Official Microsoft Exam Center – 70-687 Latest Added Dumps Questions are Free Download from Braindump2go Now! 100% Time Saving and 100% Guaranteed Pass!
Exam Code: 70-687
Exam Name: Configuring Windows 8.1
A company has 10 portable client computers that run windows 8.1.
The portable client computers have the network connections described in the following table+
None of the computers can discover other computers or devices, regardless of which connection they use.
You need to configure the connections so that the computers can discover other computers or devices only while connected to the CorpWired or CorpWifi connections.
What should you do on the client computers?
A. For the CorpWired connection, select Yes, turn on sharing and connect to devices.
B. Change the CorpWired connection to public. Turn on network discovery for the Public profile.
For the Hotsport connection, select No, don’t turn on sharing or connect to devices.
C. For the CorpWifi connection, select Yes, turn on sharing and connect to devices.
D. Turn on network discovery for the Private profile
E. Turn on network discovery for the Public profile
By design Public profile as Sharing set to no and Private profile set to Yes
But it Says “None of the computers can discover other computers or devices, regardless of which
connection they use” so you need to review the full config.
You can change it by doing that Firewall Profil (for Windows 7)
A company has 10 client computers that run Windows 8.1.
Employees log on to resources by using multiple accounts.
You need to back up the user name and password for each logon account.
What should you do on each client computer?
A. Back up each user’s Personal Information Exchange PKCS #12 (.pfx) certificate.
B. Use Credential Manager to save the information to a USB flash drive.
C. Use File History to back up the ntuser.dat file.
D. Run the Export-Certificate Windows PowerShell cmdlet.
Credential Manager – Where Windows Stores Passwords & Login Details
What is the Credential Manager?
Credential Manager is the “digital locker” where Windows stores log-in credentials (username, password, etc.) for other computers on your network, servers or Internet locations such as websites.
Windows 8 adds one more type of credentials called Web Credentials. As the name implies, such credentials are used by Internet Explorer to automatically log you into certain websites.
How to Backup and Restore Windows Vault Passwords
One way to use the Credential Manager is to export your Windows credentials to another Windows computer, or to back them up and import them after you reinstall Windows, so that you don’t have to manually type them again.
Backup Your Windows User Names and Passwords
Open the Credential Manager. Under the Windows Vault look for the “Back up vault” link and click on it.
This starts the Stored User Names and Passwords wizard.
You are asked to select where you want to backup the Windows credentials stored on your computer. Click on Browse, select the folder and type the name of the file where the data will be stored. Then, click Next.
This procedure has been tested both on Windows 7 and Windows 8. In Windows 8, there are some minor differences but it all works the same.
You administer Windows 8.1 computers in you company network.
All computers include Windows 8.1 compatible trusted platform modele (TPM).
You configure a computer that will run a credit processing application.
You need to ensure that the computer requires a user to enter a PIN code when starting the computer.
Which policy should you configure? (to answer, select the appropriate policy in the answer area.)
A. Allow Secure Boot for Integrity validation
B. Require Additional authentication at startup
C. Allow enhanced PINs for Startup
D. Configure minimum PIN length for startupalocal
A company has client computers that run Windows 8.1.
You implement an AppLocker file hash rule that allows an application to run.
You then apply a service pack to the application. When users attempt to run the application, the application is blocked by Group Policy.
You need to ensure that the application runs.
What should you do?
A. Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.
B. Set the wired network connection to non-metered.
C. Set the wired network connection to metered.
D. Configure the Automatic Maintenance setting.
A company has an Active Directory Domain Services (AD DS) domain. The corporate environment includes a Windows Software Update Services (WSUS) server.
All client computers run Windows 8.1 and a custom web application. The company has a Microsoft Software Assurance for Volume Licensing agreement.
After deploying Windows Updates to the computers, the web application stops responding.
You establish that a specific optional update installed by Windows Update is causing the problem. In the Windows Update Control Panel item, the option to remove the update is unavailable.
You need to remove the optional update from one client computer.
What should you do?
A. Install and run the Debugging tools for Windows.
B. Clear the SusClientID registry value on the client computer.
C. Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Crash
D. Run the wuauclt /resetauthorization command on the client computer.
E. Restart the computer from a Diagnostic and Repair Toolset (DaRT) boot disk and use the Hotfix
Getting Started with DaRT 8.0
How to Get DaRT 8.0
DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP).
MDOP is part of Microsoft Software Assurance.
Overview of the Tools in DaRT 8.0
From the Diagnostics and Recovery Toolset window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you include when you create the DaRT 8.0 recovery image.
Exploring the DaRT tools
The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting.
Use the Crash Analyzer Wizard to quickly determine the cause of a computer failure by analyzing the memory dump file on the Windows operating system that you are repairing. Crash Analyzer examines the memory dump file for the driver that caused a computer to fail. You can then disable the problem device driver by using the Services and Drivers node in the Computer Management tool.
A client computer that runs Windows 8.1 has two hard disk drives: a system drive and a data drive.
You are preparing to back up the computer prior to installing a developing software product.
You have the following requirements:
– The system disk that is part of the backup must be mountable from within Windows.
– The system disk that is part of the backup must be bootable.
– The backup must be viable to restore in the event of a hard disk failure.
– The backup must contain data from both hard disk drives.
You need to select a backup method. Which method should you use?
A. System repair disk
B. Storage pool
C. System image
D. File History
DISM Image Management Command-Line Options
Deployment Image Servicing and Management (DISM.exe) mounts a Windows image (.wim) file or virtual hard disk (.vhd or .vhdx) for servicing. You can also use the DISM image management command to list the image index numbers, to verify the architecture for the image that you are mounting, append an image, apply an image, capture an image and delete an image.
You administer Windows 8.1 client computers in your company network.
You receive a virtual hard disk (VHD) file that has Windows 8.1 Pro preinstalled, along with several business applications.
You need to configure your client computer to start from either the VHD file or from your current operating system.
Which three actions should you perform? (Each correct answer presents part of the solution.
A. Import the contents of the system store from a file.
B. Export the contents of the system store into a file.
C. Attach the VHD file by using Disk Management.
D. Make the VHD disk bootable.
E. Create a new empty boot configuration data store.
F. Create a new entry in the boot configuration data store.
A company has client computers that run Windows 8.1.
The client computer systems frequently use IPSec tunnels to securely transmit data.
You need to configure the IPSec tunnels to use 256-bit encryption keys.
Which encryption type should you use?
Descriptions of the IPsec Algorithms and Methods
Data encryption algorithms are used to provide confidentiality to the data payload of an IPsec-protected network packet. Encryption algorithms can be very computationally intensive and can significantly impact computer performance. We recommend that you only encrypt network traffic that requires encryption. If you find that encryption impacts performance more than expected, consider using a network adapter that supports IPsec task offload.
DES is a block cipher encryption protocol that uses a 56-bit key and is documented in Federal Information Processing Standards Publication 46-3 (http://go.microsoft.com/fwlink/?linkid=128014). A block cipher is an encryption algorithm that operates on a fixed size block of data. DES encrypts data in 64-bit blocks using a 64- bit key.
The key appears to be a 64-bit key, but one bit in each of the 8 bytes is used for error checking, resulting in 56 bits of usable key.
Triple-DES or 3DES is an encryption protocol that provides stronger encryption than DES.
It is documented in Federal Information Processing Standards Publication 46-3 (http://go.microsoft.com/fwlink/?linkid=128014). 3DES is a block cipher that uses a three- step encryption process that is more secure than DES. A block cipher is an encryption algorithm that operates on a fixed size block of data.
AES-CBC 128, 192, and 256
The AES in Cipher Block Chaining mode (AES-CBC) encryption algorithms are part of the NSA “Suite B” and are documented in RFC 3602
(http://go.microsoft.com/fwlink/?linkid=127990). AES is documented in Federal Information Processing Standards Publication 197 (http://go.microsoft.com/fwlink/?linkid=127986). The AES algorithm is a symmetric block cipher that can encrypt and decrypt information in data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Longer key lengths provide better security at the cost of CPU performance due to the more intensive computational requirements. Cipher block chaining (CBC) is used to hide patterns of identical blocks of data within a packet. An initialization vector (an initial random number) is used as the first random block to encrypt and decrypt a block of data. Different random blocks are used in conjunction with the secret key to encrypt each successive block. This ensures that identical sets of unsecured data (plaintext) result in unique, encrypted data blocks.
AES-GCM 128, 192, and 256
AES-GCM is both an integrity and encryption algorithm and is described in the Integrity algorithms section.
You are configuring a computer that will be used in a kiosk in a public area. You install a new internal hard drive. You need to protect the computer from starting an unauthorized operating
system. What should you do?
A. · Ensure that the computer BIOS supports Unified Extensible Firmware Interface (UEFI) and is enabled.
· Install Windows 8 Pro 64-bit using UEFI and install it on the internal hard drive.
B. · Install Windows 8 Pro 64-bit on the internal hard drive.
· Enable BitLocker on the internal hard disk.
C. · Partition the internal hard drive as MBR disk.
· Install Windows 8 Enterprise 64-bit.
D. · Partition the internal hard drive as GPT disk.
· Install Windows 8 Pro 64-bit.
A desktop computer that runs Windows 8.1 downloads updates but does not install them.
The computer is connected to the corporate network by using a wired network connection.
You need to ensure that the computer automatically installs updates.
What should you do?
A. Set the wired network connection to non-metered.
B. Configure the Automatic Maintenance setting.
C. Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.
D. Set the wired network connection to metered.
Windows depends on execution of inbox and third party maintenance activity for much of its value-add, including Windows Update, and automatic disk defragmentation, as well as antivirus updates and scans.
The goal of Automatic Maintenance is to combine all background maintenance activity in Windows and help third-party developers add their maintenance activity to Windows without negatively impacting performance and energy efficiency. Additionally, Automatic Maintenance enables users as well as enterprises to be in control of maintenance activity scheduling and configuration.
One of the most important maintenance-related improvements in Windows 8 is Automatic Maintenance. This is a new system maintenance service that can be used by Windows components and apps to schedule maintenance activities on the PC in one scheduled window per day.
You administer a group of 10 client computers that run Windows 8.1.
The client computers are members of a local workgroup.
Employees log on to the client computers by using their Microsoft accounts.
The company plans to use Windows BitLocker Drive Encryption.
You need to back up the BitLocker recovery key.
Which two options can you use? (Each correct answer presents a complete solution. Choose two.)
A. Save the recovery key to a file on the BitLocker-encrypted drive.
B. Save the recovery key in the Credential Store.
C. Save the recovery key to SkyDrive.
D. Print the recovery key.
One of the new features in Windows 8.1 for BitLocker is the ability to backup your BitLocker recovery key to a Microsoft account. During the process before encryption begins, a user is prompted for a location to make a backup copy of the recovery key. Save to your Microsoft account has been added along with save to a file and print the recovery key.
You administer Windows 8.1 computers in your company network.
You install a new video driver. The computer will not start properly after restart.
You are able to enter Safe Mode with Command Prompt.
You need to be able to start normally.
You also need to ensure that user data is not lost.
What should you do?
A. Run the rstrui.exe command.
B. Roll back the driver.
C. Turn on File History.
D. Create a restore point.
Creating a restore point will not help you at this moment.
Nor will File History.
You cannot roll back the driver, only disable it from starting – see the Further information section.
Your only hope is using System Restore to restore the system to the state previous to the driver installation. This will also preserve the user data. This has been available since Windows XP. One can only hope it still works in Windows 8…
How to start the System Restore tool by using the safe mode option with the Command prompt in Windows XP
How to start System Restore by using the Command prompt
5. At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
6. Follow the instructions that appear on the screen to restore your computer to a functional state.
After you install a device or update a driver for a device, Windows Vista or Windows 7 may not start
Use the Windows Recovery Environment to repair Windows Vista or Windows 7
3. Use the Command Prompt option in the Windows Recovery Environment to disable the driver that stops the operating system from starting.
You administer Windows 8.1 Pro client computers in your company network.
You need to configure
a backup and recovery solution that meets the following requirements:
– Recovers the system if it doesn’t start.
– Recovers the system if the hard drive fails.
Which two actions should you perform? (Each correct answer presents part of the solution.
A. Turn on File History.
B. Create a storage space.
C. Configure system protection.
D. Create a system repair disk.
E. Create a system image backup.
* In the event that you are unable to start Windows or wish to restore your hard drives to a previous backup you can use the System Image Recovery program from the Windows 7 or Windows 8 Recovery Environment.
* You should create a system repair disk, which can be used to boot your PC and restore it using the system image backup, in the event of a hard drive issue or other hardware failure.
C: System protection is a feature that regularly creates and saves information about your computer’s system files and settings. System protection also saves previous versions of files that you’ve modified. It saves these files in restore points, which are created just before significant system events, such as the installation of a program or device driver. They’re also created automatically once every seven days if no other restore points were created in the previous seven days, but you can create restore points manually at any time.
A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 7.
You plan to upgrade the client computers to Windows 8.1 Pro.
You need to choose the methods that do not require the manual entry of a product key during the upgrade.
Which two methods should you choose? (Each correct answer presents a complete solution. Choose two.)
A. Use the Volume Activation Management Tool.
B. Use the Microsoft Deployment Toolkit.
C. Use the Windows 8 online upgrade tool.
D. Create a catalog (.clg) file by using Windows System Image Manager (SIM).
A: Volume Activation Management Tool (VAMT) 2.0 is a managed MMC plug-in. VAMT uses Windows Management Instrumentation (WMI) to configure managed systems. A convenient command line interface (CLI) allows automated, scheduled VAMT tasks without UI interaction. Using the VAMT console, administrators can perform many activation-related tasks on remote computers:
Manage product keys obtained from the Volume Licensing Service Center (VLSC) or other sources including retail and Microsoft subscription programs such as MSDN, TechNet and partner programs –
– and product activations using those keys.
Activate remote systems using Key Management Service (KMS), Multiple Activation Key (MAK) or retail activation methods.
Perform disconnected proxy activation and reactivation of systems without each system having to connect with Microsoft activation services individually. Assist with license compliance by enabling IT administrators to monitor system license state, including whether systems are licensed and running genuine Windows or Office.
B: Deploy Windows and Office 2010 with Microsoft Deployment Toolkit 2012 Update 1. MDT is the recommended process and toolset for automating desktop and server deployment. MDT provides you with the following benefits:
Unified tools and processes, including a set of guidance, for deploying desktops and servers in a common deployment console.
Reduced deployment time and standardized desktop and server images, along with improved security and ongoing configuration management.
You administer computers in your company network. All computers in the network belong to a single Active Directory Domain Services (AD DS) domain.
The network includes Windows Server 2012 servers located in a perimeter network.
You add a new Windows 8.1 computer to the perimeter network.
You enable only Remote Desktop access to the Windows 8.1 computer from other computers located outside the perimeter network.
You need to use the Windows 8.1 computer to manage the Windows servers in the perimeter network.
What should you do?
A. Add the Windows 8.1 computer as a Trusted Host to the servers.
B. Enable PowerShell Remoting on the Windows 8.1 computer.
C. Add the Windows 8.1 computer as a Trusted Host to computers outside the perimeter network.
D. Install Remote Server Administration Tools for Windows 8.1 (RSAT) on the Windows 8.1 computer.
Remote Server Administration Tools for Windows 8
Remote Server Administration Tools for Windows 8 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2012 from a remote computer that is running Windows 8.
http://searchnetworking.techtarget.com/tip/Perimeter-networks Perimeter networks
A perimeter network is the network closest to a router that is not under your control. Usually a perimeter network is the final step a packet takes traversing one of your networks on its way to the internet; and conversely the first network encountered by incoming traffic from the Internet. Most administrators create perimeter networks in order to place their firewall in between them and the outside world so that they can filter packet traffic. Most perimeter networks are part of the DMZ (Demilitarized Zone) if they exist at all. However, perimeter networks have some additional utilities that you might want to consider when deciding where to place systems and services.
The Enable-PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology.
On Windows Server® 2012, Windows PowerShell remoting is enabled by default. You can use Enable-PSRemoting to enable Windows PowerShell remoting on other supported versions of Windows and to re-enable remoting on Windows Server 2012 if it becomes disabled.
You need to run this command only once on each computer that will receive commands. You do not need to run it on computers that only send commands. Because the configuration activates listeners, it is prudent to run it only where it is needed.
Enable and Use Remote Commands in Windows PowerShell
The Windows PowerShell remoting features are supported by the WS-Management protocol and the Windows Remote Management (WinRM) service that implements WS- Management in Windows.
In many cases, you will be able to work with remote computers in other domains. However, if the remote computer is not in a trusted domain, the remote computer might not be able to authenticate your credentials. To enable authentication, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM.
Want Pass 70-687 Exam At the first try? Come to Braindump2go! Download the Latest Microsoft 70-687 Real Exam Questions and Answers PDF & VCE from Braindump2go,100% Pass Guaranteed Or Full Money Back!