping Computers organizational unit (OU).

The company wants to deploy a new application. The application is not packaged.

You have the following requirements:

- Deploy the application to all computers in the shipping department.

- Perform the deployment from a central location.

You need to plan the software deployment process to meet the requirements.

Which two actions should you include in the process? (Each correct answer presents part of the solution. Choose two.)

A. Using Microsoft System Center Configuration Manager, create a collection that contains the shipping department computers, and assign the package to the collection.

B. Create a package by using Microsoft System Center Configuration Manager.

C. Create a Group Policy object (GPO) and add a software installation policy under the Computer Configuration container.

D. In the Group Policy Management Console, link the software installation policy to the Shipping Computers OU.

E. Using Microsoft System Center Configuration Manager, create a collection that contains the shipping department users, and assign the package to the collection.

Answer: AB

Section: (none)

Explanation/Reference:

Explanation:

Hints:

GPO only support MSI & ZAP file type this application is not packaged = non MSI or ZaP file type

QUESTION 6 Your network has client computers that run Windows XP. All users access a custom line-of- business application. The line-of-business application is not compatible with Windows 7.

You are planning to deploy Windows 7.

You have the following requirements:

- The application must run on all client computers.

- The application executable must reside on each client computer.

www.certify-me.co.uk 5 Microsoft 70-686 Exam

You need to manage application compatibility to meet the requirements.

What should you do?

A. Install the application on a Remote Desktop Services server.

B. Install a shim for the application on each client computer.

C. Virtualize the application by using Microsoft Application Virtualization (App-V).

D. Install the Windows Compatibility Evaluator on each client computer.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 7 Your company has 1,000 client computers that run Windows XP Professional x64.

You are planning to deploy Windows 7 Enterprise x64.

The company uses an application that is incompatible with Windows 7 Enterprise x64.

You have the following requirements:

- Provide all users with access to the application.

- Deploy and manage the application by using a centralized solution.

You need to design a solution that meets the requirements.

What should you do?

A. Install the application on all client computers by using Group Policy, and then use the Compatibility tab.

B. Install the Microsoft Application Virtualization (App-V) client on each client computer, and run the application in offline mode.

C. Install the Microsoft Enterprise Desktop Virtualization (MED-V) package on each client computer.

D. Install the Microsoft Application Virtualization (App-V) client on each client computer, and stream the application by using App-V.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 6 Microsoft 70-686 Exam

QUESTION 8 Your company has 1,000 Windows XP computers. You plan to migrate these computers to Windows 7.

You need to detect compatibility issues that can occur during the installation and configuration process for a specific application.

Which tool should you use?

A. Windows Compatibility Evaluator

B. Setup Analysis Tool

C.

Inventory Collector

D. Update Compatibility Evaluator

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

http://technet.microsoft.com/pt-pt/library/cc766109(v=ws.10).aspx The Setup Analysis Tool (SAT) automates the running of application installations while monitoring application's installer. The standalone version of SAT can monitor any the actions taken by each MSI-based installers and third-party installers. However, the Virtual SAT tool can only monitor MSI-based installers and third-party installers that run unattended. hints:

You need to detect compatibility issues that can occur during the installation and configuration process for a specific application.

QUESTION 9 Your companys network has client computers that run Windows 7. Multiple users share the computers in the shipping department. These computers reside in the Shipping Computers organizational unit (OU).

The network design is shown in the following diagram.

www.certify-me.co.uk 7 Microsoft 70-686 Exam

diagram. www.certify-me.co.uk 7 Microsoft 70-686 Exam You are planning to deploy an application. The application

You are planning to deploy an application. The application is packaged as a Microsoft Windows Installer package (MSI).

You need to deploy the application only to computers in the shipping department.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Link the software installation policy to the Workstations OU.

B. Link the software installation policy to the Shipping Computers OU.

D.

Create a new Group Policy object (GPO) and add a software installation policy under the Computer Configuration container.

Answer: BD

Section: (none)

Explanation/Reference:

Explanation:

To specify how and when computers are updated through Group Policy In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and

then click Windows Update. In the details pane of Group Policy Object Editor, configure the appropriate

policies. See the following table for examples of the policies you might want to set

microsoft.com/en-us/library/cc708536(v=WS.10).aspx

refer to http://technet.

www.certify-me.co.uk 8 Microsoft 70-686 Exam

Hints:

Workstations OU = engineering computer OU + finance computer OU + shipphing computer OU

QUESTION 10 Your companys network has client computers that run Windows 7.

When a user attempts to log on to the domain from a computer named Client1, she receives the following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.

You need to ensure that the user can log on to the domain from Client1.

What should you do?

A. Disjoin and rejoin Client1 to the domain.

B. Reset the account password for Client1 through Active Directory Users and Computers.

C. Add the computer account for Client1 to the Domain Computers Active Directory group.

D. Reset the account password for the user through Active Directory Users and Computers.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Re-create the computer account, join a workgroup, and then rejoin the domain. refer to http://support.microsoft.com/kb/810497

QUESTION 11 Your company has two Active Directory Domain Services (AD DS) domains, Domain1 and Domain2. A two- way trust relationship exists between the domains.

Users in both domains can log on to client computers in only their own domains. System logs on the domain controllers display the error message Clock skew too great when users in Domain1 attempt to log on to client computers in Domain2.

You need to ensure that users can log on to client computers in both domains.

What should you do?

www.certify-me.co.uk 9 Microsoft 70-686 Exam

A. Decrease the Maximum tolerance for computer clock synchronization setting in the default Domain Group Policy object ( GPO ).

B. Configure the primary domain controller (PDC) emulatorin each domain to synchronize its clock with the same external time source.

C. Run a startup script that includes Net Time /setsntp on all client computers.

D. Run a startup script that includes Net Time /querysntp on all client computers.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 12 Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. The design of the organizational units (OUs) and Group Policy objects (GPOs) is shown in the following diagram.

Policy objects (GPOs) is shown in the following diagram. Multiple computer configuration settings and user

Multiple computer configuration settings and user configuration settings are defined in the Kiosk Computers

GPO.

A security audit indicates that user configuration settings that are defined in the Kiosk Computers GPO are not applied when users log on to client computers that are in the Kiosk Computers OU.

You need to ensure that the user configuration settings are correctly applied.

www.certify-me.co.uk 10 Microsoft 70-686 Exam What should you do?

A. Enable loopback processing in Merge mode on the Default Domain Policy GPO.

B. Disable the user configuration settings on the Default Domain Policy GPO.

C. Enable loopback processing in Replace mode on the Kiosk Computers GPO.

D. Disable the user configuration settings on the New York Users GPO.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92

QUESTION 13 You have a single Active Directory Domain Services (AD DS) site. All client computers run Windows 7. Users in the marketing department use a custom application.

You create a new Group Policy object (GPO) and link it to the site. Users in the marketing department then report that they are unable to use the custom application.

You need to ensure that all users in the marketing department are able to use the custom application. You need to ensure that all other users continue to receive the new GPO.

What should you do?

A. Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Allow-Apply Group Policy permission for the GPO.

B. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the OU.

C. Add marketing users to a domain group. Use security filtering to grant the group the Allow-Read permission and the Deny-Apply Group Policy permission for the GPO.

D. Move marketing users to a dedicated organizational unit (OU). Apply the Block Inheritance setting to the domain.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 14 www.certify-me.co.uk 11 Microsoft 70-686 Exam You use Group Policy to standardize Internet Explorer settings on Windows 7 client computers. Users occasionally change the Internet Explorer settings on individual client computers.

- The company wants to maintain a standard Internet Explorer configuration on all client computers.

- You need to ensure that the standard Internet Explorer configuration is in place each time users log on to client computers.

What should you do?

A. Use Group Policy to disable the Advanced tab of the Internet Explorer Properties dialog box.

B. Use the Group Policy Update utility to refresh Group Policy.

C. Enable Internet Explorer Maintenance Policy Processing in Group Policy.

D. Enable User Group Policy loopback processing mode.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

nternet Explorer Maintenance policy processing This policy affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance. It overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed. If you enable this policy, you can use the check boxes provided to change the options. Allow processing across a slow network connection updates the policies even when the update is being transmitted across a

slow network connection, such as a telephone line. Updates across slow connections can cause significant

delays.

Do not apply during periodic background processing prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data. Process even if the Group Policy objects have not changed updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.

http://technet.microsoft.com/en-us/library/cc978526.aspx

QUESTION 15 Your companys network includes client computers that run Windows 7.

www.certify-me.co.uk 12 Microsoft 70-686 Exam You design a wireless network to use Extensible Authentication ProtocolCTransport Level Security (EAP- TLS). The Network Policy Server has a certificate installed.

Client computers are unable to connect to the wireless access points.

You need to enable client computers to connect to the wireless network.

What should you do?

A. Install a certificate in the Trusted Root Certification Authorities certificate store.

B. Configure client computers to use Protected Extensible Authentication ProtocolCTransport Layer Security (PEAP-TLS).

C. Configure client computers to use Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).

D. Install a certificate in the Third-Party Root Certification Authorities certificate store.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 16 Your company infrastructure includes a Windows Server 2008 R2 file server and 1,000 Windows 7 Enterprise client computers.

The company wants to require a secure connection between client computers and the file server.

You need to create and deploy a Group Policy object (GPO) that includes a rule for Windows Firewall with Advanced Security.

What should you do?

A. Create an Isolation rule and specify Request authentication for inbound and outbound connections.

B. Create a Tunnel rule and specify Gateway-to-client as the tunnel type.

C. Create a Server-to-server rule and specify the endpoints as Any IP address and the file server IP address.

D. Create an Authentication exemption rule and add the file server IP address to the Exempt Computers list.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

The PDC emulator master also serves as the machine to which all domain controllers in the

www.certify-me.co.uk 13 Microsoft 70-686 Exam

domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source http://en.wikipedia.org/wiki/Primary_Domain_Controller

QUESTION 17 You deploy Windows 7 to the computers that are used by your companys Web developers. All Web developer user accounts are in a single organizational unit (OU).

Internet Explorer is blocking pop-up windows for multiple internal Web applications that are hosted on different servers.

You need to use Group Policy to ensure that Internet Explorer does not block pop-up windows for internal Web applications.

What should you do?

A. Enable Compatibility View in Internet Explorer.

B. Add each server to the Intranet zone.

C. Add each server to the Trusted Sites zone.

D. Set the default security setting in Internet Explorer to Medium.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

Pop-up Blocker features Pop-up Blocker is turned on by default. There are restrictions on the size and position of pop-up windows, regardless of the Pop-up Blocker setting. Pop-up windows cannot be opened larger than or outside the viewable desktop area. For more information, see "Windows Restrictions" in this document. When this functionality is enabled, automatic and background pop-up windows are blocked, but windows that are opened by a user click will still open in the usual manner. Note that sites in the

Trusted Sites and Local Intranet zones do not have their pop-up windows blocked by default, as they are considered safe. This setting can be configured in the Security tab in Internet Options. http://technet.microsoft.com/en-us/library/ cc784600(v=ws.10).aspx hints: internal web , so i choose intranet zones.

Local Intranet Zone

www.certify-me.co.uk 14 Microsoft 70-686 Exam

By default, the Local Intranet zone contains all network connections that were established by using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local), as long as they are not assigned to either the Restricted Sites or Trusted Sites zone. The default security level for the Local Intranet zone is set to Medium (Internet Explorer 4) or Medium-low (Internet Explorer 5 and 6). Be aware that when you access a local area network (LAN) or an intranet share, or an intranet Web site by using an Internet Protocol (IP) address or by using a fully qualified domain name (FQDN), the share or Web site is identified as being in the Internet zone instead of in the Local intranet zone.

Trusted Sites Zone This zone contains Web sites that you trust as safe (such as Web sites that are on your organization's intranet or that come from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.

http://support.microsoft.com/kb/174360

QUESTION 18 Your network has client computers that run Windows 7 Enterprise. You plan to deploy new administrative template policy settings by using custom ADMX files. You create the custom ADMX files, and you save them on a network share. You start Group Policy Object Editor (GPO Editor). The custom ADMX files are not available in the Group Policy editing session. You need to ensure that the ADMX files are available to the GPO Editor. What should you do?

A. Copy the ADMX files to the % systemroot% \ inf folder on each Windows 7 computer, and then restart the GPO Editor.

B. Set the network share permissions to grant all Windows 7 users Read access for the share.

C. Copy the ADMX files to the %systemroot% \ system32 folder on each Windows 7 computer, and then restart the GPO Editor.

D. Copy the ADMX files to the central store, and then restart the GPO Editor.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

http://support.microsoft.com/kb/929841

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

www.certify-me.co.uk 15 Microsoft 70-686 Exam

QUESTION 19

DRAG DROP

You are planning to deploy Windows 7 Enterprise to all of your company's client computers.

You have the following requirements:

· Create two custom partitions on each client computer's hard disk, one for the operating system and the other for data.

· Automatically create the partitions during Windows Setup.

You need to design an image that meets the requirements.

Which two actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order)

A. B. C. D. Answer: Section: (none) Explanation/Reference:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

A. B. C. D. Answer: Section: (none) Explanation/Reference:

www.certify-me.co.uk 16 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 16 Microsoft 70-686 Exam Explanation: untitled Windows System Image Manager create answer file Using
www.certify-me.co.uk 16 Microsoft 70-686 Exam Explanation: untitled Windows System Image Manager create answer file Using

untitled

Windows System Image Manager create answer file Using windows 7 setup DVD can create partition based on answer file.

untitled www.certify-me.co.uk 17 Microsoft 70-686 Exam QUESTION 20 DRAG DROP All client computers in an

untitled

www.certify-me.co.uk 17 Microsoft 70-686 Exam

QUESTION 20

DRAG DROP

All client computers in an organization run Windows 7 and are joined to an Active Directory Domain Services (AD DS) domain. All user objects are stored in an Organizational Unit (OU) named Contoso Users. All computer objects are stored in an OU named Contoso Computers.

You need to add a proxy server to the Microsoft Internet Explorer 9 configuration on all client computers by using the least administrative effort.

Which three actions should you perform? (To answer, move the appropriate action from the list of actions to the answer area and arrange them in the correct order.)

answer, move the appropriate action from the list of actions to the answer area and arrange

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 18 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 18 Microsoft 70-686 Exam

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 18 Microsoft 70-686 Exam
untitled It should be create the GPO 1st, then modify it, then only apply it.

untitled

It should be create the GPO 1st, then modify it, then only apply it. Original answer from smith is the following picture.

it. Original answer from smith is the following picture. untitled www.certify-me.co.uk 19 Microsoft 70-686 Exam

untitled

www.certify-me.co.uk 19 Microsoft 70-686 Exam

QUESTION 21

DRAG DROP

You are designing an application deployment strategy.

Application deployments must meet the following requirements:

· They must be able to use Setup.exe.

· They must not require Active Directory.

· They must not require a constant network connection.

· The application installation schedule must be easy to set up and implement.

You need to recommend a method that meets the requirements.

What should you recommend? (To answer, drag the appropriate deployment method from the list of deployment methods to the correct location or locations in the work area.)

to the correct location or locations in the work area.) A. B. C. D. Answer: Section:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

www.certify-me.co.uk 20 Microsoft 70-686 Exam

Explanation: www.certify-me.co.uk 21

Explanation:

Explanation: www.certify-me.co.uk 21

Microsoft 70-686 Exam

Microsoft 70-686 Exam untitled QUESTION 22 When a user attempts to connect to a server named

untitled

QUESTION 22 When a user attempts to connect to a server named Server1 by using Remote Desktop Connection (RDC), he receives the following error message.

Connection (RDC), he receives the following error message. You need to assign the least amount of

You need to assign the least amount of privilege to the user to ensure that he can connect to Server1 by using RDC.

To which group should you add the user?

www.certify-me.co.uk 22 Microsoft 70-686 Exam

A. Add the user to the Power Users group on Server1.

B. Add the user to the Remote Desktop Users group on Server1.

C. Add the user to the domain Windows Authorization Access group.

D. Add the user to the domain Remote Desktop Users group

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 23 A company has an Active Directory Domain Services (AD DS) forest with a single domain.

Domain controllers are located in the companys offices in New York and Boston.

You deploy a group policy at the domain level that includes security filtering.

You discover that Group Policy object (GPO) settings are being applied to computers in the New York office, but not to computers in the Boston office.

You suspect there might be replication problems with the policies. What should you do?

A. Run a Group Policy Results report against computers in the Boston office.

B. Run a Group Policy Modeling report against computers in the Boston office.

C. Use the GpoTool.exe command-line tool.

D. Use the RepAdmin.exe command-line tool.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 24 Your companys network has client computers that run Windows 7.

A software vendor releases version 2 of an application that your company uses.

Your company currently uses version 1. Version 1 and version 2 are not compatible.

You plan to deploy version 2 of the application.

You have the following requirements:

www.certify-me.co.uk 23 Microsoft 70-686 Exam

- Users must be able to run both versions of the application on their computers.

- Version 2 must be available when a client computer is not connected to the network.

You need to plan a software deployment process that meets the requirements. What should you do? (Choose all that apply.)

A. Deploy version 2 of the application by using Microsoft Application Virtualization (App-V).

B. Deploy version 2 of the application by using Microsoft Enterprise Desktop (MED-V).

C. Deploy version 2 of the application as a Remote Desktop Services RemoteApp.

Answer: AB

Section: (none)

Explanation/Reference:

Explanation:

Microsoft Application Virtualization (MS App-V) platform allows applications to be deployed in real- time to any client from a virtual application server. It removes the need for local installation of the applications. Instead, only the App-v client needs to be installed on the client machines. All application data is permanently stored on the virtual application server. Whichever software is needed is either streamed or locally cached from the application server on demand and run locally. The App-V stack sandboxes the execution environment so that the application does not make changes to the client itself (OS File System and/or Registry). App-V applications are also sandboxed from each other, so that different versions of the same application can be run under App-V concurrently. http://en.wikipedia.org/wiki/Microsoft_App-V

QUESTION 25 A company uses Microsoft Deployment Toolkit (MDT) 2010 to deploy Windows 7 Enterprise and Microsoft Office 2010. The company is replacing existing computers with new 64-bit computers.

You have the following requirements:

- You need to include Office 2010 with the deployment.

- You need to automate the deployment where possible.

- Some employees have accessibility requirements that require specialized hardware.

- The hardware must continue to be used after the deployment.

- The specialized hardware is compatible with Windows 7 but only 32-bit drivers are available from the

manufacturer.

You need to create an image that meets these requirements.

www.certify-me.co.uk 24 Microsoft 70-686 Exam What should you do? (Choose all that apply.)

A. Import the Windows 7 Enterprise x86 source files.

B. From the MDT deployment workbench, select the Custom Task Sequence template.

C. Use a reference computer and capture a WIM image.

D. From the MDT deployment workbench, select the Sysprep and Capture template.

E. Import the necessary OEM drivers.

F. Import the 32-bit version of Office 2010.

G. Import the 64-bit version of Office 2010.

H. Import the Windows 7 Enterprise x64 source files.

Answer: ABEF

Section: (none)

Explanation/Reference:

Explanation:

hints:

The specialized hardware is compatible with Windows 7 but only 32-bit drivers are available from the

manufacturer.

QUESTION 26 company's network includes a main office and several branch offices. The branch offices are Your connected to the main office by high-latency links. All client computers run Windows 7 Enterprise, and all servers run Windows Server 2008 R2. Servers are located in each of the branch offices.

Client computers in the branch offices frequently access a specific group of files on a file server named

Server1. These access requests consume significant amounts of bandwidth and reduce the speed of higher-priority traffic.

You need to reduce the bandwidth that is consumed by requests for frequently accessed files.

What should you do?

A. Configure BranchCache in Hosted Cache mode on client computers in the main office and the branch offices.

B. Configure BranchCache in Distributed Cache mode on client computers in the main office and the branch offices.

C. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Distributed Cache mode on a server computer in only the branch offices.

D. Enable the BranchCache For Network Files role service on Server1. Configure BranchCache in Hosted Cache mode on a server computer in only the branch offices. www.certify-me.co.uk 25 Microsoft 70-686 Exam

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

BranchCacheTM is designed to reduce WAN link utilization and improve application

responsiveness for branch office workers who access content from servers in remote locations. Branch office client computers use a locally maintained cache of data to reduce traffic over a WAN link. The cache can be distributed across client computers (Distributed Cache mode) or can be housed on a server in the branch (Hosted Cache mode).

Distributed Cache mode

If client computers are configured to use Distributed Cache mode, the cached content is distributed among

client computers on the branch office network. No infrastructure or services are required in the branch office beyond client computers running Windows 7.

Hosted Cache mode In hosted cache mode, cached content is maintained on a computer running Windows Server 2008 R2 on the branch office network. hints: no server are located in the branch office.

http://technet.microsoft.com/en-us/library/dd637832(v=ws.10).aspx

QUESTION 27

A Windows Server 2008 R2 server named SERVER01 has the Windows Deployment Services (WDS) role

installed. SERVER02 is running DHCP services. You prestage computer objects in Active Directory. You plan to use WDS to deploy Windows 7 to the prestaged computers. When you try to deploy an image by using PXE, the process fails. You need to ensure that SERVER01 responds to prestaged client computers only. From WDS, what should you do? (Choose all that apply.)

A. On the DHCP tab, select Configure DHCP option 60 to indicate that this server is also a PXE server.

B. On the Advanced tab, select Authorize this Windows Deployment Services server in DHCP.

C. On the PXE Response tab, select Respond to all client computers (known and unknown).

D. On the DHCP tab, select Do not listen on Port 67.

E. On the PXE Response tab, select Respond only to known client computers.

F. On the Advanced tab, select Do not authorize this Windows Deployment Services server in DHCP.

Answer: BE

Section: (none)

Explanation/Reference:

Explanation:

hints: prestaged computers = known client computers

www.certify-me.co.uk 26 Microsoft 70-686 Exam

QUESTION 28

HOTSPOT

You are preparing to install a 32-bit legacy application on all client computers in an organization.

The application requires specific compatibility settings in order to function in Windows 7. You run the 32-bit version of Compatibility Administrator and create a new application fix.

You need to create a shim database that includes a compatibility fix for applications that have known issues with the Desktop Window Manager.

Which compatibility modes should you select? To answer, select the appropriate setting in the work area.

modes should you select? To answer, select the appropriate setting in the work area. A. B.

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

www.certify-me.co.uk 27 Microsoft 70-686 Exam

www.certify-me.co.uk 27 Microsoft 70-686 Exam Explanation: Desktop Window Manager = DWM -lll free score -

Explanation:

www.certify-me.co.uk 27 Microsoft 70-686 Exam Explanation: Desktop Window Manager = DWM -lll free score -

Desktop Window Manager = DWM

-lll

free score -

www.certify-me.co.uk 28 Microsoft 70-686 Exam

www.certify-me.co.uk 28 Microsoft 70-686 Exam untitled QUESTION 29 Your company has a custom Web application that

untitled

QUESTION 29 Your company has a custom Web application that uses a self-signed SSL certificate. The company has an internal certification authority (CA) and uses autoenrollment. When external users attempt to start the Web application, Internet Explorer displays an error message that recommends closing the Web page rather than continuing to the application. You need to ensure that Internet Explorer does not display the error message. What should you do?

A. Install the current certificate into the personal store on each client computer. Add the applications URL to the Trusted Sites zone in Internet Explorer.

B. Install the current certificate into the computer store on each client computer.

C. Purchase and install a commercial certificate on the CA server. Ensure that users trust the issuing CA.

D. Issue a root certificate from the internal CA on the external users computers. www.certify-me.co.uk 29 Microsoft 70-686 Exam

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 30 Your companys network is shown in the following diagram.

There is a VPN between Branch Officebranch office B and the Core Networkcore network. The

There is a VPN between Branch Officebranch office B and the Core Networkcore network.

The company plans to deploy Windows 7 to all client computers.

You need to manage the deployment to ensure that client computers in branch office A and in branch office B can activate Windows.

What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A. Configure DNS so that client computers in branch office A use the Key Management Service www. certify-me.co.uk 30 Microsoft 70-686 Exam (KMS) in the core network.

B. Deploy the Key Management Service (KMS) in branch office B.

C. Deploy the Key Management Service (KMS) in branch office A.

D. Configure DNS so that client computers in branch office B use the Key Management Service (KMS) in the core network.

Answer: AB

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 31

DRAG DROP

Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com.

You deploy a new Group Policy object (GPO) named California Computers GPO as part of the organizational unit (OU) and GPO design shown in the following diagram.

The California Computers GPO contains computer configuration settings and user configuration settings. User configuration

The California Computers GPO contains computer configuration settings and user configuration settings.

User configuration settings are not being applied to users who log on to client computers in the California Computers OU.

www.certify-me.co.uk 31 Microsoft 70-686 Exam Which GPO setting should you select?? (To answer, drag the appropriate setting from the list of settings to the correct location or locations in the work area.)

appropriate setting from the list of settings to the correct location or locations in the work

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 32 Microsoft 70-686 Exam

Explanation:

Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 32 Microsoft 70-686 Exam

www.certify-me.co.uk 32 Microsoft 70-686 Exam

untitled Refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92 untitled

untitled Refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92

windows 7 desktop deployments and environment Pg 10-92 untitled QUESTION 32 You are deploying an App-V

untitled

QUESTION 32 You are deploying an App-V client application to the New York office.

You need to ensure that the application will be installed at a specific time.

What should you use to deploy the application?

A. ConfigMgr

B. a Group Policy object (GPO) with a software installation policy.

C. MED-V

D. Microsoft Deployment Toolkit

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 33 Microsoft 70-686 Exam

QUESTION 33 Your company has client computers that run Windows 7 Enterprise.

Each computer in the company is required to boot into a different Windows 7 application environment without compromising the main Windows 7 Enterprise installation.

You need to create a new Native Boot VHD that will host the alternate Windows 7 environments.

Which command should you use?

A. BCDEdit.exe

B. Bootcfg.exe

C. DiskPart.exe

D. BCDboot.exe

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

http://www.techexams.net/forums/windows-7-exams/66547-bcdedit-bcdboot-difference.html BCDboot is a tool used to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a small set of boot environment files from an installed Windows® image. BCDboot also creates a Boot Configuration Data (BCD) store on the system partition with a new boot entry that enables you to boot to the installed Windows image. BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu parameters, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements

QUESTION 34 Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows 7 computers. You are planning to deploy a custom application. You need to schedule the deployment to occur outside of business hours and without user interaction. What should you do? (Choose all that apply.)

A. Create a collection with the required computers and assign the software to the collection.

B. Create a software installation Group Policy object (GPO).

C. Assign the policy to the root of the Active Directory Domain Services (AD DS) domain.

D. Create a software deployment package by using System Center Configuration Manager 2007. www.certify-me.co.uk 34 Microsoft 70-686 Exam

E. Create an unattend.xml file.

F. Create a silent install MSI file.

Answer: ADF

Section: (none)

Explanation/Reference:

Explanation:

hints: without user interaction = silent install MSI file

QUESTION 35

A network consists of 1,000 laptop computers that run Windows XP. The computers do not have access to

the corporate network.

You plan to migrate 200 of the computers immediately to Windows 7. The remainder will be migrated over the next several months.

You need to plan the most efficient method for activating all of the computers.

What should you do?

A. Use Multiple Activation Key (MAK) Independent for the first 200 computers, and then use Multiple Activation Key (MAK) Proxy for the remaining computers.

B. Use the Key Management Service (KMS) for all the computers.

C. Use Multiple Activation Key (MAK) Independent for all the computers.

D. Use Multiple Activation Key (MAK) Proxy for the first 200 computers, and then use the Key Management Service (KMS) for the remaining computers.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself. refer to http://technet.microsoft.com/en-us/library/ee939272.aspx MAK:

If users install a MAK using the user interface (UI), the MAK client attempts to activate itself over the Internet one time. If the users install a MAK using the Slmgr.vbs script, the MAK client does not try to activate itself

automatically.

refer to http://technet.microsoft.com/en-us/library/ff793438.aspx Hints:

The computers do not have access to the internet

www.certify-me.co.uk 35 Microsoft 70-686 Exam

QUESTION 36 company's network is shown in the following diagram. Your

network is shown in the following diagram. Your Each office is connected to the Internet through

Each office is connected to the Internet through a high-bandwidth connection. The branch offices are connected to the core network through low-bandwidth connections.

Microsoft Windows Server Update Services (WSUS) must provide software updates for all offices.

You need to design the WSUS infrastructure to minimize traffic over the low-bandwidth connections.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Deploy BranchCache on the WSUS server and client computers

B. Configure WSUS to use updates that are stored locally

C. Configure WSUS to use updates that are stored on Microsoft Update

D. Deploy Quality of Service (QoS) on the WSUS server and client computers

E. Deploy WSUS servers in the branch offices

Answer: CE

Section: (none)

Explanation/Reference:

Explanation:

WSUS update from Microsoft update is faster then core network

Deploy WSUS servers in each branch office in order to provide WSUS server for branch client.

www.certify-me.co.uk 36 Microsoft 70-686 Exam

hints:

1. Each office is connected to the Internet through a high-bandwidth connection.

2. The branch offices are connected to the core network through low-bandwidth connections.

QUESTION 37 Your network is configured as shown in the following diagram.

network is configured as shown in the following diagram. You are planning to deploy Windows 7.

You are planning to deploy Windows 7.

You have the following requirements:

· Use BitLocker on all computers in the isolated network.

· Provide DirectAccess on all portable computers.

· Use the Key Management Service (KMS) to activate all client computers.

You need to plan a client computer licensing strategy that meets the requirements.

What should you do?

A. License 500 copies of Windows 7 Ultimate.

B. License 500 copies of Windows 7 Enterprise.

C. License 350 copies of Windows 7 Professional, license 150 copies of Windows 7 Ultimate, and purchase Software Assurance for the Windows 7 Professional licenses.

D. License 350 copies of Windows 7 Enterprise, and license 150 copies of Windows 7 Ultimate.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

hints:

Direct Access only available for Ultimate and Enterprise only. Company should use Enterprise version

www.certify-me.co.uk 37 Microsoft 70-686 Exam

QUESTION 38 Your company has 1,000 client computers that run Windows 7. The company uses several custom line-of- business applications that are not compatible with Windows 7.

You need to distribute a Microsoft Enterprise Desktop Virtualization (MED-V) virtual machine (VM) image that includes the custom applications to all Windows 7 client computers.

What should you do?

A. Mount the VM image from the MED-V workspace.

B. Deploy the VM image from the MED-V server.

C. Deploy the VM image by using Windows Deployment Services (WDS).

D. Deploy the VM image by using Windows Server Update Services (WSUS).

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 39 Your company plans to upgrade all client computers to Windows 7.

The company uses a custom line-of-business application. The application contains sensitive data. The application will not run on Windows 7

You establish that Microsoft Enterprise Desktop Virtualization (MED-V) is the appropriate technology to allow your organization to continue to use the application.

You need to ensure that the virtual machine (VM) images that contain sensitive data can be used only when the user is connected to the MED-V server.

What should you do?

A. Using MED-V TrimTransfer technology, deploy the VM image over the network

B. In the MED-V console, configure the MED-V workspace to prevent offline operation

D.

Using Microsoft System Center Configuration Manager, deploy the VM image to an image store www. certify-me.co.uk 38 Microsoft 70-686 Exam directory

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 40 The client computers in your network run either Windows XP or Windows 7. All client computers are in a single Active Directory Domain Services (AD DS) organizational unit (OU) named MyClients.

You install Windows Software Update Services (WSUS). You create a Group Policy object (GPO) that enables automatic updates from the WSUS server, and you link the GPO to the MyClients OU. You place all client computers in a targeting group named MyClients.

Testing reveals that a security update that is applicable to both Windows XP and Windows 7 causes a line- of-business application to fail on the Windows XP client computers.

You need to ensure that the application runs on the Windows XP client computers and that the Windows 7 client computers receive the security update.

What should you do?

A. Remove the Windows XP client computers from the MyClients targeting group. Approve the update for installation to the All Computers targeting group.

B. Remove the Windows 7 client computers from the MyClients targeting group. Approve the update for installation to the All Computers targeting group.

C. Create a targeting group named MyXPClients beneath the MyClients targeting group. Move the Windows XP client computers to the MyXpClients targeting group. Approve the update for installation to the MyClients targeting group.

D. Remove the Windows 7 client computers from the MyClients targeting group. Approve the update for installation to the Unassigned Computers targeting group.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

All computers targeting group = assigned group and unassigned group. Unassigned computer targeting group = all computer which is not assign to any group.

www.certify-me.co.uk 39 Microsoft 70-686 Exam

computer targeting group = all computer which is not assign to any group. www.certify-me.co.uk 39 Microsoft

untitled

hints:

Windows 7 remove from MyClients = unassigned computer targeting group Windows XP = MyClients targeting group update will only done for unassigned computer targeting group

QUESTION 41 Your company uses Microsoft Windows Server Update Services (WSUS) to deploy software updates and service packs. Microsoft releases a security update for Windows 7. You have the following requirements:

The security update must be deployed by 5:00 P.M. on Friday. Computers that are off when the security update is deployed must install the security update as soon as they are turned on. You need to manage the software update process to meet the requirements. What should you do?

A. Approve the security update for installation through the WSUS console with no deadline.

B. Approve the security update for download through the WSUS console with a deadline of Friday at 5:00 P.M.

C. Approve the security update for installation through the WSUS console with a deadline of Friday at 5:00 P.M.

D. Approve the security update for download through the WSUS console with no deadline.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Hints:

1. question mention at friday 5pm

2. question request install update in stead of download update

www.certify-me.co.uk 40 Microsoft 70-686 Exam

QUESTION 42 Your company has a single Active Directory Domain Services (AD DS) domain named contoso.com that uses Active DirectoryCintegrated DNS.

You deploy the Key Management Service (KMS) on a Windows 7 computer.

You need to ensure that Windows 7 client computers can locate the KMS host and perform activation.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Create and deploy a GPO firewall rule to allow RPC traffic through TCP port 1688 on the client computers.

B. Deploy a Windows Server 2008 KMS host.

C. Grant the KMS server the Full Control permission on the _vlmcs

tcp.contoso.com

DNS record.

D. Grant the KMS server the Full Control permission on the _msdcs

tcp.contoso.com

DNS zone.

Answer: AC

Section: (none)

Explanation/Reference:

Explanation:

http://technet.microsoft.com/en-us/library/ee939272.aspx The KMS clients find the KMS host via a DNS

SRV record (_vlmcs

tcp)

and then automatically attempt to discover and use this service to activate

themselves. When in the 30 day Out of Box grace period, they will try to activate every 2 hours. Once activated, the KMS clients will attempt a renewal every 7days. Listening on Port:

Communication with KMS is via anonymous RPC. 1688 is the default TCP port used by the clients to connect to the KMS host. Make sure this port is open between your KMS clients and the KMS host.

QUESTION 43 Your network contains 5 servers that have the Remote Desktop Session Host role service installed. The servers host a Remote Desktop RemoteApp named App1.

You need to recommend a solution for App1 that meets the following requirements:

www.certify-me.co.uk 41 Microsoft 70-686 Exam

· Must ensure that users can connect to any Remote Desktop Session Host server

· Must ensure that users are automatically reconnected to disconnected sessions

What should you include in the recommendations?

A. Windows Virtual PC and Windows XP Mode

B. Remote Desktop Web Access

C. Remote Desktop Gateway

D. Windows Deployment Services

E. Remote Desktop Connection Broker

Answer: E

Section: (none)

Explanation/Reference:

Explanation:

Remote Desktop Connection Broker (RD Connection Broker), formerly Terminal Services Session Broker (TS Session Broker), is used to provide users with access to RemoteApp and Desktop Connection. RemoteApp and Desktop Connection provides users a single, personalized, and aggregated view of RemoteApp programs, session-based desktops, and virtual desktops to users. RD Connection Broker supports load balancing and reconnection to existing sessions on virtual desktops, Remote Desktop sessions, and RemoteApp programs accessed by using RemoteApp and Desktop Connection. RD Connection Broker also aggregates RemoteApp sources from multiple Remote Desktop Session Host (RD Session Host) servers that may host different RemoteApp programs.

http://technet.microsoft.com/en-us/library/dd560675(v=WS.10).aspx

QUESTION 44 Your company has two network segments. The core network segment is where centralized management is performed. The high-security network segment is an isolated network. A firewall between the core network segment and the high-security network segment limits network communication between the segments.

These network segments are shown in the following diagram.

www.certify-me.co.uk 42 Microsoft 70-686 Exam

Your company plans to deploy Windows 7 to all client computers. You need to manage

Your company plans to deploy Windows 7 to all client computers.

You need to manage activation for client computers that are located in the high-security network segment.

What should you do?

A. Deploy the Key Management Service (KMS) in the core network segment.

B. Deploy the Key Management Service (KMS) in the high-security network segment.

C. Install the Volume Activation Management Tool (VAMT) in the core network segment.

D. Install the Volume Activation Management Tool (VAMT) in the high-security network segment.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself. refer to http://technet.microsoft.com/en-us/library/ee939272.aspx There is a firewall blocking, (VAMT) should setup at high-security network.

QUESTION 45 Your company has client computers that run Windows XP Professional.

You are planning to install Windows 7 Enterprise on the existing client computers.

You need to ensure that the user state can be viewed after it has been collected and saved.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A. Perform an offline migration by using Windows PE. www.certify-me.co.uk 43 Microsoft 70-686 Exam

B. Use an uncompressed migration store.

C. Perform an offline migration by using Windows.old.

D. Use a hard-link migration store.

Answer: BD

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 46 You plan to deploy Windows 7 to client computers.

You have the following requirements:

Deploy Windows 7 over the network.

Do not affect the performance of existing network applications.

You need to design a zero-touch deployment strategy that supports the requirements.

What should you do?

A. Deploy images from a Microsoft System Center Configuration Manager server that runs Windows Server

2008.

B. Deploy images from a dedicated share on a Windows Server 2008 server.

C. Ensure that all computers have the Internet Protocol version 6 (IPv6) protocol disabled prior to deployment.

D. Ensure that all computers have the Internet Protocol version 4 (IPv4) protocol disabled prior to deployment.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 47 Your company has an Active Directory Domain Services (AD DS) forest with a single domain. A server has the Windows Deployment Services (WDS) role installed. You create a Windows 7 image.

You plan to use the Lite Touch Installation deployment method to deploy the Windows 7 image.

You need to design a deployment strategy that will install an image on unknown client computers

www.certify-me.co.uk 44 Microsoft 70-686 Exam only if administrative approval is granted.

What should you do?

A. Create a multicast transmission for the Windows 7 image.

B. Use an Auto-Add policy on the WDS server.

C. Create a unicast transmission for the Windows 7 image.

D. Use DHCP rogue detection on the WDS server.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

http://technet.microsoft.com/en-us/library/cc731409(v=ws.10).aspx#BKMK_2

www.certify-me.co.uk 45 Microsoft 70-686 Exam untitled QUESTION 48 Your network has 1,000 client computers that

www.certify-me.co.uk 45 Microsoft 70-686 Exam

untitled

QUESTION 48 Your network has 1,000 client computers that run Windows XP. You are planning to deploy Windows 7.

You plan to use the Microsoft Deployment Toolkit Lite Touch Installation deployment method to deploy the Windows 7 image.

You have the following requirements:

- Migrate 20 computers at a time.

- Ensure that you conserve network bandwidth.

You need to design a deployment strategy that meets the requirements.

What should you do?

A. Configure multicast transmission on the deployment point.

B. Configure unicast transmission on the deployment point.

C. Distribute the image by using Background Intelligent Transfer Service (BITS).

D. Compress the contents of the distribution folder.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Performing Multicast Deployments In order to deploy an image using multicasting instead of unicasting, you must first create a multicast transmission. Multicast transmissions make the image available for multicasting, which enables you to deploy an image to a large number of client computers without overburdening the network. When you deploy an image using multicasting, the image is sent over the network only once, which can drastically reduce the amount of network bandwidth that is used. http://technet.microsoft.com/en-us/library/dd637994

(v=ws.10).aspx

QUESTION 49 Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 client computers.

www.certify-me.co.uk 46 Microsoft 70-686 Exam You are planning to deploy Windows 7 by using a zero-touch installation process.

You need to test the deployment methodology.

What should you do first?

A. Create a computer collection with test computers as members.

B. Create a security group with test computers as members.

C. Create an organizational unit and move test computer accounts into it.

D. Create a distribution group with test computers as members.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 50 You are planning a Windows 7 deployment infrastructure.

You have the following requirements:

- Enable network deployments of WIM images or VHDs

- Support multicast with the use of multiple stream transfer functionality.

- Allow drivers to be stored centrally, and use dynamic driver provisioning.

You need to design an infrastructure that meets the requirements.

Which deployment method should you recommend?

A. Microsoft Deployment Toolkit (MDT) 2010

B. Microsoft Deployment Toolkit (MDT) 2008

C. Windows Deployment Services in Windows Server 2008 R2

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Exam B

QUESTION 1 Your network has a single domain with 1,000 client computers that run Windows Vista.

You are planning a deployment of Windows 7.

www.certify-me.co.uk 47 Microsoft 70-686 Exam Your company has multiple departments. Only the sales department will use the existing target computers to run Windows 7.

You have the following requirements:

- Migrate the user state for each user.

- Preserve the file system and existing applications for only the sales department computers.

You need to recommend the deployment method that is appropriate for the environment.

Which combination of deployment scenarios should you recommend?

A. Use the Upgrade Computer method for the sales department computers. Use the Replace Computer method for all other computers.

B. Use the Upgrade Computer method for the sales department computers. Use the Refresh Computer method for all other computers.

C. Use the Refresh Computer method for the sales department computers. Use the New Computer method for all other computers.

D. Use the Refresh Computer method for the sales department computers. Use the Replace Computer method for all other computers.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Hints: only upgrade can preserve existing application Replace method - change new computer and migrate user state for each user.

QUESTION 2

You are planning a zero-touch deployment of Windows 7 Enterprise to client computers on your corporate

network.

Each client computer has three available boot methods:

- boot from the network by using PXE

- boot from USB media

- boot from the local hard disk

You have the following requirements:

- Set the boot method for a zero-touch deployment.

- Ensure that client computers that fail on deployment can be manually configured.

You need to design a zero-touch deployment strategy that supports the requirements.

www.certify-me.co.uk 48 Microsoft 70-686 Exam What should you do?

A. Remove USB media and local hard disk from the available boot methods

B. Remove USB media and network from the available boot methods

C. Set network as the first boot method, USB media as the second boot method, and local hard disk as the third boot method

D. Set USB media as the first boot method and local hard disk as the second boot method. Remove network from the available boot methods

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

hints: zero-touch deployment of Windows 7 Enterprise to client computers on your corporate network so, set network as 1st boot.

QUESTION 3 Your company has client computers that run Windows XP Professional.

You are planning to install Windows 7 Enterprise on the existing client computers.

You need to design a user state migration strategy that minimizes network bandwidth and server use when user data is being migrated.

What should you do?

A. Use the Refresh Computer method and a hard-link migration store.

B. Use the Refresh Computer method and a compressed migration store.

C. Use the Replace Computer method and a hard-link migration store.

D. Use the Replace Computer method and a compressed migration store.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

A hard-link migration store enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. http://technet.microsoft.com/en-us/library/dd560753

(v=ws.10).aspx

Refresh Scenario Similar to a new installation, the refresh scenario performs a clean setup. The difference is that the target computer already contains Windows, for which files and settings will be preserved (installed

www.certify-me.co.uk 49 Microsoft 70-686 Exam

applications are not taken into consideration). This scenario is especially useful in the event that preserving the user state is a priority. It still leverages the consistency benefits that come through a new installation. You can automate this scenario with the latest version of the User State Migration Tool (USMT 4.0), which

will collect pertinent data for each user state found in the system, and restore it after the clean installation is

performed.

Replace Scenario This is similar to the refresh scenario, except the target system is a new computer that does not yet contain any files or settings. The scenario consists of conducting a new installation on the target computer, and then using the USMT 4.0 to transfer files and settings from the old computer. You can run this scenario side-by- side with an older system running Windows XP or

Windows Vista. http://technet.microsoft.com/en-us/magazine/hh124549.aspx Hints:

Install on existing client computer = refresh Replace a new client computer = Replace

QUESTION 4 Your company has 1,000 client computers that run Windows 7 Enterprise.

You need to ensure that users cannot bypass or disable Internet Explorer logging.

What should you do?

A. Set the Disable the Advanced Page state to Enabled, and set the Turn off InPrivate Browsing state to Enabled.

B. Set the Turn off InPrivate Filtering state to Enabled, and set the Disable the General Page state to Enabled.

C. Set the Turn off InPrivate Browsing state to Enabled, and set the Disable the General Page state to Enabled.

D. Set the Disable the General Page state to Enabled, and set the Disable the Advanced Page state to Enabled.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

InPrivate Browsing in Internet Explorer 8 helps prevent one's browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no easily accessible evidence of browsing or search history.

www.certify-me.co.uk 50 Microsoft 70-686 Exam

http://en.wikipedia.org/wiki/Internet_Explorer_8

hints:

run IE InPrivate Browsing will not keep any history or logging. General Page able to clear IE history

untitled QUESTION 5 All client computers in your network run Windows 7 with default firewall

untitled

QUESTION 5 All client computers in your network run Windows 7 with default firewall settings.

www.certify-me.co.uk 51 Microsoft 70-686 Exam You have a server-based application that requires an agent to be installed on all client computers.

You need to use Group Policy to allow the application to initiate installation of the agent on all client

computers.

What should you do?

A. Create inbound program rules.

B. Create inbound port rules.

C. Create Windows service hardening rules.

D. Create connection security rules.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

hints:

software havent install, so unable to block program

QUESTION 6 All client computers in your network run Windows 7 Enterprise.

You need to prevent all standard user accounts from running programs that are signed by a specific

publisher.

What should you do?

A. Use AppLocker application control policies. Create an Executable rule.

B. Use software restriction policies. Create a hash rule.

C. Use AppLocker application control policies. Create a Windows Installer rule.

D. Use software restriction policies. Create a path rule.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

http://technet.microsoft.com/en-us/library/dd759068.aspx The AppLocker Microsoft Management Console (MMC) snap-in is organized into four areas called rule collections. The four rule collections are executable files, scripts, Windows Installer files, and DLL files. These collections give the administrator an easy way to differentiate the rules for different types of applications. Rule conditions are criteria that the AppLocker rule is based on. Primary conditions are required to

www.certify-me.co.uk 52 Microsoft 70-686 Exam

create an AppLocker rule. The three primary rule conditions are publisher, path, and file hash. Publisher - This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application. The publisher may be a software development company, such as Microsoft, or the information technology department of your organization. Path - This condition identifies an application by its location in the file system of the computer or on the network. AppLocker uses path variables for directories in Windows. File hash - When the file hash condition is chosen, the system computes a cryptographic hash of the identified file.

QUESTION 7 Your network has a single domain with 1,000 client computers that run Windows 7. You use Microsoft System Center Configuration Manager 2007 to distribute and install software applications. All users have standard user accounts.

You plan to use Group Policy to ensure that application installation functions properly.

You need to design the User Account Control (UAC) policy.

What should you do?

A. Configure the User Account Control: Behavior of the elevation prompt for standard users setting to be Prompt for credentials.

B. Configure the User Account Control: Only elevate executables that are signed and validated setting to be Enabled.

D.

Configure the User Account Control: Detect application installations and prompt for elevation setting to be Enabled.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

User Account Control: Detect application installations and prompt for elevation The User Account Control:

Detect application installations and prompt for elevation policy setting controls the behavior of application installation detection for the computer. The options are:

Enabled. (Default for home) When an application installation package is detected that requires

www.certify-me.co.uk 53 Microsoft 70-686 Exam

elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled. (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. http://technet.microsoft.com/en-us/library/dd851376.aspx

QUESTION 8 Your network has 1,000 client computers that run Windows 7.

You need to install an application, in the Local System account context, on the client computers.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A. Configure a logon script.

B. Configure a startup script.

C. Configure a shutdown script.

D. Configure a logoff script.

Answer: BC

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 9 You are planning to deploy Windows 7 to all client computers in your network. You need to ensure that domain administrators can manage domain Group Policy objects (GPOs) from their Windows 7 computers. What should you provide to the domain administrators?

A. Local Group Policy Editor

B. GPOAccelerator Tool

C. Remote Server Administration Tools

D. Administration Tools Pack

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Group Polices were modified using the Group Policy Edit tool that was integrated with Active

www.certify-me.co.uk 54 Microsoft 70-686 Exam

Directory Users and Computers Microsoft Management Console (MMC) snap-in, but it was later split into a separate MMC snap-in called the Group Policy Management Console (GPMC). The GPMC is now a user component in Windows Server 2008 and Windows Server 2008 R2 and is provided as a download as part

of the Remote

Server Administration Tools for Windows Vista and Windows 7.

http://en.wikipedia.org/wiki/Group_Policy

QUESTION 10 Your network has a single domain with 1,000 client computers that run Windows 7. Users frequently copy data from their computers to removable drives. You need to ensure that data that is copied to removable drives is protected. What should you do?

A. Use Encrypting File System (EFS)

B. Enable Trusted Platform Module (TPM) hardware on all client computers

C. Use Active Directory Rights Management Services

D. Configure a Group Policy to enforce the use of BitLocker To Go

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

BitLocker to Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows- 7/features. aspx#bitlocker

QUESTION 11 Your network has a single domain with 1,000 client computers that run Windows 7.

A large number of software installation scripts are configured to run on the client computers.

You need to recommend a Group Policy setting to allow users to log on to their computers as soon as possible at first boot.

What should you recommend?

www.certify-me.co.uk 55 Microsoft 70-686 Exam

A. Configure the Run logon scripts synchronously setting to be Enabled.

B. Configure the Run logon scripts synchronously setting to be Disabled.

C. Configure the Run startup scripts asynchronously setting to be Enabled.

D. Configure the Run startup scripts asynchronously setting to be Disabled.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Run logon scripts synchronously

Description Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop. If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously. Run startup scripts asynchronously Description Lets the system run startup scripts simultaneously.

Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script. If you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously. If you disable this policy or do not configure it, a startup script cannot run until the previous script is

complete.

http://msdn.microsoft.com/en-us/library/ms811602.aspx

QUESTION 12 Your company has 1,000 computers in the main office and 20 computers in store kiosks. All the computers run Windows 7 Enterprise. The kiosk computers do not have network connections. The company brands the Internet Explorer program window on all computers by displaying the company logo at the left end of the title bar. The company changes its logo.

You have the following requirements:

- Display the new logo on the Internet Explorer program window title bar on the main office computers and the kiosk computers.

- Modify the search providers that are available to main office computers.

You need to define Internet Explorer settings to support the requirements.

www.certify-me.co.uk 56 Microsoft 70-686 Exam What should you do?

A. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package on the main office computers. Create a deployment CD for the kiosk computers.

B. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package on the main office computers. Enable automatic version synchronization and specify a flash drive for the path. Distribute the configuration package to the kiosk computers.

C. Save the logo as Logo.png and copy the file to the C:\Windows\Branding\ directory on each kiosk computer. Create and distribute a new OpenSearch description file for the main office computers.

D. Use the Internet Explorer Administration Kit (IEAK) to create a custom configuration-only deployment package. Copy the setup file to a flash drive, and distribute the file to all computers.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Hints:

Kiosk computer do not have network connections, deployment CD is needed.

QUESTION 13 You are planning to test a custom image of Windows 7 Enterprise. You deploy the image on test computers in Toronto by using ConfigMgr.

The deployed image fails to activate.

You need to ensure that the image meets company activation requirements.

What should you do?

A. Run the Sysprep /generalize command.

B. Run the Sysprep /oobe command.

C. Modify the unattend.xml file and enter a MAK key.

D. Modify the unattend.xml file and enter a KMS key.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 57 Microsoft 70-686 Exam

QUESTION 14 Your company has an Active Directory domain.

You are planning the deployment of Windows 7 to client computers that are located in a main office and in satellite offices. All client computers use the same hardware.

company's security policy has the following requirements:

Your

- All client computers in the main office must run Windows 7 Enterprise.

- All client computers in the satellite offices must use BitLocker.

- All client computers in the main office must apply a custom security template.

The template must not apply to client computers in the satellite offices.

You need to recommend an image-creation strategy that meets the requirements of the security policy. The solution must minimize administrative effort.

What should you include in your recommendations?

A. One image for all client computers

A Group Policy object

B. One image for the main office computers

One image for the satellite office computers

A Data Recovery Agent

A Security database (secedit.sdb)

C. One image for the main office computers

One image for the satellite office computers

A Group Policy object

D. One image for all client computers

A Data Recovery Agent

A Security database (secedit.sdb)

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 15 You have an image that is used to deploy Windows 7 on client computers.

You need to add drivers to the Windows 7 image.

Which two actions should you perform? (Each correct answer presents part of the solution.

www.certify-me.co.uk 58 Microsoft 70-686 Exam Choose two.)

A. Use the Deployment Image Servicing and Management (DISM) tool offline.

B. Use INF files for driver packages.

C. Use executable files for driver packages.

D. Use Windows Installer files for driver packages.

E. Use the Deployment Image Servicing and Management (DISM) tool online.

Answer: AB

Section: (none)

Explanation/Reference:

Explanation:

Deployment Image Servicing and Management able to attach INF driver file to image at offline mode

QUESTION 16 Your company is planning to deploy Windows 7.

You have an image that is used to deploy Windows 7 on client computers.

You need to add a volume image to the existing Windows image.

What should you do?

A. Service the image online.

B. Use ImageX to append the volume image.

C. Use the Deployment Image Servicing and Management (DISM) tool to mount the image.

D. Use DiskPart to attach a new volume.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

ImageX is a command-line tool that enables the creation of Windows image (.wim) files for deployment in a manufacturing or corporate IT environment. The /append option appends a volume image to an existing . wim file. It creates a single instance of the file, comparing it against the resources that already exist in the . wim file, so you do not capture the same file twice http://technet.microsoft.com/en-us/library/cc749603

(v=ws.10).aspx

QUESTION 17 Your company includes mobile computer users who frequently work offline.

www.certify-me.co.uk 59 Microsoft 70-686 Exam You are planning to deploy Windows 7 by using an image.

You have the following requirements:

- Provide access to all applications when mobile computer users first start their computers.

- Minimize network and local storage requirements.

- Provide language-pack support based on the geographic location of the user.

You need to ensure that your image-creation strategy meets the requirements.

What should you do?

A. Create a single thin image for all computers.

B. Create one thin image for the mobile computers. Create one thick image for all other computers.

C. Create one thick image for the mobile computers. Create one thin image for all other computers.

D. Create a single hybrid image for all computers.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

MCTS Self-Paced Training Kit (Exam 70-680): Configuring Windows® 7 By Ian McLean, Orin Thomas http://books.google.com.my/books?id=lpNuBdGgFncC&pg=PT310&lpg=PT310&dq=thin+image+t hick

+image+languagepack&source=bl&ots=mU6XADkqKY&sig=C_BBoYQjkIHwwo7B9P2MlXM4

TOU&hl=en&sa=X&ei=QE-

KTDvC4fJrAfs7JGyCw&ved=0CB8Q6AEwAA#v=onepage&q=thin%20image%20thick%20image%

20languagepack&f=false

www.certify-me.co.uk 60 Microsoft 70-686 Exam

www.certify-me.co.uk 60 Microsoft 70-686 Exam untitled QUESTION 18 Your network includes the client

untitled

QUESTION 18 Your network includes the client computer hardware configurations shown in the following table.

You need to deploy Windows 7 by using the fewest images. How many images are

You need to deploy Windows 7 by using the fewest images.

How many images are needed?

A. 2

B. 3

www.certify-me.co.uk 61 Microsoft 70-686 Exam

C. 4

D. 8

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

One for 32bit image and one for 64bit image

QUESTION 19 Your company has 1,000 client computers.

You are planning to deploy Windows 7 and a new line-of-business application.

You have the following requirements:

- Install the application as part of the standard Windows 7 deployment.

- Use a single Windows 7 image for the deployment.

- The application must be available for use on client computers that are not connected to the network.

You need to ensure that the application is installed on all new client computers.

What should you do?

A. Deploy the application by using Windows Server Update Services (WSUS).

B. Publish the application by using Group Policy Software Installation.

C. Service an offline image of Windows 7 to add the new application.

D. Service an online image of Windows 7 to add the new application.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Hints:

Client computer that are not connected to the network = A & B is wrong the question refer to application installation. You can not do it offline servicing. Only online will be able to achieve it.

QUESTION 20 You deploy Windows 7 Enterprise to 1,000 client computers by using an image file.

www.certify-me.co.uk 62 Microsoft 70-686 Exam You need to define an image update strategy to incorporate software updates.

What should you do?

A. Install the deployment image on a client computer. Run the update package on the client computer, run Sysprep, and then recapture the image.

B. Append a disk volume that contains the update to the deployment image.

C. Mount the deployment image on a client computer that runs Windows 7. Run the update package on the client computer.

D. Install the deployment image on a client computer. Run the update package on the client computer, run BCDedit, and then recapture the image.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

hints: incorporate software updates = update image online Sysprep is needed before capture image.

QUESTION 21 You are designing a Windows 7 deployment image.

You plan to partition the hard disk of each client computer during deployment.

You need to modify the unattended answer file by using a text editor.

Where should you add the disk information?

A. to the Generalize configuration pass

B. to the AuditSystem configuration pass

C. to the WindowsPE configuration pass

D. to the Specialize configuration pass

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

http://technet.microsoft.com/en-us/library/dd744551(v=ws.10).aspx The windowsPE configuration pass also enables you to specify Windows Setup-related settings, including:

- Partition and format a hard disk.

- Select a specific Windows image to install, the path of that image, and any credentials required to access that image.

www.certify-me.co.uk 63 Microsoft 70-686 Exam

- Select a partition on the destination computer where you install Windows.

- Apply a product key and administrator password.

- Run specific commands during Windows Setup.

QUESTION 22 You are planning to deploy Windows 7 Enterprise and several custom applications. You create a custom Windows 7 Enterprise image. You need to validate that the custom applications will run after the deployment. What should you do?

A. Use ImageX with the check option to mount the image.

B. Mount the custom image by using the Deployment Image Servicing and Management (DISM) tool.

C. Deploy the custom image, and then run the sigverif.exe command.

D. Deploy the custom image to a Virtual Hard Disk (VHD), and then boot from the VHD.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

The only way to check custom application is C in question, as need to load image to VHD or real PC, then boot from VHD or PC to windows, then run the customer application in windows.

QUESTION 23 Your company has a main office and 5 branch offices. Each office contains 200 client computer.

Each office has a direct connection to the Internet. The branch offices are connected to the main office through dedicated connections.

You plan to deploy an update solution for all client computers by using Windows Server Update Services (WSUS).

You need to recommend a WSUS deployment solution. The solution must minimize traffic over the dedicated connections.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure WSUS to download updates from an upstream server. www.certify-me.co.uk 64 Microsoft 70-686 Exam

B. Deploy BranchCache in distributed cache mode in each office.

C. Deploy a WSUS server in each office.

D. Configure WSUS to download updates from Microsoft Update.

E. Deploy a WSUS server in the main office only.

Answer: CD

Section: (none)

Explanation/Reference:

Explanation:

hints:

Each office has a direct connection to the Internet. The branch offices are connected to the main office through dedicated connections.

QUESTION 24 Your company has an Active Directory Domain Services (AD DS) forest with a single domain. The domain, organizational unit (OU), and Group Policy object (GPO) design is shown in the following diagram.

www.certify-me.co.uk 65 Microsoft 70-686 Exam

You deploy a Microsoft Windows Server Update Services (WSUS) server. You need to ensure that

You deploy a Microsoft Windows Server Update Services (WSUS) server.

You need to ensure that only client computers that are members of the NY Computers OU use the WSUS server for updates.

Where should you define Windows Update settings?

A. in the User Configuration settings of the New York Computers GPO

B. in the Computer Configuration settings of the New York Baseline GPO

C. in the User Configuration settings of the New York Baseline GPO

D. in the Computer Configuration settings of the New York Computers GPO

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

To specify how and when computers are updated through Group Policy

www.certify-me.co.uk 66 Microsoft 70-686 Exam

In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update. In the details pane of Group Policy Object Editor,

configure the appropriate policies. See the following table for examples of the policies you might want to

set

refer to http://technet.microsoft.com/en-us/library/cc708536(v=WS.10).aspx

QUESTION 25 company's network is shown in the following diagram.

Your

Your All client computers are members of the contoso.com Active Directory Domain Services (AD DS) domain.

All client computers are members of the contoso.com Active Directory Domain Services (AD DS) domain. Each network segment is represented by an AD DS site object that is named to match the network

segment.

Your company plans to deploy Windows 7 to all client computers.

You need to manage the deployment to ensure that client computers in branch office C can activate Windows. What should you do?

www.certify-me.co.uk 67 Microsoft 70-686 Exam

A. Create a DNS service (SRV) resource record named

_vlmcs

udp.BranchOfficeC

sites.contoso.com

.

B. Deploy the Multiple Activation Key (MAK) in branch office C.

C. Deploy the Key Management Service (KMS) in branch office C.

D. Create a DNS service (SRV) resource record named

_vlmcs

tcp.BranchOfficeC

sites.contoso.com

.

Answer: B

Section: (none)

 

Explanation/Reference:

Explanation:

Key Management Service (KMS) requires a count of 25 or higher from the KMS host to activate itself. refer to http://technet.microsoft.com/en-us/library/ee939272.aspx

QUESTION 26 Your company has client computers that run Windows Vista and client computers that run Windows 7. The client computers connect directly to the Microsoft Update Web site once per week and automatically install all available security updates.

Microsoft releases a security update for Windows 7.

You have the following requirements:

- Create a report of all Windows 7 computers that are currently connected to the network and that do not have the security update installed.

- Use the least amount of administrative effort.

You need to manage the software update process to meet the requirements.

What should you do?

A. Deploy Microsoft Windows Server Update Services (WSUS). Approve the security update for installation, and force a detection cycle on the client computers.

B. Deploy Microsoft Windows Server Update Services (WSUS). Approve the security update for detection, and force a detection cycle on the client computers.

C. Use the Microsoft Baseline Configuration Analyzer (MBCA) to scan the client computers.

D. Use the Microsoft Baseline Security Analyzer (MBSA) to scan the client computers. Configure MBSA to use the Microsoft Update site catalog.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 68 Microsoft 70-686 Exam

Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

http://technet.microsoft.com/en-us/security/cc184924

QUESTION 27 Your company has client computers that run Windows 7 Enterprise. You need to provide 10 users with an additional operating system boot option. What should you do?

A. Use the DiskPart tool in Windows PE to attach a Virtual Hard Drive (VHD).

B. Use BCDedit to add a native-boot Virtual Hard Drive (VHD) entry to the boot menu.

C. Use Bootcfg to modify the boot parameters.

D. Use BCDboot to modify the system partition.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

BCDEdit is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows. It is included with the Windows Vista distribution in the %WINDIR%\System32 folder.

http://technet.microsoft.com/library/cc731662.aspx

QUESTION 28 Your network has a single domain with 1,000 client computers that run Windows Vista. All client computers are members of the domain.

You are planning to deploy Windows 7.

You need to create a report that shows hardware and device compatibility on all client computers.

You need to perform this action without installing any additional software on the client computers.

Which tool should you use?

www.certify-me.co.uk 69 Microsoft 70-686 Exam

A. System Center Configuration Manager

B. System Center Capacity Planner

C. Windows Performance Monitor Data Collector Sets

D. Microsoft Assessment and Planning Toolkit

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Microsoft Assessment and Planning Toolkit performs a detailed analysis of hardware and device compatibility for migration to Windows 7, Windows Server 2008 R2, SQL Server 2008 R2, Microsoft Office 2010, and Office 365. The hardware assessment looks at the installed hardware and determines if migration is recommended. If it is not recommended, then reports provide information about why it is not.

http://technet.microsoft.com/en-us/library/bb977556.aspx

QUESTION 29 You are designing a Windows 7 virtual desktop infrastructure.

You have the following requirements:

- Provide access to Remote Desktop Services RemoteApp sources from multiple remote desktop servers.

- Support network load balancing. Support reconnection to existing sessions on virtual desktops.

- You need to specify a design that meets the requirements.

What should you include in your design?

A. Remote Desktop Gateway

B. Windows Deployment Services

C. Remote Desktop Connection Broker

D. Windows Virtual PC and Windows XP Mode

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Remote Desktop Connection Broker (RD Connection Broker), formerly Terminal Services Session Broker (TS Session Broker), is used to provide users with access to RemoteApp and Desktop Connection. RemoteApp and Desktop Connection provides users a single, personalized, and aggregated view of RemoteApp programs, session-based desktops, and virtual desktops to users. RD Connection Broker supports load balancing and reconnection to existing sessions on virtual desktops, Remote Desktop sessions, and RemoteApp programs accessed by using RemoteApp and Desktop Connection. RD Connection Broker also aggregates RemoteApp sources from

www.certify-me.co.uk 70 Microsoft 70-686 Exam

multiple Remote Desktop Session Host (RD Session Host) servers that may host different RemoteApp

programs.

http://technet.microsoft.com/en-us/library/dd560675(v=WS.10).aspx

QUESTION 30 Your company plans to deploy Windows 7 Enterprise.

The current client computers run either Windows XP Professional or Windows Vista Enterprise.

The company uses 20 custom applications that were written for Windows XP.

You need to create a log of compatibility issues for the custom applications.

What should you do?

A. Install each application on a Windows XP client computer, and then run the Application Compatibility Toolkit (ACT).

B. Install each application on a Windows 7 client computer, and then run the Application Compatibility Toolkit (ACT).

C. Install each application on a Windows XP client computer. Sequence each application by using Microsoft Application Virtualization (App-V).

D. Install each application on a Windows Vista client computer. Sequence each application by using Microsoft Application Virtualization (App-V).

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 31 You are planning to deploy Windows 7.

You have a custom line-of-business application that is not compatible with Windows 7.

You need to design a solution that allows the application to run.

What should you do?

www.certify-me.co.uk 71 Microsoft 70-686 Exam

A. Use the Windows Compatibility Evaluator.

B. Use the Setup Analysis Tool.

C. Use the Compatibility Administrator.

D. Use the Update Compatibility Evaluator.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

The Compatibility Administrator tool can help you to resolve many of your compatibility issues by enabling the creation and the installation of application mitigation packages (shims), which can include individual compatibility fixes, compatibility modes, and AppHelp messages. The flowchart in Figure illustrates the steps required while using the Compatibility Administrator to create your compatibility fixes, compatibility modes, and AppHelp messages. http://sourcedaddy.com/windows-7/using-the-compatibility-administrator.

html

QUESTION 32 Your company is planning to deploy Windows 7 to all client computers.

You have the following requirements:

Test an application to detect potential compatibility issues caused by User Account Control (UAC). Monitor an applications operating system use.

You need to select the appropriate method to detect application compatibility issues.

What should you do?

A. Use the Setup Analysis Tool in a virtual environment.

B. Use the standalone Setup Analysis Tool.

C. Use the Standard User Analyzer Wizard.

D. Use the Standard User Analyzer tool.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

The Standard User Analyzer (SUA) tool enables you to test your applications to detect potential compatibility issues due to the User Account Control (UAC) feature. http://technet.microsoft.com/en-us/library/cc765948

(v=ws.10).aspx

www.certify-me.co.uk 72 Microsoft 70-686 Exam

QUESTION 33

Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows 7

computers.

You are planning to deploy a custom application.

You need to schedule the deployment to occur outside of business hours and without user interaction.

Which deployment method should you choose?

A. Lite Touch Installation

B. software deployment with Microsoft System Center Configuration Manager 2007

C. software installation with Group Policy

D. Microsoft Application Virtualization (App-V)

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

Microsoft System Center Configuration Manager 2007 able to set schedule to deploy (text book) hints:

without user interaction = zero touch

QUESTION 34 Your network has 1,000 client computers that run Windows 7.

You plan to deploy a new application.

You need to ensure that the application deploys only during non-business hours.

What should you do?

A. Use Group Policy.

B. Use Microsoft System Center Configuration Manager.

C. Use Windows Deployment Services with a schedule cast.

D. Use a logon script.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

Microsoft System Center Configuration Manager able to schedule task (Text Book)

www.certify-me.co.uk 73 Microsoft 70-686 Exam

QUESTION 35

Your company has a single Active Directory Domain Services (AD DS) domain and 1,000 Windows Vista

computers.

You are planning to deploy Windows 7 and a custom application.

You have the following requirements:

- The application must be available to only a specific group of users.

- You must be able to monitor application usage.

You need to design a deployment method for the custom application that meets the requirements.

Which deployment method should you use in your design?

A. software installation in Group Policy

B. Microsoft Application Virtualization (App-V)

C. baseline Windows 7 image that includes the custom application

D. startup scripts in Group Policy

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

MS App-V thus allows centralized installation and management of deployed applications. It supports policy based access control; administrators can define and restrict access to the applications by certain users by defining policies governing the usage. App-V can require that applications not be run 'cached' from workstations, or require that 'cached' App-V applications routinely update license information from the App-V server, enforcing license compliance. These policies are centrally applied on the application repository. App- V also allows copy of the applications across multiple application servers for better scalability and fault tolerance, and also features a tracking interface to track the usage of the virtualized application. http://en.wikipedia.org/wiki/Microsoft_App-V

QUESTION 36 Your companys network has client computers that run Windows 7.

www.certify-me.co.uk 74 Microsoft 70-686 Exam A software vendor releases version 2 of an application that your company uses.

Your company currently uses version 1.

Version 1 and version 2 are not compatible.

You plan to deploy version 2 of the application.

You have the following requirements:

Users must be able to run both versions of the application on their computers.

Version 2 must be available when a client computer is not connected to the network.

You need to plan a software deployment process that meets the requirements.

What should you do?

A. Deploy version 2 of the application by using a Microsoft System Center Configuration Manager package.

B. Deploy version 2 of the application by using a Group Policy Software Installation policy.

C. Deploy version 2 of the application as a Remote Desktop Services RemoteApp.

D. Deploy version 2 of the application by using Microsoft Application Virtualization (App-V).

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Microsoft Application Virtualization (MS App-V) platform allows applications to be deployed in real- time to any client from a virtual application server. It removes the need for local installation of the applications. Instead, only the App-v client needs to be installed on the client machines. All application data is permanently stored on the virtual application server. Whichever software is needed is either streamed or locally cached from the application server on demand and run locally. The App-V stack sandboxes the execution environment so that the application does not make changes to the client itself (OS File System and/or Registry). App-V applications are also sandboxed from each other, so that different versions of the same application can be run under App-V concurrently. http://en.wikipedia.org/wiki/Microsoft_App-V

QUESTION 37 Your network has client computers that run Windows XP. Users do not have administrative rights to their local computers. You use Windows Server Update Services (WSUS) to manage software updates.

www.certify-me.co.uk 75 Microsoft 70-686 Exam You are planning to deploy Windows 7. Your company uses a custom application that is not compatible with Windows 7.

You need to ensure that all users are able to run the custom application.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A. Install and register a shim on the WSUS server.

B. Install and register a shim on the client computers by using Group Policy.

C. Deploy and register the compatibility-fix database file to the client computers by using a computer startup script.

Answer: BC

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 38 Your companys client computers run Windows 7. Your companys network has a wireless access point (WAP).

A user reports that he regularly loses connectivity to the WAP.

You need to display information about client connectivity to the WAP.

What should you do?

A. Use Event Viewer to view events from a source of WlanConn.

B. Use auditpol.exe to enable successful attempts in the Object Access category.

C. Use Event Viewer to view events from a source of WLAN AutoConfig.

D. Use auditpol.exe to enable failed attempts in the Object Access category.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

WLAN AutoConfig service is built-in tool in Windows 7 that can be used to detect and connect to wireless network, http://www.home-network-help.com/wlan-autoconfig-service.html

www.certify-me.co.uk 76 Microsoft 70-686 Exam

QUESTION 39 Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. The design of the domain and Group Policy object (GPO) is shown in the following diagram.

You configure Group Policy preferences to define mapped drives in the Boston staff GPO. Users

You configure Group Policy preferences to define mapped drives in the Boston staff GPO.

Users in the Boston organizational unit (OU) then report that the mapped drives are not available

You need to identify and resolve Group Policy issues to ensure that the mapped drives are available.

What should you do?

A. Enable loopback processing in Replace mode.

B. Enable loopback processing in Merge mode. www.certify-me.co.uk 77 Microsoft 70-686 Exam

C. Enable the computer configuration settings.

D. Enable the user configuration settings.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 40 You deploy Windows 7 and several custom Internet Explorer add-ons to 1,000 client computers. Internet Explorer closes when users run a specific Web application. You need to find out whether an add-on is the cause of the problem. What should you do?

A. Use Group Policy to disable the Programs tab in Internet Explorer for all client computers.

B. Use Group Policy to turn on Internet Explorer 7 Standards mode.

C. Start Internet Explorer in No Add-ons mode.

D. Reset all Internet Explorer security zones to the default levels.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 41 Your companys network has client computers that run Windows 7. From a computer named Computer1, a user attempts to log on to the domain and receives the following message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. You need to ensure that the user can log on to the domain from Computer1. What should you do?

A. Reset the password of the user account.

B. Move the computer account for Computer1 to the Computers container.

C. Run netdomcomputername computer1.

D. Remove Computer1 from the domain and rejoin Computer1 to the domain.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Re-create the computer account, join a workgroup, and then rejoin the domain. Refer to http://support.microsoft.com/kb/810497

www.certify-me.co.uk 78 Microsoft 70-686 Exam

QUESTION 42 Your company has a single Active Directory Domain Services (AD DS) forest with a single domain named contoso.com. All client computers run Windows 7. All client computer accounts are located in the Computers container in the contoso.com domain.

You discover that multiple client computers were automatically shut down because the security log was full.

You need to ensure that client computers are not shut down when the security log becomes full.

What should you do?

A. Increase the maximum log size.

B. Configure an Event Viewer subscription.

C. Modify the event log policy settings in the Default Domain Controllers Policy Group Policy object (GPO).

D. Modify the event log policy settings in the Default Domain Policy Group Policy object (GPO).

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

Why not Default Domain Controllers Policy Group Policy object?? Default Domain Controllers Policy Group Policy object is set policy to manage domain controller (domain server) Default Domain Policy Group Policy object is set of policy to manage client

QUESTION 43 Your company has an Active Directory Domain Services (AD DS) forest with a single domain named contoso.com.

You deploy a new Group Policy object (GPO) named NY Computers GPO as part of the organizational unit (OU) and GPO design shown in the following diagram.

www.certify-me.co.uk 79 Microsoft 70-686 Exam

www.certify-me.co.uk 79 Microsoft 70-686 Exam The NY Computers GPO contains computer configuration settings and user

The NY Computers GPO contains computer configuration settings and user configuration settings.

User configuration settings are not being applied to users who log on to client computers in the NY Computers OU.

You need to ensure that user configuration settings are being applied.

What should you do?

A. Enable user configuration settings in the Default Domain Policy GPO.

B. Enable loopback processing in the NY Computers GPO.

C. Enable user configuration settings in the NY Computers GPO.

D. Enable loopback processing in the Default Domain Policy GPO.

Answer: B

Section: (none)

Explanation/Reference:

Explanation:

refer to Planning and managing windows 7 desktop deployments and environment Pg 10-92

QUESTION 44 Your company has an internal Web application that uses a self-signed SSL certificate. The

www.certify-me.co.uk 80 Microsoft 70-686 Exam company has an internal certification authority (CA) with auto enrollment.

When users attempt to start the Web application, Internet Explorer displays an error message that recommends closing the Web page rather than continuing to the application.

You need to ensure that Internet Explorer does not display the error message.

What should you do?

A. Install the Web applications certificate into the computer store on each client computer.

B. Purchase a commercial certificate and install it on the internal CA.

C. Issue a certificate from the internal CA and install it on the application server.

D. Install the Web applications certificate into the personal store on each client computer. Add the applications URL to the Trusted Sites zone in Internet Explorer.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 45

DRAG DROP

You create a shim database and distribute it to each of a companys client computers through a script. You name the database Shim_Database and give it a filename of shimdatabase.sdb. The database GUID is

18315260-2ecb-43af-945a-56810da33fb4.

The database must be registered on all client computers. The registration process must be invisible to the

user.

You need to construct a command to register the shim database.

Which command should you use? To answer, drag the appropriate component from the list of command components to the correct location or locations in the work area.

www.certify-me.co.uk 81 Microsoft 70-686 Exam

components to the correct location or locations in the work area. www.certify-me.co.uk 81 Microsoft 70-686 Exam

A.

B.

D.

Answer:

Section: (none)

Explanation/Reference:

D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 82 Microsoft 70-686 Exam

Explanation:

D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 82 Microsoft 70-686 Exam

www.certify-me.co.uk 82 Microsoft 70-686 Exam

untitled QUESTION 46 HOTSPOT You upgrade all of a companys client computers from Microsoft Internet

untitled

QUESTION 46

HOTSPOT

You upgrade all of a companys client computers from Microsoft Internet Explorer 8 to Internet Explorer 9.

After the upgrade, users are unable to download attachments from Microsoft Outlook Web App (OWA) or any other secure website. You verify the Group Policy settings for Internet Explorer 9.

You need to ensure that all users can download attachments from OWA and other secure websites.

Which setting should you select? To answer, select the appropriate item in the work area.

www.certify-me.co.uk 83 Microsoft 70-686 Exam A. B. C. D. Answer: Section: (none) Explanation/Reference:

www.certify-me.co.uk 83 Microsoft 70-686 Exam

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Explanation: www.certify-me.co.uk 84 Microsoft 70-686 Exam

Explanation:

Explanation: www.certify-me.co.uk 84 Microsoft 70-686 Exam

www.certify-me.co.uk 84 Microsoft 70-686 Exam

untitled --resources received from HTTPS URLs are In IE9, this option does exactly what it

untitled

--resources received from HTTPS URLs are In IE9, this option does exactly what it says it does not placed in the Temporary Internet Files Cache and temporary files are not created for these resources. This option is universal for HTTPS responses; their headers (e.g. Pragma, Cache- Control) are not consulted. http://blogs.msdn.com/b/ieinternals/archive/2011/05/07/downloads-and-flash-fail-when-do-not- save- encryptedpages-to-disk-is-set.aspx

QUESTION 47

DRAG DROP

Your company has 1,000 client computers that run Windows 7. The company uses several custom line-of- business applications that are not compatible with Windows 7.

You need to distribute a Microsoft Enterprise Desktop Visualization (MED-V) virtual machine (VM) image that includes the custom applications to all Windows 7 client computers.

Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

www.certify-me.co.uk 85 Microsoft 70-686 Exam

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

Explanation:

www.certify-me.co.uk 86 Microsoft 70-686 Exam untitled QUESTION 48 HOTSPOT You are the desktop architect for

www.certify-me.co.uk 86 Microsoft 70-686 Exam

www.certify-me.co.uk 86 Microsoft 70-686 Exam untitled QUESTION 48 HOTSPOT You are the desktop architect for an

untitled

QUESTION 48

HOTSPOT

You are the desktop architect for an enterprise organization with client computers that run Windows 7.

You need to create a new Windows Firewall rule that will allow you to access the Disk Management snap-in of remote client computers.

Which predefined rule should you select? To answer, select the appropriate setting in the work area.

www.certify-me.co.uk 87 Microsoft 70-686 Exam A. B. C. D. Answer: Section: (none) Explanation/Reference:

www.certify-me.co.uk 87 Microsoft 70-686 Exam

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

www.certify-me.co.uk 88 Microsoft 70-686 Exam

www.certify-me.co.uk 88 Microsoft 70-686 Exam

untitled untitled http://blogs.technet.com/b/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-

untitled

untitled untitled http://blogs.technet.com/b/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-

untitled

http://blogs.technet.com/b/server_core/archive/2008/01/14/configuring-the-firewall-for-remote-

management-ofa-workgroup-server-core-installation.aspx

QUESTION 49 You are planning to upgrade Microsoft Internet Explorer. You must create a report that identifies which computers are successfully upgraded. You need to design a deployment method that

www.certify-me.co.uk 89 Microsoft 70-686 Exam meets this requirement. What should you use? (Choose all that apply.)

A. Microsoft System Center Essentials

B. Windows Intune

C. Microsoft System Center Configuration Manager

D. Internet Explorer Administration Kit (IEAK) and Group Policy

E. Windows Server Update Services (WSUS)

Answer: ABDE

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 50

HOTSPOT

Your network has a single domain with 1,000 client computers that run Windows 7. You use Microsoft System Center Configuration Manager 2007 to distribute and install software applications. All users have standard user accounts.

You plan to use Group Policy to ensure that application installation functions properly.

You need to design the User Account Control (UAC) policy.

Which setting should you select? To answer, select the appropriate setting in the work area.

(UAC) policy. Which setting should you select? To answer, select the appropriate setting in the work

A.

B.

C.

Answer:

Section: (none)

Explanation/Reference:

Answer: Section: (none) Explanation/Reference: www.certify-me.co.uk 90 Microsoft 70-686 Exam Explanation: User Account

www.certify-me.co.uk 90 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 90 Microsoft 70-686 Exam Explanation: User Account Control: Detect application installations and

User Account Control: Detect application installations and prompt for elevation The User Account Control:

Detect application installations and prompt for elevation policy setting controls the behavior of application installation detection for the computer. The options are:

Enabled. (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. Disabled. (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. http://technet.microsoft.com/en-us/library/dd851376.aspx

QUESTION 51 Your company has 1,000 client computers that run Windows 7 Enterprise.

You need to ensure that users cannot bypass or disable Internet Explorer logging.

What should you do?

A. Set the Disable the Advanced Page state to Enabled, and set the Turn off InPrivate Browsing state to Enabled.

B. Set the Turn off InPrivate Filtering state to Enabled, and set the Disable the General Page state to Enabled.

C. Set the Turn off InPrivate Browsing state to Enabled, and set the Disable the General Page state to Enabled.

D. Set the Disable the General Page state to Enabled, and set the Disable the Advanced Page state to Enabled.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

InPrivate Browsing in Internet Explorer 8 helps prevent one's browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no easily accessible evidence of browsing or search history.

www.certify-me.co.uk 50 Microsoft 70-686 Exam

http://en.wikipedia.org/wiki/Internet_Explorer_8

hints:

run IE InPrivate Browsing will not keep any history or logging. General Page able to clear IE history

untitled QUESTION 52 Your network has 1,000 client computers that run Windows 7. You need

untitled

QUESTION 52 Your network has 1,000 client computers that run Windows 7.

You need to install an application, in the Local System account context, on the client computers.

What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

A. Configure a logon script.

B. Configure a startup script.

C. Configure a shutdown script.

D. Configure a logoff script.

Answer: BC

Section: (none)

Explanation/Reference:

Explanation:

QUESTION 53 Your network has a single domain with 1,000 client computers that run Windows 7.

A large number of software installation scripts are configured to run on the client computers.

You need to recommend a Group Policy setting to allow users to log on to their computers as soon as possible at first boot.

What should you recommend?

www.certify-me.co.uk 55 Microsoft 70-686 Exam

A. Configure the Run logon scripts synchronously setting to be Enabled.

B. Configure the Run logon scripts synchronously setting to be Disabled.

C. Configure the Run startup scripts asynchronously setting to be Enabled.

D. Configure the Run startup scripts asynchronously setting to be Disabled.

Answer: C

Section: (none)

Explanation/Reference:

Explanation:

Run logon scripts synchronously Description Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.

If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This

setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable this policy or do not configure it, the logon scripts and Windows

Explorer are not synchronized and can run simultaneously. Run startup scripts asynchronously Description Lets the system run startup scripts simultaneously.

Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script. If you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.

If you disable this policy or do not configure it, a startup script cannot run until the previous script is

complete.

http://msdn.microsoft.com/en-us/library/ms811602.aspx

QUESTION 54 You have an image that is used to deploy Windows 7 on client computers.

You need to add drivers to the Windows 7 image.

Which two actions should you perform? (Each correct answer presents part of the solution.

www.certify-me.co.uk 58 Microsoft 70-686 Exam Choose two.)

A. Use the Deployment Image Servicing and Management (DISM) tool offline.

B. Use INF files for driver packages.

C. Use executable files for driver packages.

D. Use Windows Installer files for driver packages.

E. Use the Deployment Image Servicing and Management (DISM) tool online.

Answer: AB

Section: (none)

Explanation/Reference:

Explanation:

Deployment Image Servicing and Management able to attach INF driver file to image at offline mode

QUESTION 55 Your network includes the client computer hardware configurations shown in the following table.

hardware configurations shown in the following table. You need to deploy Windows 7 by using the

You need to deploy Windows 7 by using the fewest images.

How many images are needed?

A. 2

B. 3

www.certify-me.co.uk 61 Microsoft 70-686 Exam

C. 4

D. 8

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

One for 32bit image and one for 64bit image

QUESTION 56 You are planning to deploy Windows 7 Enterprise and several custom applications. You create a custom Windows 7 Enterprise image. You need to validate that the custom applications will run after the deployment. What should you do?

A. Use ImageX with the check option to mount the image.

B. Mount the custom image by using the Deployment Image Servicing and Management (DISM) tool.

C. Deploy the custom image, and then run the sigverif.exe command.

D. Deploy the custom image to a Virtual Hard Disk (VHD), and then boot from the VHD.

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

The only way to check custom application is C in question, as need to load image to VHD or real PC, then boot from VHD or PC to windows, then run the customer application in windows.

Exam C

QUESTION 1

HOTSPOT

You are creating a Windows 7 image.

You need to prevent users from sharing their desktop sessions with remote users. You also need to allow administrators who are using Windows XP to administer the Windows 7 image remotely.

Which settings should you configure? To answer, select the appropriate setting or settings in the work area.

www.certify-me.co.uk 91 Microsoft 70-686 Exam

the work area. www.certify-me.co.uk 91 Microsoft 70-686 Exam A. B. C. D. Answer: Section: (none) Explanation/Reference:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Explanation: www.certify-me.co.uk 92 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 92 Microsoft 70-686 Exam

Only less secure allow using windows XP to adminster the windows 7 image remotely smith

Only less secure allow using windows XP to adminster the windows 7 image remotely smith answer original

is C, but print screen is B.

QUESTION 2

DRAG DROP

A company has 1,000 computers in the main office and 20 computers in store kiosks. All the computers run

Windows 7 Enterprise. The kiosk computers do not have network connections.

The company brands the Microsoft Internet Explorer program window on all computers by displaying the company logo at the left end of the title bar. The company changes its logo.

You have the following requirements:

· Display the new logo on the Internet Explorer program window title bar on the main office computers and the kiosk computers.

· Modify the search providers that are available to main office computers.

You need to define Internet Explorer settings to support the requirements.

Which two actions should you perform in sequence? (To answer, move the appropriate actions

www.certify-me.co.uk 93 Microsoft 70-686 Exam from the list of actions to the answer area and arrange them in the correct order.)

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

Explanation:

www.certify-me.co.uk 94 Microsoft 70-686 Exam untitled Hints: Kiosk computer do not have network connections, deployment

www.certify-me.co.uk 94 Microsoft 70-686 Exam

www.certify-me.co.uk 94 Microsoft 70-686 Exam untitled Hints: Kiosk computer do not have network connections, deployment

untitled

Hints:

Kiosk computer do not have network connections, deployment CD is needed.

QUESTION 3

DRAG DROP

You use a computer named Client02 to manage the BitLocker configuration on a remote computer named

Client01.

A new company policy states that when BitLocker is used, you must be able to access the data in case of a system failure.

You need to comply with the company policy.

Using manage-bde, how should you achieve this goal? (To answer, drag the appropriate parameter from the list of options to the correct location or locations in the work area.)

www.certify-me.co.uk 95 Microsoft 70-686 Exam A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

www.certify-me.co.uk 95 Microsoft 70-686 Exam

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

www.certify-me.co.uk 95 Microsoft 70-686 Exam A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation:

Explanation:

QUESTION 4 HOTSPOT A network has a single domain with 1,000 client computers that run

QUESTION 4

HOTSPOT

A network has a single domain with 1,000 client computers that run Windows 7.

A large number of software installation scripts are configured to run on the client computers.

You need to recommend a Group Policy setting that allows users to log on to their computers as soon as possible at first boot.

What should you recommend?

www.certify-me.co.uk 96 Microsoft 70-686 Exam

as possible at first boot. What should you recommend? www.certify-me.co.uk 96 Microsoft 70-686 Exam A. B.

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Section: (none) Explanation/Reference: Explanation: Run startup scripts asynchronously Description Lets the system run

Explanation:

Section: (none) Explanation/Reference: Explanation: Run startup scripts asynchronously Description Lets the system run

Run startup scripts asynchronously Description Lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script. If you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.

If you disable this policy or do not configure it, a startup script cannot run until the previous script is complete.

http://msdn.microsoft.com/en-us/library/ms811602.aspx

hints: allows users to log on to their computers as soon as possible at first boot

www.certify-me.co.uk 97 Microsoft 70-686 Exam

QUESTION 5

DRAG DROP

A company network includes Windows 7 client computers and DirectAccess.

When using DirectAccess, users cannot connect to the companys internal resources.

You need to create a batch file that users can execute to trace all network traffic for DirectAccess from their home computers.

Which command should you use? To answer, drag the appropriate terms from the list of terms to the correct location or locations in the work area.

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 98 Microsoft 70-686 Exam

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

A. B. C. D. Answer: Section: (none) Explanation/Reference: Explanation: www.certify-me.co.uk 98 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 98 Microsoft 70-686 Exam

untitled QUESTION 6 HOTSPOT A user is unable to log on to a client computer
untitled QUESTION 6 HOTSPOT A user is unable to log on to a client computer

untitled

QUESTION 6

HOTSPOT

A user is unable to log on to a client computer that runs Windows 7. The user receives an error message that says The local policy of this system does not permit you to logon interactively. The user belongs only to the Users group.

You need to ascertain which policy in the local security policy must be modified.

Which security policy should you select? To answer, select the appropriate policy in the work area.

www.certify-me.co.uk 99 Microsoft 70-686 Exam

A. B. C. D. Answer: Section: (none) Explanation/Reference:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Explanation: www.certify-me.co.uk 100 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 100 Microsoft 70-686 Exam

untitled

QUESTION 7

DRAG DROP

You upgrade all of an organization's client computers to Windows 7.

After the upgrade, a specific legacy application does not function correctly.

You need to generate a list of all the computers that have the legacy application installed.

Which two actions should you perform? (To answer, move the appropriate action from the list of

www.certify-me.co.uk 101 Microsoft 70-686 Exam actions to the answer area and arrange them in the correct order.)

to the answer area and arrange them in the correct order.) A. B. C. D. Answer:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Explanation: www.certify-me.co.uk 102 Microsoft 70-686 Exam

Explanation:

Explanation: www.certify-me.co.uk 102 Microsoft 70-686 Exam
Explanation: www.certify-me.co.uk 102 Microsoft 70-686 Exam

www.certify-me.co.uk 102 Microsoft 70-686 Exam

untitled

QUESTION 8

You are using Windows Deployment Services (WDS) to deploy new images of Windows 7 to 64- bit

computers.

Technicians receive the error message shown in the exhibit when they attempt to boot by using PXE.

You need to ensure that the technicians can boot the client computers by using PXE.

What should you do? (Choose all that apply.)

by using PXE. What should you do? (Choose all that apply.) A. Run the bcdedit /set

A. Run the bcdedit /set {ntldr} description "Windows 7 32-bit" command.

B. Add a 64-bit boot image to the WDS server.

C. Add a 64-bit install image to the WDS server.

D. Add a 32-bit boot image to the WDS server.

E. Run the bcdedit /set {ntldr} description "Windows 7 64-bit" command.

F. Add a 32-bit install image to the WDS server.

Answer: BD

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 103 Microsoft 70-686 Exam

QUESTION 9

HOTSPOT

A company runs Windows Server 2008 R2 in an Active Directory Domain Services (AD DS) environment. Windows 7 is installed on all the companys client computers.

You add a domain user account named User1 to the local Administrators group on a client computer named PC01. When User1 returns to the office, User1 does not have administrative access on PC01.

When you inspect PC01, you find that the local Administrators group does not contain the user account. You need to ensure that User1 is a member of the local Administrators group.

Which Group Policy setting should you select? To answer, select the appropriate Group Policy setting in the work area.

select the appropriate Group Policy setting in the work area. A. B. C. D. Answer: Section:

A.

B.

C.

D.

Answer:

Section: (none)

Explanation/Reference:

Explanation: www.certify-me.co.uk 104 Microsoft 70-686 Exam

Explanation:

www.certify-me.co.uk 104 Microsoft 70-686 Exam

Explanation: www.certify-me.co.uk 104 Microsoft 70-686 Exam
untitled Restricted groups allow an administrator to define the following two properties for security- sensitive

untitled

Restricted groups allow an administrator to define the following two properties for security- sensitive (restricted) groups:

Members Member Of The "Members" list defines who should and should not belong to the restricted group. The "Member Of" list specifies which other groups the restricted group should belong to. Using the "Members" Restricted Group Portion of Policy When a Restricted Group policy is enforced, any current member of a restricted group that is not on the "Members" list is removed with the exception of administrator in the Administrators group. Any user on the "Members" list which is not currently a member of the restricted group is added. Using the "Member Of" Restricted Group Portion of Policy Only inclusion is enforced in this portion of a Restricted Group policy. The Restricted Group is not removed from other groups. It makes sure that the restricted group is a member of groups that are listed in the Member Of dialog box.

www.certify-me.co.uk 105 Microsoft 70-686 Exam

http://support.microsoft.com/kb/279301

hints: if user was not added into local restricted group, it will remove from administrator group, even it already was added to administrator group.

untitled QUESTION 10 You are planning a deployment of Windows 7 on multiple client computers.

untitled

QUESTION 10 You are planning a deployment of Windows 7 on multiple client computers.

You need to recommend a Windows 7 deployment solution that meets the following requirements:

- Must support the deployment of WIM or VHD

- Must support deployment by using multicast

What should you include in the recommendations?

A. System Center Configuration Manager 2010

B. Microsoft Deployment Toolkit (MDT)

C. Deployment Image Servicing and Management (DISM)

D. Windows Deployment Services

Answer: D

Section: (none)

Explanation/Reference:

Explanation:

www.certify-me.co.uk 106 Microsoft 70-686 Exam

QUESTION 11 You are planning a Windows 7 deployment infrastructure for a new company.

You have the following requirements:

- Three domains

- 10,000 client computers

- No user interaction

You need to recommend a deployment infrastructure.

What should you recommend?

A. Deploy Microsoft System Center Configuration Manager 2007 R2. Design a zero-touch installation.

B. Deploy Microsoft System Center Virtual Machine Manager. Design a lite-touch installation.

C. Deploy Microsoft System Center Operations Manager 2007 R2. Design a lite-touch installation.

D. Deploy Microsoft Deployment Toolkit (MDT) 2010. Design a zero-touch installation.

Answer: A

Section: (none)

Explanation/Reference:

Explanation:

Hints:

no user interaction = zero touch