Testi + Case Study ‘This is a case study. Case studies are not timed seperately. You can use as much exam times a3 you ‘would like to complete each case. However, there may be additonal studies and sections on this exam. You ‘must manage your time lo ensure that you are able i complete all questions included on thes exam in the time, provided. ‘To answer ne questions included in a case study, you wl need 10 reference information thats provided in he ‘case study. Case studies might contain exhibts and other resources that provide more information about the ‘Scanano that described in the case stidy Each question is independent of tha Other questions in this case study. ‘Atte end ofthis case study, a review screen wil appear. This screen allows you to review your answers and to ‘make changes before you move to the nex! section ofthe exam. After you begin & new secton, you cannot totum tots section. To start the case study To display he fist question in this case study, click the Next button. Use the butions in the lft pane to explore the content of te case study before you answer the questions. Clicking these buttons ctsplays information such ‘a3 business requirements, existing envionment. and problem statements, When you ere ready fo answer ‘question, cick the Question bution fo return to the question. Overview Existing Environment Fabrkam, Inc. is a distibuton company that has 500 employees and 100 contractors. ‘Active Directory “The network contains an Active Directory forest named fabrikamn com. The forest is synced to Microsoft Azure ‘ative Deectory (Azure AD), All the employees are assigned Microsoft 365 E3 licenses, ‘The domain contains a user account for an employee named Usert0. Client Computers Al the employees have computers that run Windows 10 Enterprise. Allthe computers are instatled without ‘Volume License Keys. Windows 10 icense keys are never issued. ‘Allthe employees register their computer to Azure AD when they first receive the computer. Usert0 has a computer named Computert0. ‘Al contractors have ther own computer tat une Windows 10, None othe compen ae jned Ane Operations! Procedures Fabrkam has the following operational procedures: + Updates are deployed by using Windows Update for Business. *+ When new contractors are hired, administrators must help the contactors configure the following settings on their computer - Veet caricane = Browser securty and proxySecurity policies The folowing security palicies are enforced on al the clent computers in the domain: + Ailthe computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery Information is stored in Active Directory and Azure AD. + The local Administrators group on each computer contains an enabled account named LocalAdmin. + The LocalAdmin account is managed by using Local Administrator Password Soluton (LAPS). Problem Statements Fabekam donthos the following 1su0s. + Employees inthe finance department use an application named Application. Appicatont frequently crashes due to @ memory error. When Applicaton? crashes, an event is wnitien to te application log and an ‘administrator runs @ sort o delete the temporary fles and restart fre application. + When employees attempt to connect to the network from thew home computer, they often cannot establish a VPN connection because of misconfigured VPN settings. + An employee has a computer named Computer. Computer! 1 has a hardware failure that prevents the ‘cemeuter from 1p the network. + Usert0 reports tht Computert0 is not activated. Technical requirements, Fabrikam identfies the folowing technical requirements for managing the client computers: Provide employees with a configuration file to configure their VPN connection. Use the minimum amount of admastranve efter to implement the techrwcal requirements. dent which employees’ computers are noncompliant with the Windows Update baseline of the company Ensure that the service desk uses Quick Assist to take remote control of an employee's desktop during ‘support cals. * Automate the contiguratton of the contractors" computers. The soluton must provide @ configuration fie tat ‘the contractors con open from a Microsoft SharePoint sie to apply the required configurations. QUESTION 1 HOTSPOT ‘You need to implement a sokuton to configure the contractors’ computers. ‘What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worh one point. Hot Arwa:Tool to use: ¥ ‘Microsoft Deployment Toolkit (MDT) Windows AutoPilot ‘Section: {none} Explanation Explanation/Reterence: QUESTION 2 ‘You need to ensure that User10 can activate Computer 10. ‘What shoud you do? ‘A. Request that a Windows 10 Enterprise conse be assigned to User10, and then activate Computeri0. 8. From the Microsoft Deployment Toolkt (MDT), add a Volume License Keyto a task sequence, and then ‘edaploy Computer10. C. From System Properties on Computer10, enter a Volume License Key, and then actvate Computert0. D_ Request that User10 perform a local AutoPilot Reset on Computer'0, and then activate Computert0. Answer: O Sapo ExplanationTostlet 2 Case Study ‘This is a case study. Case studies are not timed separately, You can use as much exam times as you ‘would like to complete each case. “However, theco may be additonal studies and sectons on this exam You ‘must manage your time io ensure that you are able fo complete all questions included on this exam in the time provided. ‘To answer the questions included in a case study, you wil need 1D reference Information at's provided in the case study. Case studies might contain exhibits and other resources that provide more information about the ‘scenario that's deserved in the case study. Each question is independent of the other questions inthis case study. ‘At the end of this case study, a review screen wal appear. This screen allows you to review your answers and to make changes belore you move foe next vecton of te exam. Afar you bap a new secon, yu cannot ‘retun to this section. Tostart the case study ‘To display the frst question in this case study, cick the Next button. Use the butions in the lft pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such {85 business requirements, existing environment. and problem statements. When you are ready 10 answer & ‘question, cick the Question bution to retum to the question. Overview Cototo, Li. ea corauting company et hes a main oes in Monreal and wo branch ofices in Seale CContoso has IT, human resources (HR), and finance departments. ‘Contoso recenty opened a new branch office in San Diego. Al the users in the San Diego office work from Existing environment Contoso uses Microsoft 365. ‘The on-premises network contains an Active Directory domain named contoso.com, The domain is synced 12 ‘Microsoft Azure Active Directory (Azure AD). ‘All computers run Windows 10 Enterprise. ‘You have four computers named Computer’, Computer2, Computers, and ComputerA. ComputerA is in workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. Computer connects to 3 manufacturing system and is business ertical All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10. Inthe domain, you create four groups named Group!, Group2, Groups, and Groups. ‘Computer? has the local Group Policy setings shown in the fllowing table. _Security Setting. | Growp! : es ‘Groups ‘Deny log on through Remote Desktop Serviees ‘Groups‘The computers are updated by using Windows Update for Business. ‘The domain has the users shown in the folowing table. Name Member of User! Domain Admins, Domain Users User2 Administrators, Domain Users User3 Account Operators, Domain Users User4 Domain Users User5S Domain Users, Guests User6 Group2, Group3, Domain Users ‘Computert has the local users shown in the following table. Planned Changes Contoso plans to purchase computers preinstalled with Windows 10 Pro forall the San Diego office users. ‘Technical requirements Contoso identiies the following technical requirements: + The computers in the San Diego offce must be ungraded aulomaticaly to Windows 10 Enterpisa and must ‘be joined to Azure AD the frsl ine a user stats each new computer. End users must not be required to ‘accept he End User License Agreement * Helpdesk users must be atte 0 Foutdeshoot Group Puy fet (GPO) procesing on tw Widows 10 j | i i i Hi Hi i ti : : ut in I ie QUESTION 1 ‘You need to meet the technical requirements for the San Diego office computers. ‘Which Windows 10 depioyment method should you use?‘A. wie and load refresh B. inplace upgrade C. provisioning packages D. Windows Auton Correct Answer: D QUESTION 2 HOTSPOT ‘You need to meet the technical requirement for Computert What should you 407 To answer, select the appropriate options inthe answer area. NOTE: Each correct selection is wort one point. Hot Area: Answer Area User who should corfiqure assigned access: Configure assigned access for. \Usert2 lUsert3Answer Area User who should confiqure assigned access | vQuestion Set 3 Seana mee greene et 2 rg ew Wrst ‘You discover that none of the computers are activated. carte a ge Scapa gaan oT ‘A. Volume Activation Management Tool (VAMT) B. Key Management Service (KMS) C. Active Directory.based activation D. the Get.WindowsDeveloperticense cmdiot Correct Answer: 8 Section: {none} Explanation bites. idocs.microsof com/en-us/windows/daployment/voh.zne-activaticn/activate-sting-key-managnment- service-vamt QUESTION 2 You plan to deploy Windows 10 to 100 secure computers. ‘You need to select a version of Windows 10 that meets the folowing requremerts: Uses Microsoft Edge as the default browser Minimizes the attack surface on the computor ‘Supports joining Microsoft Azure Active Directory (Azure AD) (On allows the installation of applications trom the Microsoft Store What isthe best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer A. Windows 10 Pro in S mode B. Windows 10 Home in S mode ©. Windows 10 Pro D. Windows 10 Enterprise Correct Answer: Section: [none] Explanation Explanation Reference: References: bites hme microsoft com'en-za/windows/compare QUESTION 3 DRAG DROP You have 8 computer named Computer! that runs Windows 7. Computer1 has a local user named User! who has @ customized profile.‘On Computer , you perform a clean installation of Windows 10 without formatting the drives. ‘You need to migrate the settings of Usert from Windows7 to Windows 10. ‘Which two actions should you perform? To answer. drag the appropriate actions to the correct targots. Each ‘sco may be used once, more then once, or not at al. You may need ora te pl bar between pene cr NOTE: Each correct selection Is wort one point ‘Select and Place: Actions Ammer Anes Ti veartabe veal weed theses] ist acion: al wile, a Rin awake adel lec) “Windows ald vabéoizer ‘an tocctate one and geste) Winders 0:5 abtolscr ‘Rom certs exe ml epecly de @ Veer | ‘setfolter ‘Windows ol sebfe'ser Correct Answer: Actions Amowes Ares Tin vacate read weciieCDen) — Tietacion: [Rex wana md pel Ge Care sith waiter ‘Kas fatal exe a ypily Ue Cece Ram lene ce md aeclth a OI wenteer peccad assem abfolde. Ra memcinew alge lee | “Wiedowy ald whfo4er QUESTION 4 Note: This question Is part of a series of questions that present the same scenario. Each question inthe series contains a unique solution that might meet the stated goals. Some question sets might have ‘more than one correct solution, while others might not have a correct solution. ‘After you answer @ question in this section, you will NOT be able 10 return to R. As 8 result, these questions will not appear in the review screen. ‘You have a computer named Computer! that runs Windows 10. ‘Aservice named Application’ Is configured as shown in the exnibit, © bec Syme court Nog eracets etaract win sakace @Derconre Service! ‘You discover that a user used the Service’ account to sign into Computer! and deleted some fies. ‘You need to ensure thatthe identty used by Application! cannot be used by @ user to signin to sign into the ‘desktop on Computer. The soksion must use the principle of least priviege. ‘Sclution: On Computer’, you configure Application! to sign in as the LocalSystem account and select the Allow ‘service to interact wih desktop check box. You delete the Service! account. ‘Does this meet the goat? A Yes 8. No Correct Answer: B ‘Section: [none] ExplanationExplanation/Roference: QUESTION 5 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sats might have ‘more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen, ‘You have a computer named Computer! that runs Windows 10. ‘Aservice named Application? is configured as shown in the exhibit. ‘You discover that a user used the Service? account to sign in to Computer! and deleted some fies. ‘You need to ensure thatthe kent wsed by Applicaton’ cannot be used by a user to sign into signin tothe desktop on Computer. The sohuton must uae the principe offeast prope. ‘Solution: On Computer, you assign Servicet the deny log on locally user right. ‘000s this meet the goa? A YesQUESTION 6 \Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have _more than one correct solution, while others might not have a correct solution. ‘After you answer a question in this section, you will NOT be able to return to it. As a result, these ‘questions will not appear in the review screen. ‘You have @ computer named Computer! that runs Windows 10. ‘A service named Application! is configured as shown in the exhibit. Now eevee s tert wth descr | @Dercart Senet (ee) Bremer seeeeeee (Corea) ‘You discover that a user used the Service? account to sign into Computer! and deleted some fies. ‘You need to ensure that the kdentty used by Application! cannot be used by 8 user to signin to sign in to the desktop on Computer’. The soluton must use the principle of least privilege.You have a Microsoft Azure Active Drectory (Azure AD) tenant. ‘Some users signin to their computer by using Windows Hello for Business. ‘A.user named Usert purchases a new computer and joins the computer to Azure AD. Usert attempts to configure the signin options and receives the error message shown in the exhibit Sign-in options “Some setings are hidgen or managed by your ergenization YY ‘Sign into Wedows, apps and services by teaching Wdows to recognize you. Wrdows Hetp nt avaliable on tha dove ‘Som ho works and fed Comrie a You open Device Manager and confirm that all the hardware works correctly You need to ensure that User can use Windows Hello for Business facial recognition to sign into the ‘computer What should you do frst? ‘A. Purchase an infrared (IR) camera. 8. Uporade the computer to Windows 10 Enterprise. C. Enable UEF! Secure Boot. D. Install a virtual TPM river. Correct Answer: 8 Section: [none] ExplanationExplanation/Reference: References: ‘ntips//docs microsol. comion ss wincows!secunty/sentty-protectiorvheto-or-bysinessheto-planning quite QUESTION s ‘Your company uses Microsoft Deployment Toolit (MOT) to deploy Windows 10 to new computers. ‘The company purchases 1,000 new computers. ‘You need to ensure that the Hyper-V feature 's enabled on the computers during the deployment, ‘What are two possible ways to achieve the goal? Each correct answer presents part of the soliton. NOTE: Each correct selection is worth one point A. Add a task sequence stop that adds a provisioning package. B. Ina Group Policy object (GPO), from Computer Configuration, configure Application Control Policies. C. Add a custom command to the Unatiend.xmi fie. 1D. Add a configuration sting to Windows Deployment Services (WDS). E. Add a task sequence stop that runs dism.exe. QUESTIONS ae er concre on Ace Decay omen at i pec wo 0 Miron ae Are Dwyer ‘Your company purchases a Microsoft 365 subscription. ‘You need to migrate ine Documents folder of users to Microsoft OneOrive for Business. ‘What shoud you configure? ‘A. One Drive Group Policy stings 8. roaming user profes C. Enterprise State Roaming D. Folder Redirection Group Polcy setings. QUESTION 10 ‘Your network contains an Active Directory domain. The domain contains a user named User’.Usert creates a Microscft account. User needs to sign into cloud resources by using the Microsoft account without being prompted for ‘credentials. Which settings should Usert configure? ‘A. User Accounts in Control Panel 88. Emal & app accounts in the Settings aco CC. Users in Computer Management . Users in Active Drectory Users and Computers Correct Answer: B ‘Section: [none] Explanation Exptanation/Reterence: References hitosu/suoport microsoft com/en-zafheln/402819Simerost-account-how-to-sian-n QUESTION 11 HOTSPOT ‘Your network contains an Active Directory domain named adatur.com that uses Key Management Service (KMS) for activation. ‘You deploy a computer that runs Windows 1010 ihe domain. ‘The computer falls to activate. ‘You suspect that the activation server has an issue. ‘You need to idently which server hosts KMS. How should you comolete the command? To answer, select the aperogriale cotions inthe answer area. NOTE: Each correct selection is wort one point. Hot Area: Answer Area Vv -lype VY _vimes _tep Adatum com Get-Host p nslookup. 6x8 ae twAnswer Area You deploy Windows 10 to @ new computer named Computer’, You sign in to Computert and create a user named Usert. defaultLayout: TaskbarLayout> taskbar: TaskbarPinList> ‘Whats the effect of the configuration? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is wort one point. Hot Aros: “Answer Area ‘Winn you sage in io Compete, te taskbar wt corer ‘Yimen User! sages into Comte, tn tashbna w corcutr, Correct Answer: Answer Area ‘When you sign ino Computert, tataskbar valicortan = | 7 Deesut anos and Wicrosot Pat [Nicrosot Part oniy ‘When User! signs into Computer, the tashbar wel cortuin Section: (none) Explanation Explanation/Reference:Tostt + Case Study ‘This is a case study. Case studies are not timed separately. You can use as much exam times as you ‘would like to complete each case. However, there may be additonal studies and sections on this exam. You ‘must manage you time to ensure that you are able fo complete all questions included on this exam in the time provided. ‘To answer the questions included in a case study, you wil need 10 reference information thats provided in he ‘case stuty. Case studies might contain exhibits and other resources that provide more information about the ‘scanano that described in the case study Each question is independent ofthe Other questions in ths case study. ‘Atte end ofthis case study, a review screen wil appear. This screen allows you to review your answers and 10 ‘make changes before you move to the nex! section of the exam. After you begin @ new section, you cannot totum totus section. To start the case study To display the fist question in this case study, click the Next button. Use the butions in the lft pane to explore the content of tie case study before you answer ihe questions. Clicking these buttons displays information such ‘83 business requirements, existing envionment. and problem statements, When you are ready to answer & ‘question, cick the Question bution to retum to the question. Overview Existing Environment Fabrkam, Ic. is a distrbuton company that has 500 employees and 100 contractors. ‘Active Directory “The network contains an Active Directory forest named fabrikamn com. The forest is synced to Microsoft Azure ‘ative Diectory (Azure AD), All the employees are assigned Microsoft 366 E3 licenses, ‘The domain contains a user account for an employee named Usert0. Client Computers All the employees have computers that run Windows 10 Enterprise. Allthe computers are insted without ‘Volume License Keys. Windows 10 icense keys are never issued. ‘Ailthe employees register their computer to Azure AD when they first receive the computer. Usert0 has a computer named Computort0. ‘Alt corrects have ther own computer tat une Windows 10. None othe comers ae jad o Aze Operational Procedures Fabrikam has the following operational procedures: + Updates are deployed by using Windows Update for Business. + When new contractors are hired, administrators must help the contactors configure the folowing settings on their computer: - User certificates + Browser securty and proxy settings: Wireless network connection settings.‘Security policies ‘The folowing security policies are enforced on al the cent computers inthe domain: + Allthe computers are encrypted by using BitLocker Drive Encryption (BitLocker). BiLocker recovery lnformaton is stored in Active Directory and Azure AD. + The focal Administrators group on each computer contains an enabled account named LocalAdmin. *+ The LocalAdmin account is managed by using Local Administrator Password Soluton (LAPS). Problem Statements Fabrkam kdentties the folowing issues: *+ Employees in the finance department use an apgiication named Applicaton’. Applicaton! trequanity ‘crashes due to a memory error. When Appication? crashes, on events writen to fhe application lg and an _acmministator runs a serpt to delete he temporary fles and restart te apptcation. + When employees attempt to connect to the network from few home computer. they often cannot establish .2.VPN connection because of misconfigured VPN settings. + Rrempoyes hea compat names Compusert. Computer! has a harwere faire tht preverts he ‘computer from connecting 10 the network. + Usert0 reports that Computer is nok activated. Technical requirements FFabrkam Kdenthes the folowing technical requrements for managing the chent computers: + Provide employees with a configuration fle to configure thelr VPN connection. * Use the minimum arsount of administrative effort to implement the tachnical requirements. + Identify which employees’ computers are noncompliant withthe Windows Update baseline of the company. + Ensure tale serve desk uses Quick Assit take remoe contel of an employee's ceston ng + Automate the configuration of the contractors’ computers. The solution must provide a configuration fle thot the contractors can open from a Microsoft SharePont ste to apply the required configurabons. ‘A. From the LAPS Ul tool, view the administrator account password forthe computer object of Computer! 1. 1B. From Windows Configuration Designer. create a configuration package that sets the password of the [LocalAdmin account on Computer, C. Use a Group Policy object (GPO) to set the local administrator password. ©. From Microsott Intune, sat the password of the LocalAdmin account on Computer Correct Answer: A ‘Section: [none] i 2 An employee reports that she must perform a BitLocker recovery on her laptop. The employee dows not have, ‘her BitLocker recovery key but does have & Windows 10 desktop computer. "What should you instruct the employee to do trom the destton computer?‘A. Run ithe manage-bde.exe ~status command [BL From BitLocker Recovery Password Viewer. view the computor abject ofthe laptop C. Gotohtips:taccount actvedirectory windowsazure.com and view the user account profile D. Run the Enuble-BitLeckerkutouniock emdet Correct Answer: C ‘Section: (none) Explanation Explanation/Reference: Reterences: ‘toa Jionledonsartners,com/bloa/stofing-recovering-billocker-keya-azure-active-directory‘Tostlot 2 Case Study ‘This is a case study. Case studies are not timed separately. You can use as much exam times as you ‘would like to complete each case. However, there may be addlional studies and sections on this exam. You ‘must manage you time to ensure that you are ate io complete al questions included on that exam inthe ime provided. ‘To answer the questions inchuded in a case study, you will need to reference information that is provided in the ‘case study. Case studies might contain exhibits and other resources that provide more information about the ‘scenano that 1s described in the case stidy Each question 1 independent of the other questons in ths case study, ‘Atthe end ofthis case study, @ review screen wal appear. This screen allows you to review your answers and to ‘make changes before you move 1 the next section of the exam. After you begin @ new secon, you cannot retum to this section. To start the case study ‘To display the first question in this case study, cick the Next button. Use the buttons inthe left pane to explore the content of the case study before you answer the questions. Ciiching these buttons displays information such _as business requirements, existing envrorment. and problem statements. When you are ready to answer 8 ‘question, cick the Question button to return to the question. Overview (Gztowo, Lid a conauteg company Bates a main ofice Montes and wo branch ofices in Seat and Contoso has IT, human resources (HR), and france departments. Contoso recenty opened a new branch offce in San Diego. All the users in the San Diego office work from Existing environment Conteso uses Microsoft 365. ‘The on-premises network contains an Active Directory domain named contoso.com. The domain is synced 12 ‘Microsoft Azure Active Directory (Azure AD). ‘Ailcomputers run Windows 10 Enterprise. Jn the domain, you create four groups named Group! Group2, Group, and Groups. Computer? has the local Group Policy satings shown inthe following table, ‘Allow log on through Remote Desktop Services ‘Groups Deny log on through Remote Desktop Services Groups‘The computers are updated by using Windows Update for Business. ‘The domain has the users shown in the folowing table. Name Member of User! Domain Admins, Domain Users User2 Administrators, Domain Users User3 Account Operators, Domain Users User4 Domain Users Users Domain Users, Guests User6 Group2, Group3, Domain Users ‘Computert has the local users shown in the following table. Requirements Planned Changes Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users. ‘Technical requirements ‘Contoso identsies the folowing technical requrements: + The computers in the San Diego office must be upgraded aulomaticaly to Windows 10 Enterprise and mast bbe joined to Azure AD the first ime a user starts each new computer. End users must not be required to scoop he End User License Agwoment (EULA). . users must be ate io robleshoot Group Policy otject (GPO) processing onthe Windows 10 ‘computers. The helpdesk users must be able to Kantiy which : SEER ik parameter Bo etna aw mane apron : Gand mnie coir on Grargtng Fue tam (FS) rear Som + Giaky peat natatrs moat be dlrs song os ‘on Computer, > Ges ln tue capmronont ent ne ops: eat to Sas prery + User$ must be able to connect to by Desktop. + The principle of least prvlege must be used whenever + Adminisiratve effort must be minmized whenever + Assigned access must be coniigured on Computer. QUESTION 1 HOTSPOT ‘You need to meet the technical requirements for the helpdesk users, ‘What should you 0? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Hot Area: Answer Area ‘Adi the Reip desk wsers 10:QUESTION 3 ‘You need to meet the technical requirements for EFS on ComputorA. ‘What should you 0? A. Run cortutil.exe, and then add a certificate to the local computer certificate store. B. Run cipher.exe, and then add a cariicate to the local computer certificate store. CC. Run cipher.exe. and then add a certificate to the local Group Policy. . Run cortutiLexe, and then add a cortificate tothe local Group Policy.‘Question Sot 3 QUESTION 1 Note: This question is part of a series of questions that present the same scenario, Each question in ‘the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. ‘Attar you answer a question in this section, you will NOT be able to return to it. As a result, these {questions will not appear in the review scrven. ‘You have @ computer named Computer! that runs Windows 10. The computer contains a fokder. The folder “contains sensitve data ‘You need to log which user reads the contents ofthe folder and modifies and delates thes in the folder. ‘Solution: From the properties of te folder, you configure the Auditing settings and from Aud Potcy in the local Group Policy, you configure Audit object access. ‘Does this meet the goal?‘hitosuteww neterix.comMhow to detect who changed fle or folder owner him! QUESTION 3 HOTSPOT ‘You have a computer named Computer 1 that runs Windows 10. ‘You turn on System Protection and create a restore point named Point. ‘You perform the following changes: + Add four files named Fae. nt, Fed, Fie. sys, and Flot axe to the desktop. “ype ote Counc ‘You restore Point’. Which fies and regisiry keys are removed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is wort one point. Hot Area: Answer Ares Removed files ¥ File2 dil only File2 dll and File3 sys only File2 dll, File3 sys, and Filed exe 1 tet, File? dil, File3 svs, and Filed eve)ee ‘dil only and File3 sys o File2 « File2 dil, File! txt, File2.dil, inestoca Govp Pee Eater Ble action View Help: ++ 2miaiGalr [i Turn off auto-restart notfications for update istallatons al capers ss reer veped bolicecn for pis Acs ven orn ea teQUESTION 5 “Your network contains an Active Directory domain. The doman contains 1,000 computers that run Windows, 10, ‘You discover that when users are on thei lock screen, they see a citferent background image every day, along wit tps for using different features in Windows 10. ‘You reed to disable the bos and the dally background image for all he Windows 10 computers. 1D. Tum off all Windows spotight features ‘Correct Answer: Section: [none]‘Fer addtional intormation, deuble-chck a permission enty. To mody » permassion entry, select the erry and cick Ect (if avndabie). Permasion entries: Type Piindpal hecess Inberted ho ‘Apples to $B Alon Adminicnatrs (COMPUTER! Full contol None The flder subtler and thes Mf stow syst Fut conte Neos Thi fede cubes and et ME stow Ure (CONPUTER: rer) Rand Annet None ‘Theta ude anc et | a aT | Disable hertance: CoPepace al cha yee pemasuen ere wth nbertable pemaiion etnies Hem th eect Ca) [ove] ‘You share C:\Data as shown inthe folowing table.Usert is a member of the Users group. _Aaministrators are assigned Full control NTFS permissions to C:\Data. For each of the folowing statements, select Yes the statement is tue. Onverwise, select No. NOTE: Each correct selection is wort one point. Hot Area: Answer Area Statements Yes No User] can read and write files when connected to () oe \\Compater Data. User] can read and write files in C:\Data locally. C) Oo Administrators can change the NTFS permissions (_) (®; of files and folders when connected to \\Compater!\Data. Correct Answer: Ansiver Area Statements Yes No ‘Userl can read and write files when comectedto = (-) \\Computer1\Data. Userl can read and write files in C:\Data locally. () [S] Administrators can change the NTFS permissions) ) of files and folders \\Computer! Data. Section: none] Soplenaon Explanation/Reterence: Exptanaton ‘0 \Compster\Oat becouna Uners rou cry hes Rad & Shecule NTFS pericion ote C\Dala Yer wd ere ar no enghea NTFS permanione fr eat ceneot wet te neat because te User group ony has Reed & Execute NTFS pemieion oC: \Data folter and there are no explicit NTFS permissions for ‘Administrators cannot chenge the NTFS permissions of fies and fokders when connected to WComputerf\Data because they only have Change shave permission The would need Full Control ahare permission. They could ‘doit locally because they have Full Control NTFS permission.‘QUESTION? ‘You have a fhe named Reg! req that contains the folowing content. Windows Registry Editor Version 5.00 [WKEY_CLASSES_ROOT\Directory\Sackground\ shel 1\Notepad) [WxEy_cLass£s_Root\ Directory\Sackground\ shel 1\sotepad\ command) @="notepad. exe” ‘What isthe effect of importing the fie? ‘A. Akey named command wil be renamed as notepad.exe. 8B. Ina key named Notepad, the command value wil be set to @s"notepad.exe”. C. Ina key named command, the default valve willbe set io notepad.exe. Correct Answer: 8 Section: [none] Explanation Explanation/Roference: QUESTIONS ‘You have @ computer named Computer! that runs Windows 10, On Computert, you create the local users shown in the following table. Name Member of User! Users User2 Users, Guests User3 Power Users, Guest User4 Guests, Users, Administrators UserS Users, Distributed COM Users ‘Which three user profiles wil persist after each user signs out? Each correct answer presents part of the NOTE: Each correct selection is wort one pont.QUESTIONS HOTSPOT ‘You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide “visions with accoss tothe Intemet ‘You need to configure the computer io meet the following requirements: ‘+ Aways sign in automatically as Usert. + ‘Start an application named App .exe at sign-in. ‘What should you use to meet each requirement? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is wort one point. Hot Ares: Amswer Area Always sign in automatically as User! (Group Policy prefereaces BCDEdit Registry Editor MSConfis Start an application named App .exe at sign-in: icy preferences Group Policy pret Resistry Editor [MSConfiC. Create a Group Policy cbject (GPO) that contains the Local User Group Policy preference. D. Create a script that runs the New-MsolUser cmalot and the Adé-ADComputerServiceAccount cmdet. Correct Answer: C Section: {none} Explanation Explanation/Reterence: References ‘htiosfplogs techret microsoft convaskteplal’2017/1 1/06iuse-aroup-pokicy-creferences-to-manage-the-focal- ‘acministator-croun! QUESTION 11 ‘You have several computers that run Windows 10. The computers are in a workgroup and have BkLocker Deve Encryption (BitLocker) enabled. ‘You join the computers to Microsoft Azure Active Directory (Azure AD). ‘You need to ensure that you can recover the BALocker recovery key for the computers from Azure AD. ‘What should you do frst?All the local users on Computer! have Read access to\\Compater!\Sharet All the users in the corp.contoso.com domain have Read access to \\Computer! 'Share1. All the users in the contoso.com domain have Read access to \Computer!'Sharet Correct Answer: OO No oOAnswer Area Statements Al the local users on Computer! have Read access to \\Computer! Share ‘All the users in the corp.contoso.com domain hive Read access to \\Computer!'Sharel. ©O 8 GO: Boos All the users in the contoso.com domain have Read. ‘access to \\Computerl Share ‘Section: {none} Explanation Explanation/Roference. References: QUESTION 13 HOTSPOT ‘You have a computer named Computer! that runs Windows 10. Computert is in a workgroup. ‘Computer’ contains te folders shown in the folowing table. Usert encrypts a fle named Fie! txt that isin a folder named C:Foldet. What is the effect of the configuration? To answer, select the approgriate options in the answer area. NOTE: Each correct selection is wort one point. Hot Area:Answer Area ‘Users who can move File!.txt to C:\Folder2: Users who can move File1.txt to D\Folder3: Correct Answer: Answer Area Users who can move File1 txt to C:\Folder2: Users who can move File! txt to D:\Folder3: Usert User and User2 only User, Une and Use = oy User2, User3, and! Useri only User! and User2 only User, User?, and User3 only User Estate aCommand Prompt - o x \Users\adnint>whoami /user /groups /priv - User Name ‘SID adatum\adminl — S-1-5-21-4534338-1127018997 -2609994386-4602 GROUP INFORMATION Group Name BUI Yin users BUILTIN\Adm nistrators Rg. AUTHORE TY MINTERACTIVE ‘CONSOLE LOGON NT AUTHORITY \Authenticated Users NT AUTHORITY\This Organization LOCAL ADATUM\Domain Admins none ty o = futhentication authority asserted identity YelTeknown sro Denied RODC Passo ‘cat a meniatocy Lapel vacitn Rancatory Level Chup Capel = Privilege Name Description Sechangenotifyerse11 Bypass traverse checkd Neri s traverse Seundockeivitege Remove computer from docking statio Seincrestucekiogwatecivilege eerease a process working Sat SeTimeZonePrivilege Change the time zone ‘¢: \users\admin1> . Use the drop-down menus to select the answer choice that completes each statement based on the informaton [Presented in the graphic. NOTE: Each correct selection 's wort one pont. Hot Area:Amower Ares Oa Compe), it Admia stents te opes Device ‘Meneg=r, answer chotce), (Ora Campa if Alani atenapls era: the omen Prengr as wi adm muster [amewer chobced QUESTION 15, ‘You have a computer named Computer that runs Windows 10. ‘You need to configure User Account Contral (UAC) to prompt administrators for ther credentials. ‘Which settings shouts you moxity? A. Aéministrators Properties in Local Users and Groups: B, User Account Contrel Settings in Contret Panel C. Security Options in Local Group Policy Edtior D. User Rights Assignment in Local Group Pobcy Eiitor Correct Answer: C ‘Section: {none} Explanation Explanation/Roterence: References: QUESTION 16 ‘You have several computers that run Windows 10. The computers are in a workgroup.‘You need to prevent users from using Microsoft Store apps on their computer. ‘What are two possible ways to achieve the goal? Each correct answer presents part ofthe sokuton. NOTE: Each correct seloction is wort one point. ‘A. From Securty Settings in the local Group Policy, configure Security Options. 8. From Administrative Templates in the local Group Policy. configure the Store settings. C. From Security Settings in the local Group Policy. configure Software Restriction Policies. 1D. From Security Settings inthe local Group Policy, configure Application Control Policies. Correct Answer: BD Section: (none) QUESTION 17 ‘You have a computer named Computer that runs Windows 10. ‘You need to prevent standard users from changing the wireless network sattings on Computert. The solution must allow administrators to modiy the wireless network satings. ‘Wat shou you use? A. Windows Configuraton Designer 8. MSContg C. Local Group Policy Editor 1D. an MMC console that has the Group Policy Object Editor snap-in Correct Answer: © ‘Section: [none] ‘Explanation Explanation/Reterence: QUESTION 18 HOTSPOT ‘You have trree computers hat run Windows 10 a8 shown in te folowing table. Name Operating system ‘Computer! Windows 10 Pnierprise A we _ ‘Computers ‘Windows 10 Enterprise Ailthe computers have C and D volumes. The Require additional authentication at startup Group Policy ‘satings 1 disabled on all the computers. ‘Which volumes can you encrypt by using BitLocker Drive Encryption (BitLocker)? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point‘On Computer’, you create an NTFS folder and assign Full control permissions to Everyone. ‘You share the foloer as Share! and assign the permissions shown inthe following tabi. ‘When accessing Share’, which two actons can be performed by User! but not by User2? Each correct answer resents part of the solution. NOTE: Each correct selection is wort one point. ‘You have a computer that runs Windows 10. The computer contains a folder named C\NSOs that is shared in, ‘You run several commands on the computer 28 shown in the folowing exhibitUso the érop-cown manus lo select the answer choice that completes each statement based on the information [presented in the graphic. NOTE: Each correct selection is worth one point. Hot AresAnswer Area Ianswer chotce) can delete files in the ISOs share. [answer choice] can read the files in the ISOs share. Correct Answer: Answer Area [answer choice) can delete files in the ISOs share. {amswer choice) can read the files in the ISOs share. !QUESTION 21 Note: This question is part of a series of questions that present the same scenario. Each question in {the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. ‘Ahier you answer a question in this section, you will NOT be able to return to It. As 2 result, these questions will not appear in the review screen. ‘Avser named User' has computer named Computert that runs Windows 10. Computert is joined to an ‘Azure Active Deectory (Azure AD) tenart named contoso.com. Usert joins Computer’ to contoso com by using ‘user |@contoso.com. ‘Computert contains a foider named Foliert. Folder! is in drive C and is shared as Share1. Share1 has te Permission shown in the folowing tthe ‘A.ser named User2 has a computer named Computer? that runs Windows 10. User2 joins Computer to ‘contoso.com by using user2@Brontoso.com, La! User? attempts to access Sharet and receives the following error message: “The username or password is incorrect” ‘You need to ensure that User2 can connect to Share. ‘Solution: In Azure AD, you create @ group named Group! that contains User! and User?. You grant Group! Change access to Sharet. ‘Does this meet the goal? AYes B. No Correct Answer: Section: (none) Explanation QUESTION 22 ‘Note: This question is part of a series of questions that present the same scenario. Each question in {the series contains a unique solution that might meet the stated goals. Some question sets might have ‘more than one correct solution, while others might not have a correct solution. ‘After you answer a question in this section, you will NOT be able to return to It. As a result, these ‘questions will not appear in the review screen. ‘A.ser named User2 has a computer named Computer? that runs Windows 10. User2joins Computer? to ‘@ontoso.com by using user2@contoso.com.CComputert contains a folder named Foldert. Folder is in drive C and is shared as Sharet. Sharet has the Bermission shown in the folowing tate. Full control Ovener ‘A.user named User2 has a computer named Computer? that runs Windows 10. User2 joins Computer? to ‘contoso.com by using user? @eontose com. User? attempts to access Share! and receives the following error message: “The usemame or password is ‘You need to ensure that User2 can connect to Share. Sotiton: You create a local user sccourton Computer! and int User? o use the lca account to connect ‘Does this meet the goal? A Yes 8. No ‘Correct Answer: B Section: (none) Explanation Explanation/Roference: QUESTION 23 ‘Note: This question is part of a series of questions that present the same scenario. Each question in ‘the series contains a unique solution that might meet the stated goals. Some question sets might have ‘more than one correct solution, while others might not have a correct solution. ‘After you answer a question in this section, you will NOT be able to return to it. As a result, these ‘questions will not appear in the review screen. ‘A.ser named User! has a computer named Compytert that runs Windows 10. Computert is joined to an ‘Azure Active Directory (Azure AD) tenant named contoso.com. Usert joins Computert to contoso.com by using user @eantoso com ‘Computer’ contains a folder named Foliert. Folder! is in drive C and is shaved as Sharet. Sharet has the permission shown in the folowing tatie. [| Group ‘Share permission Everyone Fall control ‘AzureAD/userl @contoso com | Owner ‘A.ser named User2 has a computer named Computer? that runs Windows 10. User? joins Computer? to _contoso.com by using user2@rontoso com. ‘User? atiempts to access Share1 and receives the folowing error message: “The username oF password is tncorrect™‘You need to ensure that User2 can connect to Share1. ‘Solution: in Azure AD, you create a group named Group? tat contains User! and User?. You grant Group Modity access to Foldert. ‘Does this meet the goal? ‘You have a computer named Computer! that runs Windows 10. Computert contains a folder named Foldert. ‘You need to og any users who take ownership ofthe files in Foldert. Which two sctions should you perform? Each comect answer presents part ofthe solution. NOTE: Each correct selection is worth one point. ‘A. Madly the folder attrbutes of Folder. 8. Modity the Advanced Securty Settings for Foldert. C. From a Group Policy object (GPO), configure the Aust Sensitive Privilege Use setting. 1D. From a Group Policy object (GPO), configure the AucSt File System setting. E. Install the Remote Server Administration Tools (RSAT). Correct Answer: BO ‘Section: {none} Explanation Explanation/Reference: References. ‘biiositmwe.netera.commow to detect who changed fie folder owner him QUESTION 25, HOTSPOT ‘Your network contains an Active Directory domain. The domain contains the users shown inthe folowing table.+ User2: Deny Write + Group!: Alow Read + Group2: Allow Modify Foldert is shored as Share$. Shoret$ has the following configurations: * Everyone: Allow Full control + Access-based enumeration: Enabled For each of the following statements, select Yos f the statement is tue. Otherwise, seloct No. NOTE: Each correct selection is worth one point Hot Area: Statemens| Yes (User! on tt es Comte T'Share tS ° Use? cam et es in Comet Sets ° ° oo°oF 1 User cones Corgntart hom Fe Expr, Shara wl be vie Correct Answer: Statemens Yes No ar cam at a orga hats a) Us can it tes to WCcmeuser Starts @o 1 Use canoe to Coren tem F¥e Enh, Shr lb ibe Mo ‘Auser cannot open the application. You sa sg coed bem Ses sonata Sf bs ee nA va ie ay, TO 'ping request from your computer and the server replies. ‘You need to ensure that the ping request works from the user's computer.‘Which Windows Defender frewall rule is a possitie cause of the issue? ‘A. Fie and Printer Sharing (NB-Datagram-in) 8B. Fie and Printer Sharing (Echo request ICMPY6-Out) CC, File and Printer Sharing (NB-Datagram-Out) . File and Printer Sharing (Echo Request ICMPY6-In) Correct Answer: D ‘Section: {none} Explanation Explanation/Reference: References: Tis fe ntpen osr haat noma aban ema ecp ecta cee Mot sm 8, QUESTION 27 HOTSPOT Use the drop-down menus to select the answer choice that completes each statement based on the information [resented on the graphic.NOTE: Each correct selection is worth one pc Hot AreaAnema: Aree seemed a ae ety ee Tt ei arene an ne comma ant cmon nr Wr ym | are Cangean Se to an cn premews Actes Orecay a Correct Answer: Anema Aree cnet ap sare prey er mmr ee) = neonate = tana ema Section: (none) Explanation Explanation/Reference: i ‘You have a computer named Computers that runs Windows 10 thats used to share documents in a ‘You create three users named User-a, User-b, User-c. The users plan to access ComputerS from the network| ance Sect Stenger Dats Nore: Come Owner Agmnitators OESKTOP-SAQBHS3AdrINratons) Change D) Rectae ouner on suontaners and tess Premisions Shave Aucting — Mlectne Access For edtiemal information dovble-ch 9 garmunon entry, To mody spermainen entry, tlact the ante and cick ($84 asada) Penison ian Tre Principat acces inherited trom: Aootesto ML Allow User-a(DESKTOP-Siq@HsU Read Beemecute Rone ‘Thee ter, suliers and few MR Akow Usee-b(DESKTOPSoghits 3 Mody hone hen toner, satiers and tes, ML Akow Adminitrstors (DESKTOP. at contos ene The fone stokes and fe ik Atow SYSTEM Fa cont one Thee foto, totter aad fw [Mi Allow Users DESKTOP-S90RHSTUs Ful contot Nene ‘Then fotcer, escere an es Me) i Ll) Rectece ot chad copeet sarmanion eras wim mhertabie cermeason entree or the tweet Ce] oe | ee ‘You share the Data folder. The permission for User-a are shown in the User-a exhibit (Click the User-a tab.)‘The permissions for user-b are shown in the User-b exhibit (Click the User-b tab.)‘The permissions for user-c are shown in the User-c exhibit (Click the Userse tab.)For each of the folowing statements, select Yes # the statements is rus. Otherwise, select No. NOTE: Reach correct selection is worth one point. Hot Area: ‘Statements User-a can modify files in the Date share. User-b can delete files in the Dete share. User-c can read files in the Data share, Correct Answer: ooo ¥# ooo &Statements Yes No User-a can modify files in the Date share, ° oO Usor-b can delete fies in the Dota share @ o Usor-c can read files in the Date shore @o Explanation Explanation/Reterence: QUESTION 29 forseor ‘You have a computer that runs Windows 10 and contains the follers shown inthe following table. For each of the folowing statements, select Yes # the statement is tue. Otherwise, selact No. NOTE: Each correct selection is wort one point, Hot Area:Usort can road and write ail files in FolcerC. User2 can delete ail tiles in Folders. Userd can delete ail tes in Foiderc, 000 § ooo € Correct Answer: Statements Usert can read and write ail files in FolderC. User2 can delete all tiles in Folder’, User3 can delete ail tiles in Folder. oom 7 BBo fF ‘Section: (none) Explanation Explanation/Reference: References: QUESTION 30 ‘Your network contains an Active Directory domain. The doman contains 9 computer named Computer! that ‘uns Windows 10. ‘You need to view the settings to Computer’ by Group Policy objects (GPOs) in the domain and local Group Which command should you run? A gpresult B. secedit C. gpupdate D. gpfixup Correct Answer: A Section: {none} Explanation Explanation/Reterence: Reterences: ‘https docs. microsoft com/en-us/windows-serveriagminstratior/windows-commands/aoresut QUESTION 31 ‘Your network contains an Active Directory domain. The domain contains computers that run Windows 10.‘You need to provide 3 user withthe abily to remotely create and modity shares on the computers. The soluton ‘must use the principle of least prévlege. ‘Towhich group should you adi the user? A. Power Users B. Remote Management Users C. Administrators D. Network Configuration Operators Correct Answer: C ‘Section: [none] Explanation Explanation/Reference: QUESTION 32 ‘You have a computer named Computer! that runs Windows 10, Computer1 belongs to a workgroup. ‘You run the folowing commands on Computer? New-LocalUser ~Name User! -NoPassword ‘Add-LocalGroupMenber User -Menber User}‘You need to be able to access Controt Panel What should you mossy? ‘A. the PowerShell execution policy 8. the Local Group Policy . te Settngs app . a Group policy preterence ‘nips /wndows Oki com/ns-operaton-has tec-dve-ty-restnctons-ineflect-on ths. QUESTION 34 HOTSPOT ‘Your domain contains named Computer named Compytert that runs Windows 10, Computer does not have a TPN ‘You need to be atie fo encrypt the C drive by using Bitocker Drive Encryption (BitLocker). The solution must ‘ensure that the recovery kay is stored in Active Directory. Which two Group Poicy settings should you configure? To answer, select the approprate sattngs in he NOTE: Each correct selection is worth one point Hot AreaConsole? - [ConsoleRoofiLocal Computer Policy\Computer Configu... See ih InsaxkGo OF HST oct cut Of ore-boot|QUESTION 35 You have a pubic compute named Computer? mat une Windows 10/ Comper contains a flser named ‘You need to provide 9 user named Usert with the abilty io modi the permissions of Foldert, The sohition must use the principle of least privilege. Which NTFS permission should you assign to Usert?” A. Full contrat 8. Mody C. Write D. Read & executeQUESTION 36 ‘You have 10 computers that run Windows 10 and have BitLocker Drive Encryption (BitLocker) enabled. ‘You plan to update the firmware of the computers. ‘You need to ensure that you are not prompted for the BitLocker recovery hey on the next restart. The drive ‘must be protecied by BiLocker on subsequent restarts. C. Add-BitLockerkeyProtector D. Suspend-BitLocker QUESTION 37 ‘You have a computer named Computert that runs Windows 10. ‘You are iroubleshootng Group Policy objects (POs) on Computer'. You run gpresuit /user userl /v and receive the output shown in the following exhibitSaar Last tune Group Polcy was applied: 11/11/2018 at 8:20:07 Group Policy was applied from: N/A Cede eed tie met cn Peete ed eet a:a] Peni eee Pee kert Tae ges: Local Group Policyusert eter tae) The user is a part of the following security Dee ted er een ee rte Eine Ermine Performance Log User eine enact: CONSOLE LOGON Ue hance) eter een bese res eset eee Use the drop-down menus Io select the answer choice thal complates each statement based on the information presented inthe graphic NOTE: Each correct selection is wort one point. Hot Area:To configure GFO settings that affect only User, you must fest [answer choice] ‘You create a folder named Foléert that has the permissions shown in the following table.‘You create a fe named Filet txt in Folder and alow Group? Full control permissions to Fie. For each of the folowing statements, select Yes the statement is tue. Otverwise, select No. NOTE: Each correct selection is wort one point Hot Arwa: ‘Statements User can create a new file in Folder1. User can save changes to File1.txt User2 can view the content of File1.txt ‘Statements: User can create a new file in Folder1 User1 can save changes to File1.txt User2 can view the content of File1.txt Section: (none) Yes ° ° ° a oe Oo 0 0 Oo} |O| | &‘Computer’ has the local Group Policy shown in the following table. ‘Startup script ScnptAL Shutdown ScriptA2 Logon seript SeniptA3 Logotf script Script ‘You create the Local Computer Administrators pobicy shown inthe folowing table a [Lorca seript | SenptBE | ‘You create the Local Computer‘Non-Admiristrators policy shown in the folowing table. [Setting [Value a [Logott script [SenpCz For each ofthe folowing statements, solct Yes f the statement is tue. Otherwise, selact No. Hot Area:Statements Yes No 1 User shuts down Computert, seri SeriptA2 will run. Oo Oo if User? signs in to Computert, scripts Seripta3, ScriptB1, and = SerigtC3 will run, o ° if User3 signs out of Computer. scripts SeriotC2 and Scriptad Oo Oo wil run, Correct Answer: ‘Statements Yes No If User shuts cown Computers, script Scripta? will run. Oj oO WF User2 signs in to Computer! scripts Seripta3, ScriptBt, and Script will run, Oo oO if User3 slans out of Computer, serintsSeriotC2 and Scripta oO will run. ‘Section: [none] Explanation QUESTION 40 ‘Note: This question Is part of a series of questions that present the same scenario. Each question in the series contains # unique solution that might meet the stated goals. Some question sets might have ‘more than one correct solution, while others might not have a correct solution. ‘After you answer a question in this section, you will NOT be able to return to It. AS 2 result, these ‘questions will not appear in the review screen. ‘A user named User? has a computer named Compxter? that runs Windows 10. User2 johns Computer? to ‘contoto.com by using user2@conto%o.com. Computer’ contains a fokder named Foldert. Folder! is in drive C and is shared as Sharet. Sharet has the permission shown in the folowing tate. | Group ______|Sharepermission | Everyone Full control | AzureAD user! @contoso.com | Owner‘A.user named User2 has a computer named Computer? that runs Windows 10. User? joins Computer? to ‘contoso.com by using user2@contoso.com. User2 attempts to access Share and receives the following error message: “The username or password is ‘You need to ensure that User2 can connect to Share! ‘Sovuton: You create a local group on Computer! and add he Guest account te group. You gant he group Modity access to Snaret = ‘Does this meet the goal? A Yes B. No Correct Answer: 8 ‘Section: (none) Explanation Explanation/Roference: QUESTION 41 Your retort contain an Act Oretary domain, The domain contains 1000 compre tet Windows 1 ‘You need to prevent the computers of the research department trom appearing in Network in File Explorer. What should you do? ‘A. Configure DNS to use an external provider B. Modity he *usystemrooti\systom3Zdriversiatc\Networks fe, C. Tum off network discovery. D. Disable the Network List Service Correct Answer: C Section: (none) Explanation Explanation/Reference: ‘QUESTION 42 HOTSPOT ‘You have two computers named Computer! and Computer? that run Windows 10, The computers arein @ workgroup. ‘You perform the following configurations on Computer! + Create a user named User. + Add Usert to the Remote Desktop Users group, ‘You perform the following configurations on Computer2: + Create a user named User! and specty the same user password as the one seton Gomputert. + Create @ share named Share? and grant Usert Ful control access to Share2.+ Enable Remote Desktop. What are the effects of the configurations? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is wort one point. Hot Area: ‘Answer Arca. {Use gs bo a Share? 1s dale Rima andar pare se ters bo access Share? amy (Comput, Pe ur we czar arenas an wo Rene Osim — + Alldomain users must be able to open the files in the Templates foldor * Only the members of Group! must be allowed to edt the fies in the Templates folder. ‘How should you configure ihe NTFS setings on ihe Templates fokder? To answer, select ine appropriate‘options ia the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer AreaAnswer Area ‘Section: [none] Explanation Explanation/Reference: QUESTION 44 ‘You deploy Windows 10 1020 new laptops. ‘The laptops wil be used by users who work at customer stes. Each user willbe assigned one laptop and one Android device. ‘You need to recommend a solution to lock the laptop when the users leave their laptop for an extended perio. "Which two actons should you include in he recommendation? Each correct answer presents part of me sauton NOTE: Each correct selection is worth one point ‘A. Enable Bivetooth discovery. B. From the Settings app, configure the Dynamic lock settings. C. From Sign-in options, configure the Windows Hello settings. D. From the Settings app. configure the Lock sereen settings. E. Phir he Android device and the laptop. F. From the Settings app. configure the Screen timecut sotings. ‘Correct Answer: OF Section: [none]‘Testiot 1 Case Study ‘This is a case study. Case studies are not timed seperately. You can use as much exam times as you ‘would like to complete each case. However, thera may be addtional studies and sections on this exam. You sous menage yur ao conee Bt yous ste a compleo ol qumebenalnceioden Wh exam bia Ene To answor fe questions incuded in a case study, you wil need \0 reference information that's provkied nthe ‘case study. Case studies might contain exhibts and other resources that provide more information about the ‘scenario that described in the case stidy Each question is independent ofthe Other questions i this case study, ‘Atte end ofthis case study, 8 review screen wil appesr. This screen allows you to review your answers and to ‘make changes before you move to the next section of the exam. After you begin a new section, you cannot ‘otum to ths secton. To start the case study To display he first question in this case study, cick the Next button. Use the butions in the lft pane to explore the content of te case study before you answer the questions. Clicking these butions displays information such ‘03 business requirements, existing envronment. and problem statements, When you are ready to answer ‘question, cick the Question bution to return to the question. Overview Existing Environment Fabrikam, nc. is 2 distribution company that has 500 employees and 100 contractors. ‘Active Directory ‘The network contains an Active Directory forest named fabrikan.com. The forest is synced to Microsoft Azure ‘ative Diectory (Azure AD), All the employees are assigned Microsoft 366 E3 licenses, ‘The domain contains a user account for an employee named User0. Client Computers Al the employees have computers that run Windows 10 Enterprise. Allthe computers are insted without ‘Volume License Keys. Windows 10 lcense keys are never issised. ‘Ailthe employees register thei computer to Azure AD when they frst receive the computer. Usert0 has @ computer named Computert0. ‘Alte contractors have ther con comeuter at una Windows 10. Nona of the comer ae jned Ane Operations! Procedures Fabrkam has the following operational procedures: + Updates are deployed by using Windows Update for Business. ‘+ When new contractors are hired, administrators must help the contactors configure the folowing settings on their computer. = User certificates = Browser security and proxy settings = Wireless network connection settingsSecurity policies “The following secunty policies are enforced on ail the cent computers in the domain: ‘+ Allthe computers are encrypted by using BitLocker Drive Encryption (BitLocker). Blacker recovery __Rformaton i stored in Active Directory and Ante AD. ‘Tha local Administrators group on each computer contains an enabled account named LocalAdmin. +The CocalAamn account maraped by use Lact Aamnsratr Password Sounon (CAPS) Problem Statements Fabrkam identtios the folowing issues: + Employees in the finance department use an apgiication named Application’. Applicaton! frequently ‘crashes due to a memory error. When Application! crashes. an event is written to the application log and on ‘administrator runs a script lo delete the temporary files and restart he apglication. * Wms engine etemplb comect toe naar ir ek home camper, Bay cen coat ethieh a VPN connection because of misconfigured VPN. + ‘Avempioyes bes 8 computer named Computer! Compdertt hes aherdsore talus tht provers he ‘computer from to the network, + Usort0 reports that Computer'0 is not activated. Technical requirements Fabrkam Ktentfies the following technical requirements for managing the client computers: + Provide employees with a configuration fie to configure their VPN connection. * Use the micimum arsount of administrative effort to implement the technical requirements. + Igenty which employees’ computers are noncomplant wit the Windows Update baseline of the company. + Ensure that the service desk uses Quick Assist to take remote control of an employee's desktop during ‘support cals. ‘+ Automate the configuration of the contractors” computers. The solution must provide a configuration fie that ‘the contractors can cpen from a Microsoft SharePonnt site to apply the required configurations, 2 ‘You need to take remote control of an employee's computer fo troubleshoot an issue, ‘What should you send to the employee to initiate @ remote session?‘Testiet 2 Case Study ‘This is a case study. Case studies are not timed seperately. You con use as much exam times as you ‘would like to complete each case. However, there may be addtional studies and sections on this exam. You ‘must manage you time to ensure that you are able to complete all questions included on this exam in the time To answor te questions incuded in 2 case study, you wll need to reference information that's proved nthe ‘case stuty. Case studies might contain exhibits and other resources that provide more information about the ‘scanano that « described in the case stidy Each question is independent ofthe Other questions in this case study, ‘Atthe end ofthis case study, a review screen wil appear. This screen allows you to review your answers and to ‘make changes before you move to the nex! section of the exam. After you begin @ new section, you cannot retum to tes section. To start the case study ‘To display the fist question in this case study, click the Next button. Use the butions in the lft pane to explore the content of fie case study before you answer ihe questions. Clicking these buttons dksplays information such ‘83 business requirements, existing environment. and problem statements, When you ere ready io answer & ‘question, cick the Question bution to retum to the queson. Overview (Geoeo, Lid a conauteg company Bat nas a main oftce n Morte and wo branch ofc in Seat and fork. ‘Contoso has IT. human resources (HR), and france departments. Contoso recently opened a new branch office in San Diego. Al the users in the San Diego office work from Existing environment ‘Contoso uses Microsoft 365. ‘The on-premises network contains an Active Directory domain named contoso.com. The domain is synced 10 ‘Microsoft Azure Active Directory (Azure AD). ‘Ail computers run Windows 10 Enterprise. ‘You have four computers named Computer, Computer2, Computer3, and ComputerA. Computer is in ‘workgroup on an isolated network segenent and runs the Long Term Servicing Channel version of Windows 10. Computer connects to a manufacturing system and is business criical. Al the other computers are joined to. the domain and run the Semi-Annual Chanel version of Windows. 10. In the domain, you create four groups named Group! Group2, Group, and Groups. ‘Computer? has the local Group Policy settings shown inthe following table, Polley Access this computer from the network Grouph Deny oceess to this computer from the network Group ‘Allow log on through Remote Desktop Services Groups, ‘Deny log on through Remote Deskiop Services Groupt‘The computers are undated by using Windows Update for Business. ‘The domain has the users shown in the folowing table. Name User! User2 User3 User4 User5S | Domain Users, Guests User6 | Group2, Group3, Domain Users | Administrators, Domain Users ‘Computert has the local users shown in the following table. Contoso plans to purchase computers preinstalied with Windows 10 Pro forall the San Diego office users. ‘Technical requirements ‘Contoso identities the following technical requirements: * The comouters inthe San Diego oie must be uooraded avomacalyo Wodows 10 Externe and must befoned to azure AD the fra tre wer stats boch new compu. nd users must no be required 10 ‘accept the End User License Agroement + Helpdesk users must be athe 10 voubteshoot Group Policy otject (GPO) processing on the Windows 10 ‘users must Be able to ently which Group Polives are applied to the computers. ‘DiReports on | HH iH My i i i i Hin i i QUESTION + ‘You need to meet the technical requirement for User6. ‘What should you 60?A. Add User6 to the Remote Desktop Users group in the domain. B. Remove User$ from Groug2 in the domain.Question Set 3 QUESTION 1 ‘Your company has a wireless access point that uses WPAZ-Enterprise, ‘You need te configure a computer to connect to the wireless access point. ‘What should you do frst? ‘A. Create a provisioning package in Windows Configuration Designer. B. Request a passphrase. C. Request and install a ceritcate. ©. Create 2 Connection Manager Administration Kit (CMAK) package. Correct Answer: B ‘Section: [none] Explanation Explanation/Reterence: References: ‘les /sup0n microsof, con/en-za/neip/17137/windows-settne up-wireiess- network, QUESTION 2 ‘Auser named User! has a computer named Computert that runs Windows 10. User connects to a Microsoft Azure virtual machine named VMI by using Remote Desktop. \Usert croates a VPN connection named VPN1 to connect to @ partner organization. When the VPN1 connection is established, User! cannot connect to VM. When Usert disconnects from the ‘VPN, the user can connect to VM. ‘You need to ensure that User’ cen connect to VA1 while connected tothe VPN1. (What should you do? A. From the proxy settings, add the IP address of VA to the bypass ist to bypass the proxy. 'B. From the properties of VPN'., clear he Lise default gateway on remote network check box. C. From the propertis of the Remote Desktop connection to VA, specity a Remote Desktop Gateway (RD Gateway). ©. From the properties of VPN. configure a static default gateway address. Correct Answer: 8 ‘Your network contains an Active Directory domain. The domein contains # user named Admint. Al computers: fun Windows 10. ‘You enable Windows PowerShell remoting on the computers. ‘You need to ensure that Admint can establish remote PowerShell connections to the computers. The solution must use the principle of least prvlege.Towtich group should you add Admint? ‘A. Access Control Assistance Operators 8. Power Users GC. Remote Desktop Users. D. Remote Management Users Correct Answer: O Section: (none) Explanation Explanation/Reference: References: ‘QUESTION 4 ‘You have 200 computers that run Windows 10 and are joined to an Actwe Directory domain. ‘You need to enable Windows Remote Management (WinkM) on all he computers by using Group Policy. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is wort one point. A. Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic, B. Enable the Windows Firewal: Alow inbound remote administration exception setting. CC. Enable the Allow remote server management through WinRM setting. 1. Enable the Windows Firewal: Allow inbound Remote Desktop exceptions setting. E. Enable the Allow Remote Shell access seting. F. Set the Startup Type of he Remote Registy service to Automatic. Correct Answer: ACD ‘Section: (none) Explanation Explanation/Roference: References: Ito /www mustbegeek, com/now-to-enable-winrm-va-grovp-pokicy! QUESTIONS A.user has 9 computer that runs Windows 10. When the user connects the computer fo the corporate network, the user cannot access the internal corporate ‘servers. The user can access servers on the Internet. ‘You run the ipconfig command and receive the following output.Connect ton spect te Ome su Dereription 2. Prysical Address. oS ONCE Enabled. Autoconf iguration tnabled Link-Local 1Pv6 Address Teva Address. Subnet Mask. Aease obtained. Leone expires « Default Ontewey ch Server - Omceve TaID | DHCP ChLent OUI, O88 Servers... NetmtOs over eplpe vee ee eet kthonnet a 00-0 te P ea ad ves ves fe80: 5496: 2419: 0830: 3¢40KI7 (Preferred) 192. 168.0121 (Prefered) 255.255.255. ednesday, October 92, 2018 8:07 Medinesdiay, October $1, 2028 #) -PRAC-5F- 44-00-5086 -78 4-08 ‘You send a ping request and successfuly ping the default gateway, the ONS servers, and the DHCP server. Which configuration on the computer causes the issue? A. the DNS servers B. the IPv4 acsress CC. the subnet mask ©. the dotautt gateway address Correct Answer: A Explanation Explanation/Reference: QUESTION 6 HOTSPOT ‘You have a computer that runs Windows 10. From the Settings apo. you view the connection properties shown in the following exhibitNetwork profile Onn ‘Your PC is hidden fram other devices cn the network and ct be ‘Wie Yor piter and ie shan. O Pinte For a netwr you test such a8 at home oF wort. Your PC ie ‘dacovene and can be wed for printer nd fe sharing if you sat cry Contagure trewnl and secuty sets Metered connection you have 1 betes data plan and want more control over Sata ‘age. make ths connection « metered network. Some aps might work dierenty to educe data wiege when youre connected to ic retort. ‘Set a metered comection BD om {you set a data lent, Windows wl et he metered connection ‘settng for you to ne YOU Stay UNE your AM. ‘Set a data ert to help control deta usage on ths network ‘Use the drop-down menus to select the answer choice that completes each statement based on the informaton presented a the graphic, NOTE: Each correct selection is wort one point. Hot Area: Answer Area To enable Winters Remote (WinRM), yourrwst first [answer choice]. To enave that Microsoft One Prive syncs yor ‘must first [amswer choice).Answer Area Toenshie Winton Remote Management| | [—__________~¥ (WinRN), you rust first [answer choice}. To emunre that Microsoft One" rive syncs, yon must first [answer choice). ‘Your network contains an Active Directory domain. The domain contains 10 compxaers that run Windows 10, Users inthe finance department use the computers. ‘You have @ computer named Computer! that runs Windows 10. From Computer’. you plan to run a script that executes Windows PowerShell commands on the finance ‘department computers. ‘You need to ensure that you can run the PowerShell commands on the finance department from Computert,‘What should you do on the finance departmert computers? ‘A. From the local Group Policy, enable the Allow Remote Shell Access setting. 'B. From the local Group Policy, enable the Turn on Script Execution setting. C. From the Windows PowerShell run the Enable-MMAgent cmdlet. 1. From the Windows PowerShell, run the Enable-PSRemoting cmdiet Correct Answer: Section: {none} Explanation ‘A. In Azure AD. assign user1@contoso.com the Cloud device administrator role. 'B. From the local Group Policy. modly the Allow log on through Remote Desktop Services user right. C. In Azure AD. assign user! @contoso.com the Security administrator role. 1D. On Computer, create a local user and add the new user to the Remote Desktop Users group. ‘You enable Windows PowerShell remoting on a computer that runs Windows 10. ‘You need to limit which PowerShell cmciets can be used in a remote session. Which three actions should you perform in sequence? To answer, move the appropriale actions from the list of ‘actions to the answer area and arrange them in the correct order. ‘Select and Place:Comata PR fn coma at eter Rent tote reteset on ened Section: [none] Explanation (bios hme etn corn/powershet-remotng-restritine-user-commands QUESTION 14 HOTSPOT ‘You have a computer named Computert that runs Windows 10. Computert has an IP address of 10.10.1.200 and a subnet mask of 255.255.255.0. ‘You conigure the praxy settings on Computert as shown inthe following exhibitManual proxy setup Use a proxy server for Ethernet or Wi-Fi connections. These settings don't apply to VPN connections. Use @ prony server =o Address Port freeones] [owe Use the proxy server except for addresses that start with the following entries. Use semicolons () to separate entries. contoso.come + smicrosoft.com;192.168.1.25;". [i Dont use the proxy server for local (intranet) addresses ‘Use the érop-cown menus to select the answer choice that completes each statement based on the information, [presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Conction attempt to [over the cenay only whan wing Microwah Fage ute the proxy aly when uting Microcah Face loypess the crony fer all apctications Jute the proxy for all anpications ps://48.10,0.100 heros /store mierorort. com epi/392.168.1.10 Correct Answer:Der end ee a gd etd LoL Coe) fae) Oa Sees) i) Seas Cee TET eee Microsoft Hyper'V Network Adapter ead Cemrecne ny Deas cc antl ad eee aera Cea RAL al] ie ae era! Pee eee) vom ltd 255 255.00 eet eee eet at arn Deedee) CE RE e arate teen PSs Cag eee] Pee eet) Enabled ‘What can the computer connect to? ‘A. all the local computers end the remcte computers within your corporate network only 8, all the focal computers and the remote computers, including Inte hosts CC. only other computers on the same network segment that have automatic private IP addressing (APIPA) 1. only otner computers on the same network segment thet have an address from # class A network ID Correct Answer: Section: {none} Explanation Explanation/Reterence: QUESTION 13 ‘Your network contains an Active Directory domain named contoso.com. ‘A.user named User! has a personal computer named Computer! that runs Windows 10 Pro. User! has a VPN‘connection to the corporate network ‘You need to ensure that when User! connects to the VPN, network traific uses a proxy server localed in the ‘corporate network. The solution must ensure thal User! can access the Internet when disconnected from the VPN. ‘What should you do? ‘A. From Control Panel, modity the Windows Defender Firewall setings 8. From the Setting app, modi the Proxy setings for he local computer CC. From Control Panel, modi the properties of the VPN connection D. From the Settings app, mosity the properties of the VPN connection Correct Answer: 8 ‘Section: (none) Explanation Explanation/Roference: QUESTION 14 ‘You deploy 100 computers that run Windows 10. Each computer has a colular conection and @ Wi-Fi “connector ‘You naed to prevent the computers from using the cellular connection unless a user manually connects to the ‘celular network. ‘What should you do? A. Set the Use callular instead of Wi-Fi setting forthe cellular connection to Never B. Runthenersh wlan set hostednetuork modendisallow command C. Clear the Let Windows manage this connection check box forthe cellular connection 1. Select the Let Windows manage this connection check bos for the WF: connection Correct Answer: C Section: (none) Explanation Explanation/Roference: References htiosunoort microsoft comlen.za/haln/107:Sahwincows:10-coltar-sattings QUESTION 15 Note: This question is part of a series of questions that present the same scenario. Each question in {the series contains a unique solution that might meet the stated goals. Some question sets might have ‘more than one correct solution, while others might not have @ correct solution. ‘After you answer a question in this section, you will NOT be able to return to it. As a result, these ‘questions will not appear in the review screen. ‘You have a apiop named Computer! that uns Windows 10. ‘When in range, Camputert connects automatcaly a WiFi network named Wireless ‘You need to prevent Computert from automaticaly connecting to Wireless. ‘Solution: From a command promgt, yourun netsh wlan delete profile nase="Wireless!*.