Admin protal
One of your reps left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe?
Instruct the user to enroll the notebook using the Company portal.
To enforce security settings, you decide to manage the notebook by enrolling it with your cloud-based Windows Intune account. However, the user has already taken the notebook home. What should you do?
Admin portal
One of your sales reps left his notebook at a customer's site.
Enroll the devices with Intune service. Create a user account for each user who has a managed mobile device.
Many of the end users in your organization are bringing their own personal mobile devices to work and storing sensitive data on them. To prevent data from being compromised, you create a cloud-based Windows Intune account and configure mobile device secur
1. Sign up for an Intune account. 2. Create Intune user accounts. 3. Define Intune policies. 4. Enroll mobile devices.
You need to deploy a new cloud-based Windows Intune deployment to manage mobile devices in your organization.
Set Intune as your mobile device management authority.
You are setting up a cloud based Intune deployment. You have created accounts for your users, and you have defined the policies you need to manage your organization's mobile devices. You are ready to enroll mobile devices. Which task must you perform befo
EAP
You have been asked to configure remote VPN connections to use smart cards for the authentication process. Which authentication protocol should you use?
SSTP
You need to implement a solution for the Sales reps who complain that they are unable to establish VPN connections with they travel because the hotel or airport firewalls block the necessary VPN ports. Which VPN security protocol can you use to resolve th
IKEev2
You have been put in charge of providing a VPN solution for employees who work remotely. When these employees change locations, they lost their VPN connection, so you want them to automatically reconnect if the VPN connection is lost or disconnected. Whic
Open UDP ports 500 and 4500 and protocol 50 on your home router.
You need to use a VPN connection to access company resources from your home office, so you configure a new VPN connection using IKEv2 security protocol. While at work, you tested the connection, and it was successful. When you test the VPN connection from
Configure the advanced TCP/IP settings of the VPN connection.
You use a VPN connection on your Windows desktop system to access resources on a corporate intranet. In addition to accessing the intranet resources, you need to access the Internet while the VPN connection is active. How can you prevent Internet traffic
DirectAccess
You want to use your Windows notebook to connect to your corporate intranet while you are at home or traveling. Your solution should meet the following requirements. The computer should connect automatically to the intranet without user initiation.
Join the computer to a domain, and ensure the computer is running Windows 7 (Ultimate or Enterprise) or later.
You want to use DirectAccess to connect the computer to your corporate intranet. You will use Group Policy to enforce DirectAccess settings on the client. What should you do to configure the laptop for the DirectAccess connection?
Configure MS-CHAPv2 authentication
You would like to implement DirectAccess on your corporate network. Which of the following is not an infrastructure requirement for using DirectAccess?
Obtain a computer certificate for the laptop.
You want to use DIrectAccess to connect your new laptop to your corporate intranet from home. Your home network is connected to the Internet with a single public IP address and NAT. Firewalls between your network and the intranet allow only HTTP and HTTPS
Add the computer account for each client computer to the DirectAccessGroup security group.
You manage Windows computers connected to the mydomain.com Active Directory domain. You have decided to implement DirectAccess on your network. You run the setup for DirectAccess on the DA1 server with the following configuration settings.
Full enterprise network access (end-to-edge)
You want to use DirectAccess so your laptop computer can access application servers on your corporate intranet. Application servers run Windows Server 2003 and Windows Server 2008. You want to configure a single access method for all servers and clients.
Upgrade application server to Windows Server 2008 R2 and Configure selected server access (modified end-to-edge.)
You have a laptop computer that runs Windows 10. The computer is a member of a domain. You want to use DirectAccess to access application servers on your corporate intranet. Application servers run Windows Server 2003.
BitLocker
You want to protect all of the files on the hard drive of your Windows notebook system to prevent unauthorized access. You want to prevent access to any file on the hard drive, even if the hard drive is moved to another computer. Which feature should you
Implement BitLocker with a TPM.
You have a Windows notebook system that is a member of a domain. You would like to protect the data on your notebook to meet the following requirements: All operation system and user data should be encrypted. All user data should be inaccessible if the ha
Configure BitLocker to require a PIN for startup. Configure BitLocker to use a startup key on a USB drive.
You have a new notebook that you want to install Windows 10 on. You would like to use BitLocker on the notebook to protect the volume used for the operating system and all user data. Your notebook does not have a Trusted Platform Module (TPM) chip. You ne
Create two partitions on the hard disk. Put boot files on the first partition and operation system files and data on the second partition. Enable the TPM.
You are getting ready to install Windows on a new laptop. You would like to configure the laptop to use BitLocker. How can you configure the laptop to start up without requiring a PIN or a USB device?
Move the hard disk from Computer1 to Computer2. Use the recovery key from Computer1 to gain access to the encrypted volume.
You have two Windows systems named Computer1 and Computer2. Both computers are configured with BitLocker. Both computers have a TPM installed. Because of a hardware failure, Computer1 will not boot.
Recovery key
You have previously installed Windows on two new computers and configured both computers with BitLocker. Both computers have a TPM installed. Because of a hardware failure, one of the computers will not boot. You replace the failed hardware, but now BitLo
Implement BitLocker with a TPM. Configure Group Policy to store recovery keys in Active Directory.
You want to use BitLocker on a laptop that belongs to a domain. Your implementation should meet the following requirements: the computer should start automatically without user intervention. To meet security requirements, USB support must be disabled on t
Reformat the hard drive and reinstall Windows.
The hard drive in your Windows notebook has been encrypted using BitLocker. BitLocker uses a TPM with a PIN and a startup key. You have lost the USB device containing the startup key. You also find that you are unable to locate the recovery key. What can
bdehdcfg -target default -size 500
You need to use command line tool to prepare the default drive on a Windows system for use by BitLocker. The new system partition should be 500 MB in size and should not be assigned to a drive letter. Which command should you use?
-lock Prevents access to BitLocker data
-WipeFreeSpace removes unused data fragments from the free space on a drive
-ForceRecovery Enables BitLocker recovery mode
-status Displays BitLocker information for all drives on the computer
-on Encrypts the drive
Manage-bde.exe commands
TPM with PIN and startup key
Which of the following BitLocker modes is the recommended option and provides the highest level of security?
The only option for systems without a TPM chip - Startup key
Provides access to encrypted volumes if there are problems related to BitLocker as the comptuer boots - Recovery key
A user account that can recover encrypted data from BitLocker-protected drive
On computers with TPM chips, BitLocker can be used to encrypt the system partition and protect hard disks that have been moved to a different computer.
Include the BitLockerToGo.exe file on the USB Drive. Format the drive using FAT32.
You want to save some files on a USB thumb drive and protect the drive using BitLocker To Go. You want to be able to read these files on a computer that is running Windows XP Professional. You need to implement a solution with the least amount of effort p
Upgrade the Windows XP computer to Windows 7 Ultimate or Enterprise, or later.
You have configured a USB thumb drive with BitLocker To Go that has been formatted with FAT32. You use a password to protect the drive. You want to be able to read and write files to the drive from a computer that is running Windows XP Professional.
manage-bde-pause
The hard drive in your Windows system has been protected using BitLocker. You need to update the BIOS on the computer. Which command should you enter before doing this?
Configure the local group policy.
How do you configure your Windows system to require BitLocker To Go for write access to removable storage devices?
A smart card and the correct password.
You have been given a USB drive that has been encrypted with BitLocker To Go. Which of the following options to required before you can access the data from this drive on a Windows 10 computer?
You cannot use domain based group policies to enforce security settings on mobile devices.
Your organization is formulating a Bring Your Own Device (BYOD) security policy for mobile devices. Which of the following statements should be considered as your formulate your policy?
Apps will only run on Windows RT if you leave User Account Control enabled. Windows RT will refuse to run apps not digitally signed by Microsoft.
Your organization is formulating a Bring Your Own Device (BYOD) security policy for mobile devices running Windows RT.
Windows RT devices rely on the Trusted Platform Module (TPM) in the system firmware for drive-encryption. To enable device encryption, you must sign in to Windows RT using a Microsoft account.
Your organization is formulating a Bring Your Own Device (BYOD) security policy for mobile devices running Windows RT. You want to ensure that the storage devices in all Windows RT mobile devices are encrypted to prevent them from being removed and read i
Manage BitLocker.
You want to manually back up the key used for drive encryption on your Windows RT tablet. Click the control panel item you would use to do this.
Privacy
Your organization's security policy dictates that apps must be denied access to location information from the Windows Location Platform. Click the category in the Settings app you would use to deny apps permission to use location data.
Sign up for a Windows Intune account to manage the tablets.
Your organization's security policy specifies that any mobile device that connects to your internal network (regardless of ownership) must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from i
Device Health Attestation
The users in your organization bring their own mobile devices to the office and want to be able to access the network with them. You want to protect your network from malware threats that might be on these devices. You want to make sure the devices meet t
At a command prompt, run powercfg /energy
You configure your Windows notebook system to enter sleep mode after 10 minutes of inactivity. However, after 15 minutes with no activity, the computer does not enter sleep mode. How can you identify what is preventing the computer from entering sleep mod
At a command prompt, run powercfg /export and run powercfg /energy.
You configure a power plan that is optimized for your Windows notebook system and set it as the active plan. You need to migrate the settings to other laptops running the same version of Windows. Before you migrate the plan, you need to validate the power
Configure the advanced settings of any power plan.
You need to configure the following power options on your Windows notebook system when running on battery power: Put the computer to sleep after 15 minutes of idle time. Have the wireless adapter enter a strict power saving mode. Shut down the computer if
Power Saver power plan
Which power plan will enable your Windows notebook system to save as much battery power as possible?
Enable hybrid sleep.
You want to be able to stop working on your Windows notebook system, save battery power, and resume work as quickly as possible. You also want to protect yourself from data loss should the battery fail.
Put the notebook into hibernation.
You are on an airplane and are being instructed to turn off your Windows notebook system completely and immediately.
High performance
You keep your Windows laptop plugged in most of the time and would like to use the full CPU power for a video project you are working on. Click the power plan you would use to provide full CPU power.
Battery
You would like your Windows laptop to sleep when the battery level becomes critically low. Click the category you would expand to configure this setting.
Open the Sync center.
You need to manually synchronize the offline files on your Windows system with the versions of the same files stored on a network share. What should you do?
Configure offline files for the folder that contains these files.
You manage Windows notebook systems that are members of a domain. You have ten regional sales people who travel extensively and use these notebooks to access company resources. The users have complained that although they can take copies of important file
on M400, make the Data share available offline and enable encryption of offline files.
You use a Windows notebook system named M400. It is a member of a domain and is located in a branch office. A Windows server named Server1 contains a shared folder named Data. The server is located in the main office. You need to configure M400 to cache t
On Comp1, edit the Local Security Policy. On Comp 1, edit the Offline Files settings in the Sync Center.
You work in a branch office and use a desktop system named Comp1. A Windows server named Srv1 is located in the main office. On Srv1, you share a folder named Data using the default cache settings. You use Offline Files to automatically access files when
On Srv1, edit the Local Security Policy.
You work in a branch office and use a desktop named Comp1. A Windows server named Srv1 is located in the main office. On Srv1, you share a folder named Data using the default caching settings. You use Office Files in the branch office to make the files in
On Srv1, edit the properties for the Data folder.
You work in a branch office and use a desktop named Comp1. A Windows server named Srv1 is located in the main office. Srv1 stores several shared folders that you use, including the Data share. You use Offline Files in the branch office to make the files o
Open the Sync Center in the Control Panel.
You work in a branch office and use a desktop named Comp1. A Windows server named Srv1 is located in the main office. On Srv1, you share a folder named Data using the default caching settings. You use Offline Files in the branch office to make the files i
All files and programs that users open from the shared folder are automatically available offline. And optimize for performance.
You have ten regional sales people who travel extensively and use Windows notebook systems to access a shared folder named Data on Server1, which is located in the main office. You want the files in the Data share to be cached automatically when opened by
Always available offline
You have a Windows laptop that has offline files enabled. You regularly access a file in a share called Data on the company server where manual caching is configured. Click the menu option you would use to make a cached version of the Info.txt file availa
In the Windows Mobility Center, enable the Presentation Settings option.
You are about to give a presentation and have connected your laptop to a multimedia projector. You are concerned about interruptions to your presentation such as notification balloons and screen turning black. What should you do?
Turn on presentation settings.
You have a laptop running Windows. You are about to give a presentation and would like to minimize interruptions to your presentation. Click the option you would use to do this.
Open Settings and click Network & Internet. Use the Airplane Mode switch at the top of the Networks panel to turn wireless communications off.
You are using your Windows 10 notebook system as you travel to client sites. You about to board an airplane and decide to switch your notebook to Airplane Mode prior to boarding. What should you do?
Storage provided by Microsoft's Internet cloud storage service. Sharing of synced files or folders between users.
Which of the following are not features of the Work Folders?
Obtain a copy of the SSL certificate that the Work Folders is using. Import the SSL certificate on the Windows tablet.
You have set up Work Folders on your desktop computer at work. You are planing to travel to make a proposal to a potential client, so you saved the presentation files in your Work Folders folder. You need to be able to access these files from your Windows
Miracast and Wi-Fi Direct.
You need to implement a wireless solution to allow Windows notebook systems to send audio and video streams to projectors so employees can give presentations. Which mobile wireless technologies can you use to do this?
Install a 4G data modem. Let Windows retrieve and install the appropriate app from the Windows Store.
You need to connect a Windows tablet device to a mobile broadband 4G network. You've signed up for service with a provider. What should you do next?
Wi-Fi Direct
You need to implement a wireless solution to connect Windows notebook systems with mobile devices such as tablets and phones. You need to do this without investing in additional technology. Which mobile wireless technology can leverage the existing 802.11
It uses WPA2 security. It uses the 802.11n wireless standard.
You are evaluating Wi-Fi Direct for establishing wireless connections between Windows notebooks and mobile devices such as phones and tablets. Which of the following statements are true regarding Wi-Fi Direct?
Update the wireless network adapter driver on the desktop system to one that is compatible with Wi-Fi Direct.
You're trying to establish a Wi-Fi Direct connection between a Windows desktop system and a Windows tablet device. You've installed an 802.11n wireless adapter in the desktop system, but are unable to see the tablet device. Which action must you take to s
NFC and Tap and Do.
You have a new set of wireless headphones that you need to set up for use with your Windows tablet device. To set up the wireless headphones, all you have to do is place them near the tablet so the tablet can communicate with them.
Required install
You are publishing an app in Microsoft Intune that you wish to be automatically deployed on managed devices using the Intune agent. Which type of deployment action should you configure using Intune policies?
Available install
You are publishing an app in Microsoft Intune that you want deployed to the Intune Company Portal, allowing users to decide whether they want to install it on their managed devices or not. Which type of deployment action should you configure using Intune
Software installer
You are publishing a standard desktop app in Microsoft Intune that you want deployed to the Intune Company Portal, allowing users to install it if they need it. The app is intended to be installed on Windows 10 desktop and notebook managed devices. How sh
Managed iOS App from the App Store
Many of your users have iPhones and iPads that they use to complete their day-to-day tasks. You have enrolled these devices with Microsoft Intune. You need to publish an app from the Apple App Store to these devices. How should the software be made availa
Available install. External link.
There is an app available in the Windows store that users need to complete their day-to-day tasks. You want to deep-link this app in Microsoft Intune to make it available on your Company Portal. How should you configure the software to be made available t
External link. Required install.
There is an app available in the Windows store that users need to complete their day-to-day tasks. You want to deep-link this app in Microsoft Intune to automatically install it on managed devices using the Intune agent.
Settings Storage Location
Which User Experience Virtualization (UE-V) component is a shared folder on a server where the UE-V Agent stores users' profile and application settings?
Settings package
Which User Experience Virtualization (UE-V) component contains a user's captured settings?
UE-V Generator
Which User Experience Virtualization (UE-V) component is an optional component that can be used to create customized settings location templates?
Folder redirection
Which User Experience Virtualization (UE-V) component relocates a user's profile data from the local storage device to a network share?
Settings Location Template
Which User Experience Virtualization (UE-V) component is an XML file that defines the settings that the UE-V Agent will monitor on a user's workstation?
Changes to monitored application settings are captured when the end user closes an application. Changes to monitored Windows settings are captured when the user logs off the application.
You have implemented UE-V in your Windows domain. A settings storage location has been defined on a Windows server to store users' settings packages. The UE-V agent has been install on all Windows workstations.