Microsoft MD-100 Windows 10 (beta) Online Training

Microsoft MD-100 certification exam marks a higher rank in the IT sector. In this Microsoft MD-100 Windows 10 (beta) Online Training there are all new questions of Microsoft 365 Certification MD-100 exam involved which hints you towards your accomplishment if you want success with worthy grades, which gives you exactly those which will be supportive for you in your final exams and as far as my involvement Exam4Training is the best for you as it has all the valuable online exam material which is vital for MD-100 Windows 10 (beta) exam.

Page 1 of 46

1. Topic 1, Fabrikam, Inc.

Introductory Info

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

Updates are deployed by using Windows Update for Business.

When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

✑ All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

✑ The local Administrators group on each computer contains an enabled account named LocalAdmin.

✑ The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

✑ Employees in the finance department use an application named Application1.

Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

✑ When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

✑ An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

✑ User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

✑ Provide employees with a configuration file to configure their VPN connection.

✑ Use the minimum amount of administrative effort to implement the technical requirements.

✑ Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

✑ Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

✑ Automate the configuration of the contractors’ computers. The solution must

provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

2. You need to take remote control of an employee’s computer to troubleshoot an issue.

What should you send to the employee to initiate a remote session?

a numeric security code

a connection file

an Easy Connect request

a password

3. HOTSPOT

You need to reduce the amount of time it takes to restart Application1 when the application crashes.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

5. You need to recommend a solution to monitor update deployments.

What should you include in the recommendation?

Windows Server Update (WSUS)

the Update Management solution in Azure Automation

the Update Compliance solution in Azure Log Analytics

the Azure Security Center

6. You need to recommend a solution to configure the employee VPN connections.

What should you include in the recommendation?

Remote Access Management Console

Group Policy Management Console (GPMC)

Connection Manager Administration Kit (CMAK)

Microsoft Intune

7. You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Local Security Policy, edit the policy password settings on Computer11.

From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.

From Microsoft Intune, edit the policy password settings on Computer11.

8. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run the manage-bde.exe Cstatus command

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run the Enable-BitLockerAutoUnlock cmdlet

9. Topic 2, Contoso, Ltd

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- Computer A must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic look on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Assigned access must be configured on Computer1.

You need to meet the technical requirement for User6.

What should you do?

Add User6 to the Remote Desktop Users group in the domain.

Remove User6 from Group2 in the domain.

Add User6 to the Remote Desktop Users group on Computer2.

And User6 to the Administrators group on Computer2.

10. You need to meet the technical requirements for EFS on ComputerA.

What should you do?

Run certutil.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local Group Policy.

Run certutil.exe, and then add a certificate to the local Group Policy.

Page 2 of 46

11. You need to meet the technical requirement for the IT department users.

What should you do first?

Issue computer certificates

Distribute USB keys to the IT department users.

Enable screen saver and configure a timeout.

Turn on Bluetooth.

12. HOTSPOT

You need to meet the technical requirement for Computer1.

What should you do? To answer, select the appropriate options in the answer area.

13. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer, select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

14. You need to meet the quality update requirement for Computer A.

For how long should you defer the updates?

14 days

10 years

5 years

180 days

30 days

15. You need to meet the technical requirements for the San Diego office computers .

Which Windows 10 deployment method should you use?

wipe and load refresh

Windows Autopilot

provisioning Packages

in-place upgrade

16. HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

17. Topic 3, Litware inc

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking

these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

General Overview

Litware, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment

Existing Environment

The network contains an on-premises Active Directory domain named litware.com.

The domain contains the computers shown in the following table.

The network that uses 192.168.10.0/24 connects to the internet by using a Network Address Translation (NAT) device.

Windows Admin Center is installed on Server1.

The domain contains the groups shown in the following table.

The domain contains the users shown in the following table.

Computer1 Configuration

Computer1 contains the local user accounts shown in the following table.

Computer1 contains a folder named D:Folder1 that has permission inheritance disabled.

Computer1 contains a file named D:Folder1Report.docx that has the permissions shown in the following table.

D:Folder1Report.docx has auditing configured as shown in the following table.

The Local Computer Policy for Computer1 is configured as shown in the following table.

Windows Defender Firewall for Computer1 has the rules shown in the following table.

Computer2 Configuration

Computer2 contains the local user accounts shown in the following table.

Group1 and Group2 are members of the Remote Desktop Users group.

The Local Computer Policy for Computer2 is configured as shown in the following table.

Windows Defender Firewall for Computer2 has the rules shown in the following table.

Computer3 Configuration

Computer3 contains the local user accounts shown in the following table.

Windows Defender Firewall for Computer3 has the rules shown in the following table.

Requirements and Planned Changes

Planned Changes

Litware plans to make the following changes on Computer1:

✑ Grant User1 Allow Full control permissions to D:Folder1Report.docx.

✑ Grant User2 Allow Full control permissions to D:Folder1Report.docx.

✑ Grant User3 Allow Full control permissions to D:Folder1.

Technical Requirements

Litware identifies the following technical requirements:

✑ Configure custom Visual Effect performance settings for Computer1.

✑ Manage Computer2 by using Windows Admin Center.

✑ Minimize administrative effort.

Delivery Optimization on the computers that run Windows 10 must be configured to meet the following requirements:

✑ Content must be downloaded only from an original source.

✑ Downloading content from peer cache clients must be prevented.

✑ Downloads must be optimized by using the Delivery Optimization cloud service.

Which users can create a new group on Computer3?

User31 only

User1 and User32 only

Admin1 and User31 only

Admin1, User31, and User32 only

18. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

19. CORRECT TEXT

Which users can sign in to Computer3 when the computer starts in Safe Mode?

A- User31 only

B. User31 and User32 only

C. User31 andAdmin1 only

D. User31, User 32, User33, and Admin1

E. User31, User32, and User33 only

20. You need to ensure that you can manage Computer2 by using Windows Admin Center on Server1.

What should you do on Computer2?

Install the Remote Server Administration Tool (RSAT) optional features.

Run the winrm quickconfig command.

Set the Windows Management Service Startup type to Automatic and start the service.

Run the Sec-Location cmdlet.

Page 3 of 46

21. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point.

22. You need to configure Delivery Optimization to meet the technical requirements.

Which download mode should you use?

Simple (99)

Group (2)

Internet (3)

HTTP Only (0)

Bypass (100)

23. HOTSPOT

Which Windows 10 computers can you ping successfully from Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

24. Which users can sign in to Computer2 by using Remote Desktop?

Admin1 only

User 1 only

Admin1 and User2 only

Admin1, User1, User2, and User3

User2 only

25. On Computer1, you need to configure the custom Visual Effects performance settings .

Which user accounts can you use?

Admm1, User11, and User13 only

Admin1 only

Admin1, User11, and User12 only

Admin1, User11, User12, and User13

Admin1 and User11 only

26. HOTSPOT

You implement the planned changes for Computer1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

27. Topic 4, Mix Questions

You deploy Windows 10 to a computer named Computer1.

Computer1 contains a folder named Folder1 contains multiple documents.

You need to ensure that you can recover the files in Folder1 by using the Previous Versions tab.

What are three possible ways to achieve the goal? Each correct answer presents a complete the solution. NOTE: Each correct selection is worth one point.

Enable File History and include Folder1 in the Documents library.

Enable File History and add Folder1 to File History.

Select Folder is ready for archiving from the properties of Folder1.

Select Allow files in this folder to have contents indexed in addition to file properties from the properties of Folder1.

Set up Backup and Restore (Windows 7) and include Folder1 in the backup.

28. Your company has a computer named Computer1 that runs Windows 10. Computer1 is used to provide guests with access to the Internet. Computer1 is a member of a workgroup.

You want to configure Computer1 to use a user account sign in automatically when the computer is started. The user must not be prompted for a user name and password.

What should you do?

Configure Group Policy preferences.

Run the BCDBoot command.

Edit the Registry.

Run the MSConfig command.

29. HOTSPOT

You have a workgroup computer named Computer1 that runs Windows 10 and has the users shown in the following table.

You plan to add a key named Key1 to the following three registry branches:

✑ HKEY_CURRENT_CONFIGSoftware

✑ HKEY_LOCAL_MACHINESSoftware

✑ HKEY_CURRENT_USERSoftware

You need to identify which users can add Key1.

What user or users should you identify for each branch? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

30. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You configure Microsoft Edge settings by using domain and local Group Policy Objects (GPOs).

You need to generate a report that contains all the Microsoft Edge policy settings applied to a computer.

What should you do?

From PowerShell. run the Gec-GPO cmdlet.

From PowerShell. run the Gec-GPOReporc cmdlet.

From Microsoft Edge, open edge://policy.

From the Start menu, select Group Policy Object Editor

Page 4 of 46

31. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.

You plan to share Folder1. Everyone will have Read share permissions, and administrators will have Full control share permission.

You need to prevent the share from appearing when users browse the network.

What should you do?

Enable access-based enumeration.

Deny the List NTFS permissions on Folded.

Add Folded to a domain-based DFS namespace.

Name the share Folded$.

32. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the deny log on locally user right.

Does this meet the goal?

Yes

33. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a laptop named Computer1 that runs Windows 10.

When in range, Computer1 connects automatically to a Wi-Fi network named Wireless1.

You need to prevent Computer1 from automatically connecting to Wireless1.

Solution: From the Services console, you disable the Link-Layer Topology Discovery Mapper service.

Does this meet the goal?

Yes

34. HOTSPOT

Your network contains an Active Directory domain.

The domain contains the users shown in the following table.

The Authenticated Users group has the Add workstations to domain user right in the Default Domain Controllers Policy.

The Device Managers and Help Desk groups are granted the Create Computer objects permission for the Computers container of the domain.

You have 15 workgroup computers that run Windows 10. Each computer contains a local user account named LocalAdmin1 that is a member of the following groups:

✑ Administrators

✑ Device Owners

✑ Authenticated Users

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

35. Your company has a wireless access point that uses WPA2-Enterprise.

You need to configure a computer to connect to the wireless access point.

What should you do first?

Create a provisioning package in Windows Configuration Designer.

Request a passphrase.

Request and install a certificate.

Create a Connection Manager Administration Kit (CMAK) package.

36. Your network contains an Active Directory domain named contoso.com. The domain contains two computers named Computer1 and Computer2 that run Windows 10.

On Computer1, you need to run the Invoke-Command cmdlet to execute several PowerShell commands on Computer2.

What should you do first?

On Computer2, run the Enable-PSRemoting cmdlet

From Active Directory, configure the Trusted for Delegation setting for the computer account of Computer2

On Computer1, run the New-PSSession cmdlet

On Computer2, add Computer1 to the Remote Management Users group

37. You have a computer named Computer1 that runs Windows 11.

You need to ensure that you can use the ping command to validate network connectivity to Computer 1.

How should you configure Windows Defender Firewall on Computer1?

Enable the Core Networking - Teredo (UDP-ln) inbound rule.

Create a new connection security rule.

Enable the File and Printer Sharing (Echo Request - ICMPv4-ln) inbound rule.

Add a new port rule to allow ports 80 and 443.

38. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You deploy Windows 10 to a computer named Computer1.

Computer1 contains a folder named C:Folder1. Folder1 contains multiple documents.

You need to ensure that you can recover the files in Folder1 by using the Previous Versions tab.

Solution: You set up Backup and Restore (Windows 7) and include Folder1 in the backup.

Does this meet the goal?

Yes

39. HOTSPOT

You have a workgroup computer named Computer1 that runs Windows 10.

From File Explorer, you open OneDrive as shown in the following exhibit.

Use the drop-down menus to select the answer choice that answers each question based on the information presented on the graphic. NOTE: Each correct selection is worth one point.

40. You have a computer named Computer1 that runs Windows 10.

You are troubleshooting connectivity issues on Computer1.

You need to view the remote addresses to which Computer1 has active TCP connections.

Which tool should you use?

Performance Monitor

Task Manager

Resource Monitor

Windows Defender Firewall with Advanced Security

Page 5 of 46

41. HOTSPOT

You are a network administrator at your company.

A user attempts to start a computer and receives the following error message: “Bootmgr is missing.”

You need to resolve the issue.

You start the computer in recovery mode.

Which command should you run next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

42. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a laptop named Computer1 that runs Windows 10.

When in range, Computer1 connects automatically to a Wi-Fi network named Wireless1.

You need to prevent Computer1 from automatically connecting to Wireless1.

Solution: From a command prompt, you run netsh wlan delete profile name="Wireless1".

Does this meet the goal?

Yes

43. HOTSPOT

You have a computer that runs Windows 10.

A feature update is installed automatically.

You need to roll back the feature update.

Up to how many days after the feature update is installed can you roll back the installation, and what should you use to perform the roll back? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

44. You customize the Start menu on a computer that runs Windows 10 as shown in the following exhibit.

You need to add Remote Desktop Connection to Group1 and remove Group3 from the Start menu.

Which two actions should you perform from the Start menu customizations? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Unlock Group!

Remove Command Prompt from Group1.

Delete Group3.

Add Remote Desktop Connection to Group1.

Rename Group3 as Group1.

45. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the local users shown in the following table.

Computer1 contains the folders shown in the following table.

The Users group has Full control permissions to Folder1, Folder2, and Folder3.

User1 encrypts two files named File1.docx and File2.docx in Folder1 by using EFS.

Which users can move each file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

46. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer that runs Windows 10. The computer contains a folder named D:Scripts. D:Scripts contains several PowerShell scripts.

You need to ensure that you can run the PowerShell scripts without specifying the full path to the scripts. The solution must persist between PowerShell sessions.

Solution: From a command prompt, you run set.exe PATHEXT=d:scripts.

Does this meet the goal?

Yes

47. You have a computer that runs Windows 10.

You need to be able to recover the computer by using System Image Recovery.

What should you use to create a system image?

Windows System Image Manager (Windows SIM)

Backup and Restore (Windows 7)

File History

System Protection

48. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

Use the following login credentials as needed:

To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator

Password: Passw0rd!

The following information is for technical support purposes only:

Lab Instance: 10921597

You need to connect to your company’s network and create a VPN connection on Client2 named VPN1 that meets the following requirements:

VPN1 must connect to a server named vpn.contoso.com.

Only traffic to your company’s network must be routed through VPN1.

To complete this task, sign in to the required computer or computers.

49. You are troubleshooting the network connectivity of a computer that runs Windows 10. The computer is connected physically to the network but rejects network traffic from an external source.

You need to reinstall the TCP/IP stack on the computer.

What should you run?

the necsh int ip resec command

the Resec-NetAdapcerAdvancedPropercy cmdlet

the netcf g -d command

the Debug-NecworkController cmdlet

50. HOTSPOT

You have a computer that runs Windows 10. The computer contains a folder named C:ISOs that is shared in ISOs.

You run several commands on the computer as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Page 6 of 46

51. HOTSPOT

You have the source files shown in the following table.

You mount an image from Image1.wim to a folder named C:Mount.

You need to add the French language pack to the mounted image.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

52. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

53. Your network contains an Active Directory domain. The domain contains a computer named Computer 1 that runs Windows 10. You need to be able to reset computer accounts from Computer! .

What should you do first?

From Windows Defender Firewall, allow Windows Remote Management

Add the RSAT: Active Directory Domain Services and Lightweight Directory Services Tools optional feature.

From Windows Defender Firewall, allow Remote Service Management

Add the RSAT: Server Manager optional feature.

54. HOTSPOT

You have a computer named Computer5 that runs Windows 10 that is used to share documents in a workgroup.

You create three users named User-a, User-b, User-c. The users plan to access Computer5 from the network only.

You have a folder named Data. The Advanced Security Settings for the Data folder are shown in the Security exhibit. (Click the Security Exhibit tab).

You share the Data folder.

The permission for User-a are shown in the User-a exhibit (Click the User-a tab.)

The permissions for user-b are shown in the User-b exhibit. (Click the User-b tab.)

The permissions for user-c are shown in the User-c exhibit. (Click the User-c tab.)

For each of the following statements, select Yes if the statements is true. Otherwise, select No. NOTE: Reach correct selection is worth one point.

55. HOTSPOT

You have four computers that run Windows 10.

The computers are configured as shown in the following table.

On Computer1, you create a user named User1. In the domain, you create a user named User2.

You create the groups shown in the following table.

You need to identify to which computers User1 can sign in, and to which groups you can add User2.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

56. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

A web service installed on Client1 is used for testing.

You discover that users cannot connect to the web service by using HTTP.

You need to allow inbound HTTP connections to Client1.

To complete this task, sign in to the required computer or computers.

57. Your network contains an Active Directory domain. The domain contains a computer named Computer! that runs Windows 10. Computer1 has a Trusted Platform Module (TPM) version 12.

The domain contains a domain controller named DC1 that has all the Remote Server Administration Tools (RSAT) installed.

BitLocker Drive Encryption (BitLodcer) recovery passwords are stored in Active Directory.

You enable BitLocker on the operating system drive of Computer1.

A software update on Computer! disables the TPM. and BitLocker enters recovery mode.

You need to recover your BitLocker password for Computer1.

What should you use to retrieve the recovery password?

Active Directory Users and Computers

repair-bde with he -f parameter

manage-bde with the -unlock parameter

Disk Management

58. Your company deploys Windows 10 Enterprise to all computers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).

The company purchases a new computer for a new user and creates an Azure AD account for the user.

The user signs in to the computer by using the Azure AD account.

The user discovers the activation error shown in the following exhibit.

You need to activate Windows 10 Enterprise on the computer.

What should you do?

In Azure A

assign a Windows 10 Enterprise license to the user.

At the command prompt, run slmgr /ltc.

Reinstall Windows as Windows 10 Enterprise.

At the command prompt, run slmgr /ato.

59. You have a computer that runs Windows 10.

The computer fails to start, and you receive the following error message: “BOOTMGR image is corrupt. The system cannot boot”.

You need to repair the system partition.

Which command should you run from Windows Recovery Environment (WinRE)?

fdisk.exe

chkdsk.exe

diskpart.exe

bcdboot.exe

60. You have a computer named Computer1 that runs Windows 10. Computer1 connects to

multiple wireless networks.

You need to view the wireless networks to which Computer1 connects.

What should you use?

the System log in Event Viewer

Wi-Fi in the Settings app

the properties of the wireless adapter in Network Connections in Control Panel

the Details tab for the wireless adapter in Device Manager

Page 7 of 46

61. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage devices that run Windows 10.

Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks.

You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the Internet.

Solution: From Network & Internet in the Settings app, you set a data limit.

Does this meet the goal?

Yes

62. DRAG DROP

You enable Windows PowerShell remoting on a computer that runs Windows 10.

You need to limit which PowerShell cmdlets can be used in a remote session.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

63. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.

The domain contains the users shown in the following table.

Computer1 has four printers as shown in the following table.

Which printers will be available to User1 when the user signs in to Computer1?

Printer3 only

Printed and Printer3 only

Printed, Printer2. and Printer3 only

Printed, Printer3, and Printer4 only

Printed, Printer2, Printer3, and Printer4

64. Your network an Active Directory domain named adatum.com. The domain contains 50 computers that runs Windows 8.1. The computer has locally installed desktop application that are compatible with Windows 10.

You need to upgrade the computers to windows 10, The solution must preserver the locally installed desktop applications.

Solution: You use Windows Autopilot and create a deployment profile. You generalize each computer, and the you restart the computers.

Does this meet the goal?

Yes

65. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes

66. You have a workgroup computer named Computer1 that runs Windows 10.

Computer1 has the user accounts shown in the following table.

User3, User4, and Administrator sign in and sign out on Computer1. User1 and User2 have never signed in to Computer1.

You are troubleshooting policy issues on Computer1. You sign in to Computer1 as Administrator.

You add the Resultant Set of Policy (RsoP) snap-in to an MMC console.

Which users will be able to sign in on Computer1?

User1, User3, and User4 only

Administrator only

Use1, User2, User3, User4, and Administrator

User3, User4, and Administrator only

67. HOTSPOT

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.

The computers are configured as shown in the following table.

You have a Group Policy Object (GPO) named GPO1 that has the settings shown in the following exhibit.

A domain administrator links GPO1 to OU2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

68. You have a computer named Computer1 that runs Windows 10.

You need to enable boot logging on Computer1.

What should you do?

At a command prompt, run the bcdboot.exe command and specify the /v parameter.

From the Settings app, configure the Start settings.

From System Properties in Control Panel, configure the Startup and Recovery settings.

From System Configuration configure the Boot settings.

69. HOTSPOT

Your network contains an Active Directory domain named adatum.com that uses Key Management Service (KMS) for activation.

You deploy a computer that runs Windows 10 to the domain.

The computer fails to activate.

You suspect that the activation server has an issue.

You need to identify which server hosts KMS.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

70. HOTSPOT

You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide visitors with access to the Internet.

You need to configure the computer to meet the following requirements:

✑ Always sign in automatically as User1.

✑ Start an application named App1.exe at sign-in.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 8 of 46

71. Your company has a Remote Desktop Gateway (RD Gateway).

You have a server named Server1 that is accessible by using Remote Desktop Services (RDS) through the RD Gateway.

You need to configure a Remote Desktop connection to connect through the gateway.

Which setting should you configure?

Connection settings

Server authentication

Local devices and resources

Connect from anywhere

72. You are preparing to deploy Windows 10.

You download and install the Windows Assessment and Deployment Kit (Windows ADK).

You need to create a bootable WinPE USB drive.

What should you do first?

Run the MakeWinPEMedia command.

Download and install Windows Configuration Designer.

Run the WPEUcil command.

Download and install the WinPE add-on.

73. A user has a computer that runs Windows 10.

The user has access to the following storage locations:

✑ A USB flash drive

✑ Microsoft OneDrive

✑ OneDrive for Business

✑ A drive mapped to network share

✑ A secondary partition on the system drive

You need to configure Back up using File History from the Settings app.

Which two storage locations can you select by using File History? Each correct answer presents complete solution. NOTE: Each correct selection is worth one point.

OneDrive for Business

OneDrive

the USB flash drive

the secondary partition on the system drive

the drive mapped to a network share

74. HOTSPOT

You are planning a recovery strategy for computers that run Windows 10.

You need to create recovery procedures to roll back feature updates and quality updates.

What should you include in the procedures? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

75. A user named User1 has a computer named Computer1 that runs Windows 10.

User1 connects to a Microsoft Azure virtual machine named VM1 by using Remote Desktop.

User1 creates a VPN connection to a partner organization.

When the VPN connection is established, User1 cannot connect to VM1. When User1 disconnects from the VPN, the user can connect to VM1.

You need to ensure that User1 can connect to VM1 while connected to the VPN.

What should you do?

From the proxy settings, add the IP address of VM1 to the bypass list to bypass the proxy.

From the properties of VPN1, clear the Use default gateway on remote network check box.

From the properties of the Remote Desktop connection to VM1, specify a Remote Desktop Gateway (RD Gateway).

From the properties of VPN1, configure a static default gateway address.

76. Your network contains an Active Directory domain. The domain contains a user named Admin1. All computers run Windows 10.

You enable Windows PowerShell remoting on the computers.

You need to ensure that Admin1 can establish remote PowerShell connections to the computers. The solution must use the principle of least privilege.

To which group should you add Admin1?

Access Control Assistance Operators

Power Users

Remote Desktop Users

Remote Management Users

77. Your network an Active Directory domain named adatum.com. The domain contains 50 computers that runs Windows 8.1. The computer has locally installed desktop application that are compatible with Windows 10.

You need to upgrade the computers to windows 10, The solution must preserver the locally installed desktop applications.

Solution. You use System image manager (Windows SIM) to create an answer file. You use Windows Deployment Service (WDS) to add an install image. You start each computer by using PXE, and then install the image.

Does this meet the goal?

Yes

78. O: 153

You deploy Windows 10 to several computers. The computers will be used by users who frequently present their desktop to other users.

You need to prevent applications from generating toast notifications in the notification area.

Which settings should you configure from the Settings app?

Shared experiences

Privacy

Focus assist

Tablet mode

79. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

You need to create a file named Private.txt in a folder named Folder1 on the C drive of Client2.

You need to encrypt Private.txt and ensure that a user named User1 can view the contents of Private.txt.

To complete this task, sign in to the required computer or computers.

80. You have a workgroup computer named Computer1 that runs Windows 10.

You need to configure Windows Hello for sign-in to Computer1 by using a physical security key.

What should you use?

a USB 3.0 device that supports BitLocker Drive Encryption (BitLocker)

a USB device that supports FIDO2

a USB 3.0 device that has a certificate from a trusted certification authority (CA)

a USB device that supports RSA SecurID

Page 9 of 46

81. Topic 1, Fabrikam, Inc.

Introductory Info

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

Updates are deployed by using Windows Update for Business.

When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security Policies

The following security policies are enforced on all the client computers in the domain:

All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

The local Administrators group on each computer contains an enabled account named LocalAdmin.

The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

User10 reports that Computer10 is not activated.

Technical Requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

You need to recommend a solution to monitor update deployments.

What should you include in the recommendation?

Windows Server Update (WSUS)

the Update Management solution in Azure Automation

the Update Compliance solution in Azure Log Analytics

the Azure Security Center

82. You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

83. You need to take remote control of an employee’s computer to troubleshoot an issue.

What should you send to the employee to initiate a remote session?

a numeric security code

a connection file

an Easy Connect request

a password

84. You need to recommend a solution to configure the employee VPN connections.

What should you include in the recommendation?

Remote Access Management Console

Group Policy Management Console (GPMC)

Connection Manager Administration Kit (CMAK)

Microsoft Intune

85. HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

86. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run the manage-bde.exe Cstatus command

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run the Enable-BitLockerAutoUnlock cmdlet

87. You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Local Security Policy, edit the policy password settings on Computer11.

From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.

From Microsoft Intune, edit the policy password settings on Computer11.

88. HOTSPOT

You need to reduce the amount of time it takes to restart Application1 when the application crashes.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

89. Topic 2, Contoso, Ltd

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- Computer A must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic look on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Assigned access must be configured on Computer1.

HOTSPOT

You need to meet the technical requirement for Computer1.

What should you do? To answer, select the appropriate options in the answer area.

90. You need to meet the technical requirements for the San Diego office computers .

Which Windows 10 deployment method should you use?

wipe and load refresh

Windows Autopilot

provisioning Packages

in-place upgrade

Page 10 of 46

91. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer, select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

92. You need to meet the technical requirement for the IT department users.

What should you do first?

Issue computer certificates

Distribute USB keys to the IT department users.

Enable screen saver and configure a timeout.

Turn on Bluetooth.

93. You need to meet the quality update requirement for ComputerA.

For how long should you defer the updates?

14 days

10 years

5 years

180 days

30 days

94. HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

95. You need to meet the technical requirement for User6.

What should you do?

Add User6 to the Remote Desktop Users group in the domain.

Remove User6 from Group2 in the domain.

Add User6 to the Remote Desktop Users group on Computer2.

And User6 to the Administrators group on Computer2.

96. You need to meet the technical requirements for EFS on Computer A.

What should you do?

Run certutil.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local Group Policy.

Run certutil.exe, and then add a certificate to the local Group Policy.

97. Topic 3, Litware inc

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking

these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

General Overview

Litware, Inc. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York.

Environment

Existing Environment

The network contains an on-premises Active Directory domain named litware.com.

The domain contains the computers shown in the following table.

The domain contains the users shown in the following table.

Computer1 Configuration

Computer1 contains the local user accounts shown in the following table.

Computer1 contains a folder named D:Folder1 that has permission inheritance disabled.

Computer1 contains a file named D:Folder1Report.docx that has the permissions shown in the following table.

D:Folder1Report.docx has auditing configured as shown in the following table.

The Local Computer Policy for Computer1 is configured as shown in the following table.

Windows Defender Firewall for Computer1 has the rules shown in the following table.

Computer2 Configuration

Computer2 contains the local user accounts shown in the following table.

Group1 and Group2 are members of the Remote Desktop Users group.

The Local Computer Policy for Computer2 is configured as shown in the following table.

Windows Defender Firewall for Computer2 has the rules shown in the following table.

Computer3 Configuration

Computer3 contains the local user accounts shown in the following table.

Windows Defender Firewall for Computer3 has the rules shown in the following table.

98. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

99. HOTSPOT

Which Windows 10 computers can you ping successfully from Computer1 and Computer2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

100. You need to configure Delivery Optimization to meet the technical requirements.

Which download mode should you use?

Simple (99)

Group (2)

Internet (3)

HTTP Only (0)

Bypass (100)

Page 11 of 46

101. Which users can create a new group on Computer3?

User31 only

User1 and User32 only

Admin1 and User31 only

Admin1, User31, and User32 only

102. You need to ensure that you can manage Computer2 by using Windows Admin Center on

Server1.

What should you do on Computer2?

Install the Remote Server Administration Tool (RSAT) optional features.

Run the winrm quickconfig command.

Set the Windows Management Service Startup type to Automatic and start the service.

Run the Sec-Location cmdlet.

103. HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point.

104. On Computer1, you need to configure the custom Visual Effects performance settings .

Which user accounts can you use?

Admm1,User11, and User13 only

Admin1 only

Admin1, User11, and User12 only

Admin1, User11, User12, and User13

Admin1 and User11 only

105. CORRECT TEXT

Which users can sign in to Computer3 when the computer starts in Safe Mode?

A- User31 only

B. User31 and User32 only

C. User31 andAdmin1 only

D. User31, User 32, User33, and Admin1

E. User31,User32, and User33 only

106. Which users can sign in to Computer2 by using Remote Desktop?

Admin1 only

User 1 only

Admin1 and User2 only

Admin1, User1, User2, and User3

User2 only

107. Topic 4, Mix Questions

You have a Microsoft 365 Enterprise E3 license.

You have a computer named Computer1 that runs Windows 10.

You need to ensure that you can access the files on Computer1 by using a web browser on another computer .

What should you configure?

Sync your settings in the Settings app

the File Explorer desktop app

the Microsoft OneDrive desktop app

Default apps in the Settings app

108. You have a computer named Computer1 that runs Windows 10.

On Computer1, you create the local users shown in the following table.

Which three user profiles will persist after each user signs out? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

109. HOTSPOT

Use the drop-down menus to select the answer choice that completes each statement based on the information presented on the graphic.

NOTE: Each correct selection is worth one point.

110. User1 is a member of the Administrators group on a computer that runs Windows 10.

When User1 attempts to view the security settings of a folder named C:SecretData, the user receives the message in the Security exhibit.

On the computer, you sign in as a member of the Administrators group and view the permissions to C:SecretData as shown in the Permissions exhibit.

You need to restore Use1's access to C:SecretData.

What should you do first?

From the Permissions tab of Advanced Security Settings for SecretData, select Continue to attempt the operation by using administrative privileges.

Assign User1 Full control permissions to the C folder and set the inheritance to This folder, subfolders and files.

From an elevated command prompt, run cacls.exe c:secretdata /g user1:

Page 12 of 46

111. HOTSPOT

You have a workgroup computer named Computer1 that runs Windows 10 and has the users shown in the following table.

User Account Control (UAC) on Computer1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

112. HOTSPOT

You have the source files shown in the following table.

113. You have a computer that runs Windows 10 and is joined to Azure Active Directory (Azure AD).

You attempt to open Control Panel and receive the error message shown on the following exhibit.

You need to be able to access Control Panel.

What should you modify?

the PowerShell execution policy

the Local Group Policy

the Settings app

a Group policy preference

114. You have a computer that runs Windows 8.1.

When you attempt to perform an in-place upgrade to Windows 10, the computer fails to start after the first

restart.

You need to view the setup logs on the computer.

Which folder contains the logs?

$Windows.~BTSourcesPanther

WindowsLogs

WindowsTemp

$Windows.~BTInf

115. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and contains the following files:

✑ C:Folder1File1.bat

✑ C:Folder1File1.exe

✑ C:Folder1File1.cmd

A user named User1 is assigned Read & execute to all the files.

Computer1 is configured as shown in the exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

116. HOTSPOT

You have a computer that runs Windows 10.

You view the domain services status as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

117. HOTSPOT

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.

A user named Mia Hamm has a computer named Computer1. Mia Hamm reports that when she logs on to Computer1, she cannot access servers on the network but she can access computers on the internet.

You run the ipconfig command on Computer1 and receive the following output.

You successfully ping the default gateway, the DNS servers, and the DHCP server.

You need to resolve the connectivity problem on Computer1.

Which setting should you configure? To answer, select the appropriate options in the answer area.

118. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.

You need to view the settings to Computer1 by Group Policy objects (GPOs) in the domain and local Group Policies.

Which command should you run?

gpresult

secedit

gpupdate

gpfixup

119. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

120. You customize the Start menu on a computer that runs Windows 10 as shown in the following exhibit.

Unlock Group!

Remove Command Prompt from Group1.

Delete Group3.

Add Remote Desktop Connection to Group1.

Rename Group3 as Group1.

Page 13 of 46

121. You have a computer that runs Windows 10.

You need to be able to recover the computer by using System Image Recovery.

What should you use to create a system image?

Windows System Image Manager (Windows SIM)

Backup and Restore (Windows 7)

File History

System Protection

122. You have a computer named Computer1 that runs Windows 10.

You restart Computer1 by using Advanced startup and select Boot log.

In which folder is the boot log file stored?

C:Windows

C:Windowsdebug

C:WindowsSyscem32LogFiles

123. You install Windows 10 Enterprise on a new computer.

You need to force activation on the computer.

Which command should you run?

slmgr /upk

Sec-RDLicenseConfiguration -Force

Sec-MsolLicense -AddLicense

slmgr /ato

124. Your company has several mobile devices that run Windows 10.

You need configure the mobile devices to meet the following requirements:

✑ Windows updates may only be download when mobile devices are connect to Wi-Fi.

✑ Access to email and the Internet must be possible at all times.

What should you do?

Open the Setting app and select Update & Security. Then select and configure Change active hours.

Open the Setting app and select Network & Internet. Then select Change connection properties, and set the Metered connection option for cellular network connections to On.

Open the Setting app and select Network & Internet Then select Data Usage and set a data limit.

Open the Setting app and select Update & Security. Then select and configure Delivery Optimization.

125. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

126. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.

Does this meet the goal?

Yes

127. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

You need to identify the total number of events that have Event ID 63 in the Application event log. You must type the number of identified events into C:Folder1FileA.txt.

To complete this task, sign in to the required computer or computers and perform the required action.

128. You deploy Windows 10 to several computers. The computers will be used by users who frequently present their desktop to other users.

You need to prevent applications from generating toast notifications in the notification area.

Which settings should you configure from the Settings app?

Shared experiences

Privacy

Focus assist

Tablet mode

129. HOTSPOT

Your network contains an Active Directory domain.

The domain contains the users shown in the following table.

130. CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password

You need to ensure that all the current and future users in the Active Directory domain can establish Remote Desktop connections to Client1. The solution must use the principle of least privilege.

To complete this task, sign in to the required computer or computers.

Page 14 of 46

131. You have a computer named Computer1 that runs Windows 10.

On Computer1, you turn on File History.

You need to protect a folder named D:Folder1 by using File History.

What should you do?

From File Explorer, modify the General settings of D:Folder1

From File Settings app, configure the Backup settings

From the Settings app, configure the Recovery settings

From File History in Control Panel, configure the Select drive settings

132. You have a computer named Computer1 that runs Windows 10.

The relevant services on Computer1 are shown in the following table.

Which service will start after you restart Computer1?

Service3 and Services only

Service 1, Setvice2. and Services

Service2, Services, and Service6

Services only

133. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage devices that run Windows 10.

Ten sales users will travel to a location that has limited bandwidth that is expensive. The sales users will be at the location for three weeks.

You need to prevent all Windows updates from downloading for the duration of the trip. The solution must not prevent access to email and the Internet.

Solution: From Network & Internet in the Settings app, you set the network connections as metered connections.

Does this meet the goal?

Yes

134. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to It. As a result these question will not appear In the review screen.

You have two computers named Computer1 and Computer2 that run Windows 10.

You have an Azure Active Directory (Azure AD) user account named admin®contoso.com that is m the local Administrators group on each computer.

You sign m to Compute1 by using admin®contoso.com.

You need to ensure that you can use Event Viewer on Computer1 to connect to the event logs on Computer?.

Solution: On Computer2, you create a Windows Defender Firewall rule that allows eventwr.exe.

Does this meet the goal?

Yes

135. Note: This question is part of a series of questions that present the same scenario.

Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a workgroup computer that runs Windows 10.

The computer contains the local user accounts shown in the following table.

You need to configure the desktop background for User1 and User2 only.

Solution: From the local computer policy, you configure the Filter Options settings for the user policy. At a command prompt, you run the gpupdate.exe/Target:user command.

Does this meet the goal?

Yes

136. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit privilege use.

Does this meet the goal?

Yes

137. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have two computers named Computer1 and Computer2 that run Windows 10.

You have an Azure Active Directory (Azure AD) user account named [email protected] that is in the local Administrators group on each computer.

You sign in to Computer1 by using [email protected]

You need to ensure that you can use Event Viewer on Computer1 to connect to the event logs on Computer2.

Solution: On Computer2, you run the Enable-PSRemoting cmdlet.

Does this meet the goal?

Yes

138. Your company deploys Windows 10 Enterprise to all computers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).

The company purchases a new computer for a new user and creates an Azure AD account for the user.

The user signs in to the computer by using the Azure AD account.

The user discovers the activation error shown in the following exhibit.

You need to activate Windows 10 Enterprise on the computer.

What should you do?

In Azure A

assign a Windows 10 Enterprise license to the user.

At the command prompt, run slmgr /ltc.

Reinstall Windows as Windows 10 Enterprise.

At the command prompt, run slmgr /ato.

139. You have a workgroup computer named Computer1 that runs Windows 10.

Computer1 has the user accounts shown in the following table.

User1, User3, and User4 only

Administrator only

Use1, User2, User3, User4, and Administrator

User3, User4, and Administrator only

140. STION NO: 141

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com.

The domain contains the users shown in the following table.

You have a computer named Computer1 that runs Windows 10 and is in a workgroup.

A local standard user on Computer1 named User1 joins the computer to the domain and uses the credentials of User2 when prompted.

You need to ensure that you can rename Computer1 as Computer33.

Solution: You use the credentials of User4 on Computer1.

Does this meet the goal?

Yes

Page 15 of 46

141. Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.

You discover that none of the computers are activated.

You need to recommend a solution to activate the computers without connecting the network to the Internet.

What should you include in the recommendation?

Volume Activation Management Tool (VAMT)

Key Management Service (KMS)

Active Directory-based activation

the Get-WindowsDeveloperLicense cmdlet

142. You plan to deploy Windows 10 to 100 secure computers.

You need to select a version of Windows 10 that meets the following requirements:

✑ Uses Microsoft Edge as the default browser

✑ Minimizes the attack surface on the computer

✑ Supports joining Microsoft Azure Active Directory (Azure AD)

✑ Only allows the installation of applications from the Microsoft Store

What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

Windows 10 Pro in S mode

Windows 10 Home in S mode

Windows 10 Pro

Windows 10 Enterprise

143. DRAG DROP -

You have a computer named Computer1 that runs Windows 8.1. Computer1 has a local user named User1 who has a customized profile.

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.

You need to migrate the settings of User1 from Windows 8.1 to Windows 10.

Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

144. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you configure Application1 to sign in as the Local System account and select the Allow service to interact with desktop check box. You delete the Service1 account.

Does this meet the goal?

Yes

145. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on locally user right.

Does this meet the goal?

Yes

146. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on as a service user right.

Does this meet the goal?

Yes

147. You have a Microsoft Azure Active Directory (Azure AD) tenant.

Some users sign in to their computer by using Windows Hello for Business.

A user named User1 purchases a new computer and joins the computer to Azure AD.

User1 is not able to use Windows Hello for Business on his computer.

User1 sign-in options are shown on the exhibit.

https://www.examtopics.com/assets/media/exam-media/03885/0002200001.png

You open Device Manager and confirm that all the hardware works correctly.

You need to ensure that User1 can use Windows Hello for Business facial recognition to sign in to the computer.

What should you do first?

Purchase an infrared (IR) camera.

Upgrade the computer to Windows 10 Enterprise.

Enable UEFI Secure Boot.

Install a virtual TPM driver.

148. Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers.

The company purchases 1,000 new computers.

You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Add a task sequence step that adds a provisioning package.

In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.

Add a custom command to the Unattend.xml file.

Add a configuration setting to Windows Deployment Services (WDS).

Add a task sequence step that runs dism.exe.

149. Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.

Your company purchases a Microsoft 365 subscription.

You need to migrate the Documents folder of users to Microsoft OneDrive for Business.

What should you configure?

One Drive Group Policy settings

roaming user profiles

Enterprise State Roaming

Folder Redirection Group Policy settings

150. Your network contains an Active Directory domain. The domain contains a user named User1.

User1 creates a Microsoft account.

User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.

Which settings should User1 configure?

User Accounts in Control Panel

Email & app accounts in the Settings app

Users in Computer Management

Users in Active Directory Users and Computers

Page 16 of 46

151. HOTSPOT -

Your network contains an Active Directory domain named adatum.com that uses Key Management Service (KMS) for activation.

You deploy a computer that runs Windows 10 to the domain.

The computer fails to activate.

You suspect that the activation server has an issue.

You need to identify which server hosts KMS.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

152. HOTSPOT -

You deploy Windows 10 to a new computer named Computer1.

You sign in to Computer1 and create a user named User1.

You create a file named LayoutModification.xml in the C:UsersDefaultAppDataLocalMicrosoftWindowsShellfolder. LayoutModification.xml contains the following markup.

What is the effect of the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

153. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a workgroup computer named Computer1 that runs Windows 10.

You need to add Computer1 to contoso.com.

What should you use?

Computer Management

dsregcmd.exe

the Settings app

netdom.exe

154. You have a computer that runs Windows 10.

You need to configure a picture password.

What should you do?

From Control Panel, configure the User Accounts settings.

From the Settings app, configure the Sign-in options.

From the Local Group Policy Editor, configure the Account Policies settings.

From Windows PowerShell, run the Set-LocalUser cmdlet and specify the InputObject parameter.

155. You have a workgroup computer named Computer1 that runs Windows 10.

You need to configure Windows Hello for sign-in to Computer1 by using a physical security key.

What should you use?

a USB 3.0 device that supports BitLocker Drive Encryption (BitLocker)

a USB device that supports FIDO2

a USB 3.0 device that has a certificate from a trusted certification authority (CA)

a USB device that supports RSA SecurID

156. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.

The domain contains the users shown in the following table.

Computer1 has the local users shown in the following table.

All users have Microsoft accounts.

Which two users can be configured to sign in by using their Microsoft account? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

157. HOTSPOT -

You have the source files shown in the following table.

158. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.

Computer1 has apps that are compatible with Windows 10.

You need to perform a Windows 10 in-place upgrade on Computer1.

Solution: You copy the Windows 10 installation media to a network share. From Windows 8.1 on Computer1, you run setup.exe from the network share.

Does this meet the goal?

Yes

159. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.

Computer1 has apps that are compatible with Windows 10.

You need to perform a Windows 10 in-place upgrade on Computer1.

Solution: You copy the Windows 10 installation media to a Microsoft Deployment Toolkit (MDT) deployment share. You create a task sequence, and then you run the MDT deployment wizard on Computer1.

Does this meet the goal?

Yes

160. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.

Computer1 has apps that are compatible with Windows 10.

You need to perform a Windows 10 in-place upgrade on Computer1.

Solution: You add Windows 10 startup and install images to a Windows Deployment Services (WDS) server. You start Computer1 by using WDS and PXE, and then you initiate the Windows 10 installation.

Does this meet the goal?

Yes

Page 17 of 46

161. Your company deploys Windows 10 Enterprise to all computers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).

The company purchases a new computer for a new user and creates an Azure AD account for the user.

The user signs in to the computer by using the Azure AD account. The user discovers the activation error shown in the following exhibit.

You need to activate Windows 10 Enterprise on the computer.

What should you do?

In Azure AD, assign a Windows 10 Enterprise license to the user.

At the command prompt, run slmgr /ltc.

Reinstall Windows as Windows 10 Enterprise.

At the command prompt, run slmgr /ato.

162. You have a computer named Computer1 that runs Windows 10.

Several users have signed in to Computer1 and have a profile.

You create a taskbar modification file named LayoutModification.xml.

You need to ensure that LayoutModification.xml will apply to all users who sign in to Computer1.

To which folder should you copy LayoutModification.xml?

C:UsersPublicPublic Desktop

C:WindowsShellExperiences

C:UsersDefaultAppDataLocalMicrosoftWindowsShell

C:WindowsSystem32Configuration

163. HOTSPOT -

Your company uses a Key Management Service (KMS) to activate computers that run Windows 10.

A user works remotely and establishes a VPN connection once a month.

The computer of the user fails to be activated.

Which command should you run on the computer to initiate activation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

164. HOTSPOT -

You have a server named Server1 and computers that run Windows 8.1. Server1 has the Microsoft Deployment Toolkit (MDT) installed.

You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard.

You need to create a deployment share on Server1.

What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

165. Topic 2 - Question Set 2

HOTSPOT

Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.

You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.

Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permissions.

On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

166. HOTSPOT -

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the folders shown in the following table.

On Computer1, you create the users shown in the following table.

User1 encrypts a file named File1.txt that is in a folder named C:Folder1.

What is the effect of the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

167. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

168. You have a computer named Computer1 that runs Windows 10.

You need to configure User Account Control (UAC) to prompt administrators for their credentials.

Which settings should you modify?

Administrators Properties in Local Users and Groups

User Account Control Settings in Control Panel

Security Options in Local Group Policy Editor

User Rights Assignment in Local Group Policy Editor

169. You have several computers that run Windows 10. The computers are in a workgroup.

You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

From Security Settings in the local Group Policy, configure Security Options.

From Administrative Templates in the local Group Policy, configure the Store settings.

From Security Settings in the local Group Policy, configure Software Restriction Policies.

From Security Settings in the local Group Policy, configure Application Control Policies.

170. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

Page 18 of 46

171. HOTSPOT -

You have three computers that run Windows 10 as shown in the following table.

All the computers have C and D volumes. The Require additional authentication at startup Group Policy settings is disabled on all the computers.

Which volumes can you encrypt by using BitLocker Drive Encryption (BitLocker)? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

172. Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10.

On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.

You share the folder as Share1 and assign the permissions shown in the following table.

When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Delete a file created by another user.

Set the permissions for a file.

Rename a file created by another user.

Take ownership of file.

Copy a file created by another user to a subfolder.

173. HOTSPOT -

You have a computer that runs Windows 10. The computer contains a folder named C:ISOs that is shared as ISOs.

You run several commands on the computer as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

174. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2.

You grant Group1 Modify access to Folder1.

Does this meet the goal?

Yes

175. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: You create a local user account on Computer1 and instruct User2 to use the local account to connect to Share1.

Does this meet the goal?

Yes

176. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1.

Does this meet the goal?

Yes

177. You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.

You need to log any users who take ownership of the files in Folder1.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Modify the folder attributes of Folder1.

Modify the Advanced Security Settings for Folder1.

From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.

From a Group Policy object (GPO), configure the Audit File System setting.

Install the Remote Server Administration Tools (RSAT).

178. HOTSPOT -

Your network contains an Active Directory domain.

The domain contains the users shown in the following table.

The domain contains a computer named Computer1 that runs Windows 10.

Computer1 contains a folder named Folder1 that has the following permissions:

✑ User2: Deny Write

✑ Group1: Allow Read

✑ Group2: Allow Modify

Folder1 is shared as Share1$. Share1$ has the following configurations:

✑ Everyone: Allow Full control

✑ Access-based enumeration: Enabled

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

179. You are a network administrator at your company.

The company uses an application that checks for network connectivity to a server by sending a ping request to the IPv6 address of the server. If the server replies, the application loads.

A user cannot open the application.

You manually send the ping request from the computer of the user and the server does not reply. You send the ping request from your computer and the server replies.

You need to ensure that the ping request works from the user’s computer.

Which Windows Defender firewall rule is a possible cause of the issue?

File and Printer Sharing (NB-Datagram-In)

File and Printer Sharing (Echo Request ICMPv6-Out)

File and Printer Sharing (NB-Datagram-Out)

File and Printer Sharing (Echo Request ICMPv6-In)

180. HOTSPOT -

Use the drop-down menus to select the answer choice that completes each statement based on the information presented on the graphic.

NOTE: Each correct selection is worth one point.

Page 19 of 46

181. HOTSPOT -

You have a computer named Computer5 that runs Windows 10 that is used to share documents in a workgroup.

You create three users named User-a, User-b, User-c by using Computer Management. The users plan to access Computer5 from the network only.

You have a folder named Data.

The Advanced Security Settings for the Data folder are shown in the Security exhibit. (Click the Security tab).

You share the Data folder.

The permissions for User-a are shown in the User-a exhibit (Click the User-a tab.)

The permissions for user-b are shown in the User-b exhibit. (Click the User-b tab.)

The permissions for user-c are shown in the User-c exhibit. (Click the User-c tab.)

For each of the following statements, select Yes if the statements is true. Otherwise, select No. NOTE: Reach correct selection is worth one point.

182. HOTSPOT -

You have a computer that runs Windows 10 and contains the folders shown in the following table.

You create the groups shown in the following table.

On FolderA, you disable permission inheritance and select the option to remove all inherited permissions.

To each folder, you assign the NTFS permissions shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

183. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.

You need to view the settings to Computer1 by Group Policy objects (GPOs) in the domain and local Group Policies.

Which command should you run?

gpresult

secedit

gpupdate

gpfixup

184. Your network contains an Active Directory domain. The domain contains computers that run Windows 10.

You need to provide a user with the ability to remotely create and modify shares on the computers. The solution must use the principle of least privilege.

To which group should you add the user?

Power Users

Remote Management Users

Administrators

Network Configuration Operators

185. You have a computer named Computer1 that runs Windows 10 Current branch. Computer1 belongs to a workgroup.

You run the following commands on Computer1.

New-LocalUser ג"Name User1 ג"NoPassword

Add-LocalGroupMember Users ג"Member User1

What is the effect of the configurations?

User1 is prevented from signing in until the user is assigned additional user rights.

User1 appears on the sign-in screen and can sign in without a password.

User1 is prevented from signing in until an administrator manually sets a password for the user.

User1 appears on the sign-in screen and must set a new password on the first sign-in attempt.

186. You have a computer that runs Windows 10 and is joined to Azure Active Directory (Azure AD).

You attempt to open Control Panel and receive the error message shown on the following exhibit.

You need to be able to access Control Panel.

What should you modify?

the PowerShell execution policy

the local Group Policy

the Settings app

a Group Policy preference

187. HOTSPOT -

Your domain contains a Computer named Computer1 that runs Windows 10. Computer1 does not have a TPM.

You need to be able to encrypt the C drive by using Bitlocker Drive Encryption (BitLocker). The solution must ensure that the recovery key is stored in Active Directory.

Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

188. You have a public computer named Computer1 that runs Windows 10/ Computer1 contains a folder named Folder1.

You need to provide a user named User1 with the ability to modify the permissions of Folder1. The solution must use the principle of least privilege.

Which NTFS permission should you assign to User1?

Full control

Modify

Write

Read & execute

189. You have 10 computers that run Windows 10 and have BitLocker Drive Encryption (BitLocker) enabled.

You plan to update the firmware of the computers.

You need to ensure that you are not prompted for the BitLocker recovery key on the next restart. The drive must be protected by BitLocker on subsequent restarts.

Which cmdlet should you run?

Unlock-BitLocker

Disable-BitLocker

Add-BitLockerKeyProtector

Suspend-BitLocker

190. HOTSPOT -

You have a computer named Computer1 that runs Windows 10.

You are troubleshooting Group Policy objects (GPOs) on Computer1.

You run gpresult /user user1 /v and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Page 20 of 46

191. HOTSPOT -

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the local users shown in the following table.

You create a folder named Folder1 that has the permissions shown in the following table.

You create a file named File1.txt in Folder1 and allow Group2 Full control permissions to File1.txt.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

192. HOTSPOT -

You have a workgroup computer named Computer1 that runs Windows 10.

Computer1 has the users accounts shown in the following table:

Computer1 has the local Group Policy shown in the following table.

You create the Local ComputerAdministrators policy shown in the following table.

You create the Local ComputerNon-Administrators policy shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

193. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: You create a local user account on Computer1 and instruct User2 to use the local account to connect to Share1.

Does this meet the goal?

Yes

194. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You need to prevent the computers of the research department from appearing in Network in File Explorer.

What should you do?

Configure DNS to use an external provider

Modify the %systemroot%system32driversetcNetworks file.

Turn off network discovery.

Disable the Network List Service.

195. HOTSPOT -

You have two computers named Computer1 and Computer2 that run Windows 10. The computers are in a workgroup.

You perform the following configurations on Computer1:

✑ Create a user named User1.

✑ Add User1 to the Remote Desktop Users group.

You perform the following configurations on Computer2:

✑ Create a user named User1 and specify the same user password as the one set on Computer1.

✑ Create a share named Share2 and grant User1 Full control access to Share2.

✑ Enable Remote Desktop.

What are the effects of the configurations? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

196. HOTSPOT -

Your network contains an Active Directory domain. The domain contains a group named Group1.

All the computers in the domain run Windows 10. Each computer contains a folder named C:Documents that has the default NTFS permissions set.

You add a folder named C:DocumentsTemplates to each computer.

You need to configure the NTFS permissions to meet the following requirements:

✑ All domain users must be able to open the files in the Templates folder.

✑ Only the members of Group1 must be allowed to edit the files in the Templates folder.

How should you configure the NTFS settings on the Templates folder? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

197. You deploy Windows 10 to 20 new laptops.

The laptops will be used by users who work at customer sites. Each user will be assigned one laptop and one Android device.

You need to recommend a solution to lock the laptop when the users leave their laptop for an extended period.

Which two actions should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Enable Bluetooth discovery.

From the Settings app, configure the Dynamic lock settings.

From Sign-in options, configure the Windows Hello settings.

From the Settings app, configure the Lock screen settings.

Pair the Android device and the laptop.

From the Settings app, configure the Screen timeout settings.

198. You have a workgroup computer named Computer1 that runs Windows 10.

Computer1 has the user accounts shown in the following table.

User1, User3, and User4 only

Administrator only

User1, User2, User3, User4, and Administrator

User3, User4, and Administrator only

199. HOTSPOT -

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the local users shown in the following table.

Computer1 contains the folders shown in the following table.

200. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.

You plan to share Folder1. Everyone will have Read share permissions, and administrators will have Full control share permission.

You need to prevent the share from appearing when users browse the network.

What should you do?

Enable access-based enumeration.

Deny the List NTFS permissions on Folder1.

Add Folder1 to a domain-based DFS namespace.

Name the share Folder1$.

Page 21 of 46

201. You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

202. You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Local Security Policy, edit the policy password settings on Computer11.

From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.

From Microsoft Intune, edit the policy password settings on Computer11.

203. You need to recommend a solution to configure the employee VPN connections.

What should you include in the recommendation?

Remote Access Management Console

Group Policy Management Console (GPMC)

Connection Manager Administration Kit (CMAK)

Microsoft Intune

204. You need to recommend a solution to monitor update deployments.

What should you include in the recommendation?

Windows Server Update (WSUS)

the Update Management solution in Azure Automation

the Update Compliance solution in Azure Log Analytics

the Azure Security Center

205. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run themanage-bde.exe Cstatuscommand

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run theEnable-BitLockerAutoUnlockcmdlet

206. You need to take remote control of an employee’s computer to troubleshoot an issue.

What should you send to the employee to initiate a remote session?

a numeric security code

a connection file

an Easy Connect request

a password

207. HOTSPOT

You need to reduce the amount of time it takes to restart Application1 when the application crashes.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

208. Topic 2, Contoso, Ltd

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- Computer A must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic look on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Assigned access must be configured on Computer1.

HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

209. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer, select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

210. You need to meet the technical requirements for EFS on ComputerA.

What should you do?

Runcertutil.exe, and then add a certificate to the local computer certificate store.

Runcipher.exe, and then add a certificate to the local computer certificate store.

Runcipher.exe, and then add a certificate to the local Group Policy.

Runcertutil.exe, and then add a certificate to the local Group Policy.

Page 22 of 46

211. You need to meet the technical requirement for User6.

What should you do?

Add User6 to the Remote Desktop Users group in the domain.

Remove User6 from Group2 in the domain.

Add User6 to the Remote Desktop Users group on Computer2.

And User6 to the Administrators group on Computer2.

212. You need to meet the technical requirement for the IT department users.

What should you do first?

Issue computer certificates

Distribute USB keys to the IT department users.

Enable screen saver and configure a timeout.

Turn on Bluetooth.

213. You need to meet the quality update requirement for ComputerA.

For how long should you defer the updates?

14 days

10 years

5 years

180 days

30 days

214. You need to meet the technical requirements for the San Diego office computers.

Which Windows 10 deployment method should you use?

wipe and load refresh

Windows Autopilot

provisioning Packages

in-place upgrade

215. HOTSPOT

You need to meet the technical requirement for Computer1.

What should you do? To answer, select the appropriate options in the answer area.

216. Topic 3, Mix Questions

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.

You discover that none of the computers are activated.

You need to recommend a solution to activate the computers without connecting the network to the Internet.

What should you include in the recommendation?

Volume Activation Management Tool (VAMT)

Key Management Service (KMS)

Active Directory-based activation

the Get-WindowsDeveloperLicense cmdlet

217. You plan to deploy Windows 10 to 100 secure computers.

You need to select a version of Windows 10 that meets the following requirements:

- Uses Microsoft Edge as the default browser

- Minimizes the attack surface on the computer

- Supports joining Microsoft Azure Active Directory (Azure AD)

- Only allows the installation of applications from the Microsoft Store

What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

Windows 10 Pro in S mode

Windows 10 Home in S mode

Windows 10 Pro

Windows 10 Enterprise

218. DRAG DROP

You have a computer named Computer1 that runs Windows 7. Computer1 has a local user named User1 who has a customized profile.

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.

You need to migrate the settings of User1 from Windows7 to Windows 10.

Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

219. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder.

The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditingsettings and from Audit Policy in the local Group Policy, you configure Audit object access.

Does this meet the goal?

Yes

220. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets

might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder.

The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditingsettings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes

Page 23 of 46

221. HOTSPOT

You have a computer named Computer 1 that runs Windows 10.

You turn on System Protection and create a restore point named Point1.

You perform the following changes:

- Add four files named File1.txt, File2.dll, File3.sys, and File4.exe to the desktop.

- Run a configuration script that adds the following four registry keys:

- Key1 to HKEY_CURRENT_USER

- Key2 to HKEY_CLASSES_ROOT

- Key3 to HKEY_LOCAL_MACHINESYSTEM

- Key4 to HKEY_CURRENT_CONFIG

You restore Point1.

Which files and registry keys are removed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

222. HOTSPOT

You have 10 computers that run Windows 10.

You have a Windows Server Update Services (WSUS) server.

You need to configure the computers to install updates from WSUS.

Which two settings should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

223. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.

You need to disable the tips and the daily background image for all the Windows 10 computers.

Which Group Policy settings should you modify?

Turn off the Windows Welcome Experience

Turn off Windows Spotlight on Settings

Do not suggest third-party content in Windows spotlight

Turn off all Windows spotlight features

224. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Data on drive C.

The Advanced Security Settings for the Data folder are shown in the exhibit. (Click the Exhibittab.)

You share C:Data as shown in the following table.

User1 is a member of the Users group.

Administrators are assigned Full control NTFS permissions to C:Data.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

225. You have a file named Reg1.reg that contains the following content.

What is the effect of importing the file?

A key named command will be renamed as notepad.exe.

In a key named Notepad, the command value will be set to @="notepad.exe".

In a key named command, the default value will be set to notepad.exe.

226. You have a computer named Computer1 that runs Windows 10.

On Computer1, you create the local users shown in the following table.

Which three user profiles will persist after each user signs out? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

227. HOTSPOT

You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide visitors with access to the Internet.

You need to configure the computer to meet the following requirements:

- Always sign in automatically as User1.

- Start an application named App1.exe at sign-in.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

228. You have 20 computers that run Windows 10. The computers are in a workgroup.

You need to create a local user named Admin1 on all the computers. Admin1 must be a member of the Remote Management Users group.

What should you do?

From Windows Configuration Designer, create a provisioning package, and then run the provisioning package on each computer.

Create a script that runs the New-ADUser cmdlet and the Set-AdGroup cmdlet.

Create a Group Policy object (GPO) that contains the Local User Group Policy preference.

Create a script that runs the New-MsolUser cmdlet and the Add-ADComputerServiceAccount cmdlet.

229. You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.

You join the computers to Microsoft Azure Active Directory (Azure AD).

You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.

What should you do first?

Disable BitLocker.

Add a BitLocker key protector.

Suspend BitLocker.

Disable the TMP chip.

230. HOTSPOT

Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.

You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.

Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permissions.

On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Page 24 of 46

231. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the folders shown in the following table.

On Computer1, you create the users shown in the following table.

232. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

233. You have a computer named Computer1 that runs Windows 10.

You need to configure User Account Control (UAC) to prompt administrators for their credentials.

Which settings should you modify?

Administrators Properties in Local Users and Groups

User Account Control Settings in Control Panel

Security Options in Local Group Policy Editor

User Rights Assignment in Local Group Policy Editor

234. You have several computers that run Windows 10. The computers are in a workgroup.

You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

From Security Settings in the local Group Policy, configure Security Options.

From Administrative Templates in the local Group Policy, configure the Store settings.

From Security Settings in the local Group Policy, configure Software Restriction Policies.

From Security Settings in the local Group Policy, configure Application Control Policies.

235. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1.

The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

236. HOTSPOT

You have three computers that run Windows 10 as shown in the following table.

237. Your network contains an Active Directory domain named contoso.com. The domain contains named Computer1 that runs Windows 10.

On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.

You share the folder as Share1 and assign the permissions shown in the following table.

When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Delete a file created by another user.

Set the permissions for a file.

Rename a file created by another user.

Take ownership of file.

Copy a file created by another user to a subfolder.

238. HOTSPOT

You have a computer that runs Windows 10. The computer contains a folder named C:ISOs that is shared in ISOs.

You run several commands on the computer as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

239. Your company has a wireless access point that uses WPA2-Enterprise.

You need to configure a computer to connect to the wireless access point.

What should you do first?

Create a provisioning package in Windows Configuration Designer.

Request a passphrase.

Request and install a certificate.

Create a Connection Manager Administration Kit (CMAK) package.

240. A user named User1 has a computer named Computer1 that runs Windows 10.

User1 connects to a Microsoft Azure virtual machine named VM1 by using Remote Desktop.

User1 creates a VPN connection to a partner organization.

When the VPN connection is established, User1 cannot connect to VM1. When User1 disconnects from the VPN, the user can connect to VM1.

You need to ensure that User1 can connect to VM1 while connected to the VPN.

What should you do?

From the proxy settings, add the IP address of VM1 to the bypass list to bypass the proxy.

From the properties of VPN1, clear the Use default gateway on remote network check box.

From the properties of the Remote Desktop connection to VM1, specify a Remote Desktop Gateway (RD Gateway).

From the properties of VPN1, configure a static default gateway address.

Page 25 of 46

241. Your network contains an Active Directory domain. The domain contains a user named Admin1.

All computers run Windows 10.

You enable Windows PowerShell remoting on the computers.

You need to ensure that Admin1 can establish remote PowerShell connections to the computers.

The solution must use the principle of least privilege.

To which group should you add Admin1?

Access Control Assistance Operators

Power Users

Remote Desktop Users

Remote Management Users

242. You have 200 computers that run Windows 10 and are joined to an Active Directory domain.

You need to enable Windows Remote Management (WinRM) on all the computers by using Group Policy.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Set the Startup Type of the Windows Remote Management (WS-Management) service to Automatic.

Enable the Windows Firewall: Allow inbound remote administration exception setting.

Enable the Allow remote server management through WinRM setting.

Enable the Windows Firewall: Allow inbound Remote Desktop exceptions setting.

Enable the Allow Remote Shell access setting.

Set the Startup Type of the Remote Registry service to Automatic.

243. A user has a computer that runs Windows 10.

When the user connects the computer to the corporate network, the user cannot access the internal corporate servers. The user can access servers on the Internet.

You run the ipconfig command and receive the following output.

You send a ping request and successfully ping the default gateway, the DNS servers, and the DHCP server.

Which configuration on the computer causes the issue?

the DNS servers

the IPv4 address

the subnet mask

the default gateway address

244. HOTSPOT

You have a computer that runs Windows 10.

From the Settings app, you view the connection properties shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

245. You have 15 computers that run Windows 10. Each computer has two network interfaces named Interface1 and Interface2.

You need to ensure that network traffic uses Interface1, unless Interface1 is unavailable.

What should you do?

Run the Set-NetIPInterface CInterfaceAlias Interface1 CInterfaceMetric 1 command.

Run the Set-NetAdapterBinding CName Interface2 CEnabled $true CComponentIDms_tcpip CThrottleLimit 0 command.

Set a static IP address on Interface 1.

From Network Connections in Control Pane, modify the Provider Order.

246. Your network contains an Active Directory domain. The domain contains 10 computers that run Windows 10. Users in the finance department use the computers.

You have a computer named Computer1 that runs Windows 10.

From Computer1, you plan to run a script that executes Windows PowerShell commands on the finance department computers.

You need to ensure that you can run the PowerShell commands on the finance department from Computer1.

What should you do on the finance department computers?

From the local Group Policy, enable the Allow Remote Shell Access setting.

From the local Group Policy, enable the Turn on Script Execution setting.

From the Windows PowerShell, run the Enable-MMAgentcmdlet.

From the Windows PowerShell, run the Enable-PSRemoting cmdlet.

247. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

You test Windows updates on Computer1 before you make the updates available to other users at your company.

You install a quality update that conflicts with a customer device driver.

You need to remove the update from Computer1.

Solution: From an elevated command prompt, you run the wusa.exe command and specify the/uninstall parameter.

Does this meet the goal?

Yes

248. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

You test Windows updates on Computer1 before you make the updates available to other users at your company.

You install a quality update that conflicts with a customer device driver.

You need to remove the update from Computer1.

Solution: From System Restore, you revert the system state to a restore point that was created before the update was installed.

Does this meet the goal?

Yes

249. You have 100 computers that run Windows 10. The computers are in a workgroup.

The computers have a low-bandwidth metered Internet connection.

You need to reduce the amount of Internet bandwidth consumed to download updates.

What should you configure?

BranchCache in hosted mode

BranchCache in distributed cache mode

Delivery Optimization

Background intelligent Transfer Service (BITS)

250. You have 20 computers that run Windows 10.

You configure all the computers to forward all the events from all the logs to a computer named Computer1 that runs Windows 10.

When you sign in to Computer1, you cannot see any security events from other computers. You can see all the other forwarded events from the other computers.

You need to ensure that the security events are forwarded to Computer1.

What should you do?

On each computer, run wecutil ac /q.

On each computer, add the NETWORK SERVICE account to the Event Log Readers group.

On each computer, run winrm qc Cq.

On Computer1, add the account of Computer1 to the Event Log Readers group.

Page 26 of 46

251. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and contains the following files:

- C:Folder1File1.bat

- C:Folder1File1.exe

- C:Folder1File1.cmd

A user named User1 is assigned Read & execute to all the files.

Computer1 is configured as shown in the exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

252. You have a computer that runs Windows 10.

You discover that Windows updates are failing to install on the computer.

You need to generate a log file that contains detailed information about the failures.

Which cmdlet should you run?

GetCLogProperties

GetCWindowsErrorReporting

GetCWindowsUpdateLog

GetCWinEvent

253. HOTSPOT

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016 and a computer named Computer1 that runs Windows 10.

Server1 contains a share named Backup. All users can read and write data in Backup.

On Monday at 13:00, you configure Backup and Restore (Windows 7) on Computer1 to use the following settings:

- Backup Destination:\Server1Backup

- What do you want to back up?:Local Disk (D:), Include a system image of drives: System Reserved, (C:)

- Schedule: Daily at 23:00

You need to identify how many backups will be available on Thursday at 17:00.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

254. HOTSPOT

You are planning a recovery strategy for computers that run Windows 10.

You need to create recovery procedures to roll back feature updates and quality updates.

What should you include in the procedures? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

255. You have a computer that runs Windows 10.

You can start the computer but cannot sign in.

You need to start the computer into the Windows Recovery Environment (WinRE).

What should you do?

Turn off the computer. Turn on the computer, and then pressF8.

Turn off the computer. Turn on the computer, and then pressF10.

From the sign-in screen, hold the Shift key, and then click Restart.

Hold Alt+Ctrl+Delete for 10 seconds.

256. HOTSPOT

You are a network administrator at your company.

A user attempts to start a computer and receives the following error message: “Bootmgr is missing.”

You need to resolve the issue.

You start the computer in the recovery mode.

Which command should you run next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

257. Your company purchases 20 laptops that use a new hardware platform.

In a test environment, you deploy Windows 10 to the new laptops.

Some laptops frequently generate stop errors.

You need to identify the cause of the issue.

What should you use?

Reliability Monitor

Task Manager

System Configuration

Performance Monitor

258. HOTSPOT

You have 100 computers that run Windows 10. You have no servers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).

The computers have different update settings, and some computers are configured for manual updates.

You need to configure Windows Update.

The solution must meet the following requirements:

- The configuration must be managed from a central location.

- Internet traffic must be minimized.

- Costs must be minimized.

How should you configure Windows Update? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

259. You have a computer named LON-CL1.Adatum.com that runs Windows 10.

From Event Viewer, you create a custom view named View1 that has the following filter:

- User: User1

- Logged: Any time

- Event logs: System

- Computer: LON-CL1

- Event IDs: 10000 C 11000

- Event level: Error, Verbose

You open Event Viewer and discover the event shown in the exhibit. (Click the Exhibittab.)

The event does not appear in View1.

You need to ensure that the event appears in View1.

What should you do?

Add a Task Category setting to the filter.

Add the computer account to the Event Log Readers group.

Create an event subscription.

Modify the Computer setting in the filter.

260. Topic 1, Fabrikam, Inc.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

Updates are deployed by using Windows Update for Business.

When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 27 of 46

261. You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

262. Testlet 2

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic lock on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Kiosk (assigned access) must be configured on Computer1.

You need to meet the technical requirements for the San Diego office computers.

Which Windows 10 deployment method should you use?

wipe and load refresh

in-place upgrade

provisioning packages

Windows Autopilot

263. HOTSPOT

You need to meet the technical requirement for Computer1.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

264. Question Set 3

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.

You discover that none of the computers are activated.

You need to recommend a solution to activate the computers without connecting the network to the Internet.

What should you include in the recommendation?

Volume Activation Management Tool (VAMT)

Key Management Service (KMS)

Active Directory-based activation

the Get-WindowsDeveloperLicense cmdlet

265. You plan to deploy Windows 10 to 100 secure computers.

You need to select a version of Windows 10 that meets the following requirements:

- Uses Microsoft Edge as the default browser

- Minimizes the attack surface on the computer

- Supports joining Microsoft Azure Active Directory (Azure AD)

- Only allows the installation of applications from the Microsoft Store

What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

Windows 10 Pro in S mode

Windows 10 Home in S mode

Windows 10 Pro

Windows 10 Enterprise

266. DRAG DROP

You have a computer named Computer1 that runs Windows 7. Computer1 has a local user named User1 who has a customized profile.

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.

You need to migrate the settings of User1 from Windows7 to Windows 10.

Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

267. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.

Does this meet the goal?

Yes

268. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on locally user right.

Does this meet the goal?

Yes

269. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on as a service user right.

Does this meet the goal?

Yes

270. You have a Microsoft Azure Active Directory (Azure AD) tenant.

Some users sign in to their computer by using Windows Hello for Business.

A user named User1 purchases a new computer and joins the computer to Azure AD.

User1 is not able to use Windows Hello for Business on his computer.

User1 sign-in options are shown on the exhibit.

Purchase an infrared (IR) camera.

Upgrade the computer to Windows 10 Enterprise.

Enable UEFI Secure Boot.

Install a virtual TPM driver.

Page 28 of 46

271. Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers. The company purchases 1,000 new computers. You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Add a task sequence step that adds a provisioning package.

In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.

Add a custom command to the Unattend.xml file.

Add a configuration setting to Windows Deployment Services (WDS).

Add a task sequence step that runs dism.exe.

272. Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Your company purchases a Microsoft 365 subscription. You need to migrate the Documents folder of users to Microsoft OneDrive for Business.

What should you configure?

One Drive Group Policy settings

roaming user profiles

Enterprise State Roaming

Folder Redirection Group Policy settings

273. Your network contains an Active Directory domain. The domain contains a user named User1.

User1 creates a Microsoft account.

User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.

Which settings should User1 configure?

User Accounts in Control Panel

Email & app accounts in the Settings app

Users in Computer Management

Users in Active Directory Users and Computers

274. HOTSPOT

Your network contains an Active Directory domain named adatum.com that uses Key Management Service (KMS) for activation.

You deploy a computer that runs Windows 10 to the domain.

The computer fails to activate.

You suspect that the activation server has an issue.

You need to identify which server hosts KMS.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

275. HOTSPOT

You deploy Windows 10 to a new computer named Computer1.

You sign in to Computer1 and create a user named User1.

You create a file named LayoutModification.xml in the C:UsersDefaultAppDataLocalMicrosoftWindows Shellfolder. LayoutModification.xml contains the following markup.

What is the effect of the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

276. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You have a workgroup computer named Computer1 that runs Windows 10.

You need to add Computer1 to contoso.com.

What should you use?

Computer Management

dsregcmd.exe

the Settings app

netdom.exe

277. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Windows Configuration Designer, create a configuration package that sets the password of the LocalAdmin account on Computer11.

Use a Group Policy object (GPO) to set the local administrator password.

From Microsoft Intune, set the password of the LocalAdmin account on Computer11.

278. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run the manage-bde.exe Cstatus command

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run the Enable-BitLockerAutoUnlock cmdlet

279. Testlet 2

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- Computer A must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic lock on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Kiosk (assigned access) must be configured on Computer1.

HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

280. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer, select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

Page 29 of 46

281. You need to meet the technical requirements for EFS on Computer A.

What should you do?

Run certutil.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local Group Policy.

Run certutil.exe, and then add a certificate to the local Group Policy.

282. Question Set 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes

283. HOTSPOT

You have a computer named Computer 1 that runs Windows 10. You turn on System Protection and create a restore point named Point1.

You perform the following changes:

- Add four files named File1.txt, File2.dll, File3.sys, and File4.exe to the desktop.

- Run a configuration script that adds the following four registry keys:

- Key1 to HKEY_CURRENT_USER

- Key2 to HKEY_CLASSES_ROOT

- Key3 to HKEY_LOCAL_MACHINESYSTEM

- Key4 to HKEY_CURRENT_CONFIG You restore Point1.

Which files and registry keys are removed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

284. HOTSPOT

You have 10 computers that run Windows 10. You have a Windows Server Update Services (WSUS) server. You need to configure the computers to install updates from WSUS.

Which two settings should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

285. Your network contains an Active Directory domain. The domain contains 1,000 computers that run

Windows 10. You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.

You need to disable the tips and the daily background image for all the Windows 10 computers.

Which Group Policy settings should you modify?

Turn off the Windows Welcome Experience

Turn off Windows Spotlight on Settings

Do not suggest third-party content in Windows spotlight

Turn off all Windows spotlight features

286. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Data on drive C.

The Advanced Security Settings for the Data folder are shown in the exhibit. (Click the Exhibit tab.)

You share C:Data as shown in the following table.

User1 is a member of the Users group. Administrators are assigned Full control NTFS permissions to C:Data.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

287. You have a file named Reg1.reg that contains the following content.

What is the effect of importing the file?

A key named command will be renamed as notepad.exe.

In a key named Notepad, the command value will be set to @="notepad.exe".

In a key named command, the default value will be set to notepad.exe.

288. You have a computer named Computer1 that runs Windows 10.

On Computer1, you create the local users shown in the following table.

Which three user profiles will persist after each user signs out? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

289. HOTSPOT

You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide visitors with access to the Internet.

You need to configure the computer to meet the following requirements:

- Always sign in automatically as User1.

- Start an application named App1.exe at sign-in.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

290. You have 20 computers that run Windows 10. The computers are in a workgroup.

You need to create a local user named Admin1 on all the computers. Admin1 must be a member of the Remote Management Users group.

What should you do?

From Windows Configuration Designer, create a provisioning package, and then run the provisioning package on each computer.

Create a script that runs the New-ADUser cmdlet and the Set-AdGroup cmdlet.

Create a Group Policy object (GPO) that contains the Local User Group Policy preference.

Create a script that runs the New-MsolUser cmdlet and the Add-ADComputerServiceAccountcmdlet.

Page 30 of 46

291. You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.

You join the computers to Microsoft Azure Active Directory (Azure AD).

You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.

What should you do first?

Disable BitLocker.

Add a BitLocker key protector.

Suspend BitLocker.

Disable the TMP chip.

292. HOTSPOT

Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.

You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.

Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permissions.

On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

293. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the folders shown in the following table.

On Computer1, you create the users shown in the following table.

294. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

295. You have a computer named Computer1 that runs Windows 10. You need to configure User Account Control (UAC) to prompt administrators for their credentials.

Which settings should you modify?

Administrators Properties in Local Users and Groups

User Account Control Settings in Control Panel

Security Options in Local Group Policy Editor

User Rights Assignment in Local Group Policy Editor

296. You have several computers that run Windows 10. The computers are in a workgroup. You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

From Security Settings in the local Group Policy, configure Security Options.

From Administrative Templates in the local Group Policy, configure the Store settings.

From Security Settings in the local Group Policy, configure Software Restriction Policies.

From Security Settings in the local Group Policy, configure Application Control Policies.

297. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

298. HOTSPOT

You have three computers that run Windows 10 as shown in the following table.

299. Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.

You share the folder as Share1 and assign the permissions shown in the following table.

When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Delete a file created by another user.

Set the permissions for a file.

Rename a file created by another user.

Take ownership of file.

Copy a file created by another user to a subfolder.

300. HOTSPOT

You have a computer that runs Windows 10. The computer contains a folder named C:ISOs that is shared in ISOs.

You run several commands on the computer as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Page 31 of 46

301. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Change access to Share1.

Does this meet the goal?

Yes

302. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to

contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: You create a local user account on Computer1 and instruct User2 to use the local account to connect to Share1.

Does this meet the goal?

Yes

303. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected] User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1.

Does this meet the goal?

Yes

304. You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1. You need to log any users who take ownership of the files in Folder1.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Modify the folder attributes of Folder1.

Modify the Advanced Security Settings for Folder1.

From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.

From a Group Policy object (GPO), configure the Audit File System setting.

Install the Remote Server Administration Tools (RSAT).

305. HOTSPOT

Your network contains an Active Directory domain.

The domain contains the users shown in the following table.

The domain contains a computer named Computer1 that runs Windows 10.

Computer1 contains a folder named Folder1 that has the following permissions:

- User2: Deny Write

- Group1: Allow Read

- Group2: Allow Modify

Folder1 is shared as Share1$. Share1$ has the following configurations:

- Everyone: Allow Full control

- Access-based enumeration: Enabled

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

306. You are a network administrator at your company.

The company uses an application that checks for network connectivity to a server by sending a ping request to the IPv6 address of the server. If the server replies, the application loads. A user cannot open the application. You manually send the ping request from the computer of the user and the server does not reply. You send the ping request from your computer and the server replies. You need to ensure that the ping request works from the user’s computer.

Which Windows Defender firewall rule is a possible cause of the issue?

File and Printer Sharing (NB-Datagram-In)

File and Printer Sharing (Echo Request ICMPv6-Out)

File and Printer Sharing (NB-Datagram-Out)

File and Printer Sharing (Echo Request ICMPv6-In)

307. HOTSPOT

Use the drop-down menus to select the answer choice that completes each statement based on the information presented on the graphic.

NOTE: Each correct selection is worth one point.

308. HOTSPOT

You have a computer named Computer5 that runs Windows 10 that is used to share documents in a workgroup.

You create three users named User-a, User-b, User-c. The users plan to access Computer5 from the network only.

You have a folder named Data. The Advanced Security Settings for the Data folder are shown in the Security exhibit. (Click the Security tab).

You share the Data folder.

The permissions for User-a are shown in the User-a exhibit (Click the User-a tab.)

The permissions for user-b are shown in the User-b exhibit. (Click the User-b tab.)

The permissions for user-c are shown in the User-c exhibit. (Click the User-c tab.)

For each of the following statements, select Yes if the statements is true. Otherwise, select No. NOTE: Reach correct selection is worth one point.

309. HOTSPOT

You have a computer that runs Windows 10 and contains the folders shown in the following table.

You create the groups shown in the following table.

On FolderA, you disable permission inheritance and select the option to remove all inherited permissions.

To each folder, you assign the NTFS permissions shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

310. Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.

You need to view the settings to Computer1 by Group Policy objects (GPOs) in the domain and local Group Policies.

Which command should you run?

gpresult

secedit

gpupdate

gpfixup

Page 32 of 46

311. Your network contains an Active Directory domain. The domain contains computers that run Windows 10. You need to provide a user with the ability to remotely create and modify shares on the computers. The solution must use the principle of least privilege.

To which group should you add the user?

Power Users

Remote Management Users

Administrators

Network Configuration Operators

312. You have a computer named Computer1 that runs Windows 10. Computer1 belongs to a workgroup. You run the following commands on Computer1.

New-LocalUser CName User1 CNoPassword

Add-LocalGroupMember Users CMember User1

What is the effect of the configurations?

User1 is prevented from signing in until the user is assigned additional user rights.

User1 appears on the sign-in screen and can sign in without a password.

User1 is prevented from signing in until an administrator manually sets a password for the user.

User1 appears on the sign-in screen and must set a new password on the first sign-in attempt.

313. You have a computer that runs Windows 10 and is joined to Azure Active Directory (Azure AD).

You attempt to open Control Panel and receive the error message shown on the following exhibit.

You need to be able to access Control Panel.

What should you modify?

the PowerShell execution policy

the local Group Policy

the Settings app

a Group policy preference

314. HOTSPOT

Your domain contains a Computer named Computer1 that runs Windows 10. Computer1 does not have a TPM. You need to be able to encrypt the C drive by using Bitlocker Drive Encryption (BitLocker). The solution must ensure that the recovery key is stored in Active Directory.

Which two Group Policy settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

315. You have a public computer named Computer1 that runs Windows 10/Computer1 contains a folder named Folder1.

You need to provide a user named User1 with the ability to modify the permissions of Folder1. The solution must use the principle of least privilege.

Which NTFS permission should you assign to User1?

Full control

Modify

Write

Read & execute

316. You have 10 computers that run Windows 10 and have BitLocker Drive Encryption (BitLocker) enabled.

You plan to update the firmware of the computers.

You need to ensure that you are not prompted for the BitLocker recovery key on the next restart. The drive must be protected by BitLocker on subsequent restarts.

Which cmdlet should you run?

Unlock-BitLocker

Disable-BitLocker

Add-BitLockerKeyProtector

Suspend-BitLocker

317. HOTSPOT

You have a computer named Computer1 that runs Windows 10.

You are troubleshooting Group Policy objects (GPOs) on Computer1.

You run gpresult /user user1 /vand receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

318. HOTSPOT

You have a computer named Computer1 that runs Windows 10.

Computer1 is in a workgroup. Computer1 contains the local users shown in the following table.

You create a folder named Folder1 that has the permissions shown in the following table.

You create a file named File1.txt in Folder1 and allow Group2 Full control permissions to File1.txt. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

319. HOTSPOT

You have a workgroup computer named Computer1 that runs Windows 10.

Computer1 has the users accounts shown in the following table:

Computer1 has the local Group Policy shown in the following table.

You create the Local ComputerAdministrators policy shown in the following table.

You create the Local ComputerNon-Administrators policy shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

320. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 33 of 46

321. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

322. You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

323. Question Set 2

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.

You discover that none of the computers are activated.

You need to recommend a solution to activate the computers without connecting the network to the Internet.

What should you include in the recommendation?

Volume Activation Management Tool (VAMT)

Key Management Service (KMS)

Active Directory-based activation

the Get-WindowsDeveloperLicense cmdlet

324. You plan to deploy Windows 10 to 100 secure computers.

You need to select a version of Windows 10 that meets the following requirements:

- Uses Microsoft Edge as the default browser

- Minimizes the attack surface on the computer

- Supports joining Microsoft Azure Active Directory (Azure AD)

- Only allows the installation of applications from the Microsoft Store

What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

Windows 10 Pro in S mode

Windows 10 Home in S mode

Windows 10 Pro

Windows 10 Enterprise

325. DRAG DROP

You have a computer named Computer1 that runs Windows 7. Computer1 has a local user named User1 who has a customized profile.

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.

You need to migrate the settings of User1 from Windows7 to Windows 10.

Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

326. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.

Does this meet the goal?

Yes

327. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

Yes

328. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

Yes

329. You have a Microsoft Azure Active Directory (Azure AD) tenant. Some users sign in to their computer by using Windows Hello for Business. A user named User1 purchases a new computer and joins the computer to Azure AD.

User1 attempts to configure the sign-in options and receives the error message shown in the exhibit.

Purchase an infrared (IR) camera.

Upgrade the computer to Windows 10 Enterprise.

Enable UEFI Secure Boot.

Install a virtual TPM driver.

330. Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers. The company purchases 1,000 new computers. You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Add a task sequence step that adds a provisioning package.

In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.

Add a custom command to the Unattend.xml file.

Add a configuration setting to Windows Deployment Services (WDS).

Add a task sequence step that runs dism.exe.

Page 34 of 46

331. Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.

Your company purchases a Microsoft 365 subscription.

You need to migrate the Documents folder of users to Microsoft OneDrive for Business.

What should you configure?

One Drive Group Policy settings

roaming user profiles

Enterprise State Roaming

Folder Redirection Group Policy settings

332. Your network contains an Active Directory domain. The domain contains a user named User1.

User1 creates a Microsoft account.

User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.

Which settings should User1 configure?

User Accounts in Control Panel

Email & app accounts in the Settings app

Users in Computer Management

Users in Active Directory Users and Computers

333. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Local Security Policy, edit the policy password settings on Computer11.

From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.

From Microsoft Intune, edit the policy password settings on Computer11.

334. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run the manage-bde.exe Cstatuscommand

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run the Enable-BitLockerAutoUnlock cmdlet

335. Testlet 2

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic look on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Assigned access must be configured on Computer1.

HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

336. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer,

select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

337. You need to meet the technical requirements for EFS on ComputerA.

What should you do?

Run certutil.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local Group Policy.

Run certutil.exe, and then add a certificate to the local Group Policy.

338. Question Set 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.

Does this meet the goal?

Yes

339. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes

340. HOTSPOT

You have a computer named Computer 1 that runs Windows 10.

You turn on System Protection and create a restore point named Point1.

You perform the following changes:

- Add four files named File1.txt, File2.dll, File3.sys, and File4.exe to the desktop.

- Run a configuration script that adds the following four registry keys:

- Key1 to HKEY_CURRENT_USER

- Key2 to HKEY_CLASSES_ROOT

- Key3 to HKEY_LOCAL_MACHINESYSTEM

- Key4 to HKEY_CURRENT_CONFIG You restore Point1.

Which files and registry keys are removed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 35 of 46

341. HOTSPOT

You have 10 computers that run Windows 10. You have a Windows Server Update Services (WSUS) server. You need to configure the computers to install updates from WSUS.

Which two settings should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

342. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.

You need to disable the tips and the daily background image for all the Windows 10 computers.

Which Group Policy settings should you modify?

Turn off the Windows Welcome Experience

Turn off Windows Spotlight on Settings

Do not suggest third-party content in Windows spotlight

Turn off all Windows spotlight features

343. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Data on drive C.

The Advanced Security Settings for the Data folder are shown in the exhibit. (Click the Exhibit tab.)

You share C:Data as shown in the following table.

User1 is a member of the Users group. Administrators are assigned Full control NTFS permissions to C:Data. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

344. You have a file named Reg1.reg that contains the following content.

What is the effect of importing the file?

A key named command will be renamed as notepad.exe.

In a key named Notepad, the command value will be set to @="notepad.exe".

In a key named command, the default value will be set to notepad.exe.

345. You have a computer named Computer1 that runs Windows 10.

On Computer1, you create the local users shown in the following table.

Which three user profiles will persist after each user signs out? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

346. HOTSPOT

You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide visitors with access to the Internet.

You need to configure the computer to meet the following requirements:

- Always sign in automatically as User1.

- Start an application named App1.exe at sign-in.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

347. You have 20 computers that run Windows 10. The computers are in a workgroup.

You need to create a local user named Admin1 on all the computers. Admin1 must be a member of the Remote Management Users group.

What should you do?

From Windows Configuration Designer, create a provisioning package, and then run the provisioning package on each computer.

Create a script that runs the New-ADUser cmdlet and the Set-AdGroup cmdlet.

Create a Group Policy object (GPO) that contains the Local User Group Policy preference.

Create a script that runs the New-MsolUser cmdlet and the Add-ADComputerServiceAccountcmdlet.

348. You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.

You join the computers to Microsoft Azure Active Directory (Azure AD).

You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.

What should you do first?

Disable BitLocker.

Add a BitLocker key protector.

Suspend BitLocker.

Disable the TMP chip.

349. HOTSPOT

Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.

You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.

Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the

Full control permissions.

On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

350. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the folders shown in the following table.

On Computer1, you create the users shown in the following table.

Page 36 of 46

351. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

352. You have a computer named Computer1 that runs Windows 10. You need to configure User Account Control (UAC) to prompt administrators for their credentials.

Which settings should you modify?

Administrators Properties in Local Users and Groups

User Account Control Settings in Control Panel

Security Options in Local Group Policy Editor

User Rights Assignment in Local Group Policy Editor

353. You have several computers that run Windows 10. The computers are in a workgroup. You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

From Security Settings in the local Group Policy, configure Security Options.

From Administrative Templates in the local Group Policy, configure the Store settings.

From Security Settings in the local Group Policy, configure Software Restriction Policies.

From Security Settings in the local Group Policy, configure Application Control Policies.

354. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

355. HOTSPOT

You have three computers that run Windows 10 as shown in the following table.

All the computers have C and D volumes. The Require additional authentication at startup Group

Policy settings is disabled on all the computers.

Which volumes can you encrypt by using BitLocker Drive Encryption (BitLocker)? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

356. Your network contains an Active Directory domain named contoso.com. The domain contains named Computer1 that runs Windows 10. On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.

You share the folder as Share1 and assign the permissions shown in the following table.

When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Delete a file created by another user.

Set the permissions for a file.

Rename a file created by another user.

Take ownership of file.

Copy a file created by another user to a subfolder.

357. HOTSPOT

You have a computer that runs Windows 10. The computer contains a folder named C:ISOs that is shared in ISOs.

You run several commands on the computer as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

358. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Change access to Share1.

Does this meet the goal?

Yes

359. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]

User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: You create a local user account on Computer1 and instruct User2 to use the local account to connect to Share1.

Does this meet the goal?

Yes

360. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]

Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1.

Share1 has the permission shown in the following table.

A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to

contoso.com by using [email protected] User2 attempts to access Share1 and receives the following error message: “The username or password is incorrect.”

You need to ensure that User2 can connect to Share1.

Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1.

Does this meet the goal?

Yes

Page 37 of 46

361. You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.

You need to log any users who take ownership of the files in Folder1.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Modify the folder attributes of Folder1.

Modify the Advanced Security Settings for Folder1.

From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.

From a Group Policy object (GPO), configure the Audit File System setting.

Install the Remote Server Administration Tools (RSAT).

362. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

HOTSPOT

You need to implement a solution to configure the contractors’ computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

363. You need to ensure that User10 can activate Computer10.

What should you do?

Request that a Windows 10 Enterprise license be assigned to User10, and then activate Computer10.

From the Microsoft Deployment Toolkit (MDT), add a Volume License Key to a task sequence, and then redeploy Computer10.

From System Properties on Computer10, enter a Volume License Key, and then activate Computer10.

Request that User10 perform a local AutoPilot Reset on Computer10, and then activate Computer10.

364. Question Set 2

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.

You discover that none of the computers are activated.

You need to recommend a solution to activate the computers without connecting the network to the Internet.

What should you include in the recommendation?

Volume Activation Management Tool (VAMT)

Key Management Service (KMS)

Active Directory-based activation

the Get-WindowsDeveloperLicense cmdlet

365. You plan to deploy Windows 10 to 100 secure computers.

You need to select a version of Windows 10 that meets the following requirements:

- Uses Microsoft Edge as the default browser

- Minimizes the attack surface on the computer

- Supports joining Microsoft Azure Active Directory (Azure AD)

- Only allows the installation of applications from the Microsoft Store

What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

Windows 10 Pro in S mode

Windows 10 Home in S mode

Windows 10 Pro

Windows 10 Enterprise

366. DRAG DROP

You have a computer named Computer1 that runs Windows 7. Computer1 has a local user named User1 who has a customized profile.

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.

You need to migrate the settings of User1 from Windows7 to Windows 10.

Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

367. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.

Does this meet the goal?

Yes

368. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

Yes

369. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

Yes

370. You have a Microsoft Azure Active Directory (Azure AD) tenant. Some users sign in to their computer by using Windows Hello for Business. A user named User1 purchases a new computer and joins the computer to Azure AD.

User1 attempts to configure the sign-in options and receives the error message shown in the exhibit.

Purchase an infrared (IR) camera.

Upgrade the computer to Windows 10 Enterprise.

Enable UEFI Secure Boot.

Install a virtual TPM driver.

Page 38 of 46

371. Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers. The company purchases 1,000 new computers. You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Add a task sequence step that adds a provisioning package.

In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.

Add a custom command to the Unattend.xml file.

Add a configuration setting to Windows Deployment Services (WDS).

Add a task sequence step that runs dism.exe.

372. Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.

Your company purchases a Microsoft 365 subscription.

You need to migrate the Documents folder of users to Microsoft OneDrive for Business.

What should you configure?

One Drive Group Policy settings

roaming user profiles

Enterprise State Roaming

Folder Redirection Group Policy settings

373. Your network contains an Active Directory domain. The domain contains a user named User1.

User1 creates a Microsoft account.

User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.

Which settings should User1 configure?

User Accounts in Control Panel

Email & app accounts in the Settings app

Users in Computer Management

Users in Active Directory Users and Computers

374. Testlet 1

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Existing Environment

Fabrikam, Inc. is a distribution company that has 500 employees and 100 contractors.

Active Directory

The network contains an Active Directory forest named fabrikam.com. The forest is synced to Microsoft Azure Active Directory (Azure AD). All the employees are assigned Microsoft 365 E3 licenses.

The domain contains a user account for an employee named User10.

Client Computers

All the employees have computers that run Windows 10 Enterprise. All the computers are installed without Volume License Keys. Windows 10 license keys are never issued.

All the employees register their computer to Azure AD when they first receive the computer.

User10 has a computer named Computer10.

All the contractors have their own computer that runs Windows 10. None of the computers are joined to Azure AD.

Operational Procedures

Fabrikam has the following operational procedures:

- Updates are deployed by using Windows Update for Business.

- When new contractors are hired, administrators must help the contactors configure the following settings on their computer:

- User certificates

- Browser security and proxy settings

- Wireless network connection settings

Security policies

The following security policies are enforced on all the client computers in the domain:

- All the computers are encrypted by using BitLocker Drive Encryption (BitLocker). BitLocker recovery information is stored in Active Directory and Azure AD.

- The local Administrators group on each computer contains an enabled account named LocalAdmin.

- The LocalAdmin account is managed by using Local Administrator Password Solution (LAPS).

Problem Statements

Fabrikam identifies the following issues:

- Employees in the finance department use an application named Application1. Application1 frequently crashes due to a memory error. When Application1 crashes, an event is written to the application log and an administrator runs a script to delete the temporary files and restart the application.

- When employees attempt to connect to the network from their home computer, they often cannot establish a VPN connection because of misconfigured VPN settings.

- An employee has a computer named Computer11. Computer11 has a hardware failure that prevents the computer from connecting to the network.

- User10 reports that Computer10 is not activated.

Technical requirements

Fabrikam identifies the following technical requirements for managing the client computers:

- Provide employees with a configuration file to configure their VPN connection.

- Use the minimum amount of administrative effort to implement the technical requirements.

- Identify which employees’ computers are noncompliant with the Windows Update baseline of the company.

- Ensure that the service desk uses Quick Assist to take remote control of an employee’s desktop during support calls.

- Automate the configuration of the contractors’ computers. The solution must provide a configuration file that the contractors can open from a Microsoft SharePoint site to apply the required configurations.

You need to sign in as LocalAdmin on Computer11.

What should you do first?

From the LAPS UI tool, view the administrator account password for the computer object of Computer11.

From Local Security Policy, edit the policy password settings on Computer11.

From the LAPS UI tool, reset the administrator account password for the computer object of Computer11.

From Microsoft Intune, edit the policy password settings on Computer11.

375. An employee reports that she must perform a BitLocker recovery on her laptop. The employee does not have her BitLocker recovery key but does have a Windows 10 desktop computer.

What should you instruct the employee to do from the desktop computer?

Run the manage-bde.exe Cstatuscommand

From BitLocker Recovery Password Viewer, view the computer object of the laptop

Go to https://account.activedirectory.windowsazure.com and view the user account profile

Run the Enable-BitLockerAutoUnlock cmdlet

376. Testlet 2

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam times as you would like to complete each case. However, there may be additional studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button . Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

Contoso has IT, human resources (HR), and finance departments.

Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.

Existing environment

Contoso uses Microsoft 365.

The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).

All computers run Windows 10 Enterprise.

You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.

In the domain, you create four groups named Group1, Group2, Group3, and Group4.

Computer2 has the local Group Policy settings shown in the following table.

The computers are updated by using Windows Update for Business.

The domain has the users shown in the following table.

Computer1 has the local users shown in the following table.

Requirements

Planned Changes

Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.

Technical requirements

Contoso identifies the following technical requirements:

- The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).

- Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.

- Users in the HR department must be able to view the list of files in a folder named D:Reports on Computer3.

- ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.

- Quality update installations must be deferred as long as possible on ComputerA.

- Users in the IT department must use dynamic look on their primary device.

- User6 must be able to connect to Computer2 by using Remote Desktop.

- The principle of least privilege must be used whenever possible.

- Administrative effort must be minimized whenever possible.

- Assigned access must be configured on Computer1.

HOTSPOT

You need to meet the technical requirements for the helpdesk users.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

377. HOTSPOT

You need to meet the technical requirements for the HR department users.

Which permissions should you assign to the HR department users for the D:Reports folder? To answer,

select the appropriate permissions in the answer area. NOTE: Each correct selection is worth one point.

378. You need to meet the technical requirements for EFS on ComputerA.

What should you do?

Run certutil.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local computer certificate store.

Run cipher.exe, and then add a certificate to the local Group Policy.

Run certutil.exe, and then add a certificate to the local Group Policy.

379. Question Set 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from Audit Policy in the local Group Policy, you configure Audit object access.

Does this meet the goal?

Yes

380. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes

Page 39 of 46

381. HOTSPOT

You have a computer named Computer 1 that runs Windows 10.

You turn on System Protection and create a restore point named Point1.

You perform the following changes:

- Add four files named File1.txt, File2.dll, File3.sys, and File4.exe to the desktop.

- Run a configuration script that adds the following four registry keys:

- Key1 to HKEY_CURRENT_USER

- Key2 to HKEY_CLASSES_ROOT

- Key3 to HKEY_LOCAL_MACHINESYSTEM

- Key4 to HKEY_CURRENT_CONFIG You restore Point1.

Which files and registry keys are removed? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

382. HOTSPOT

You have 10 computers that run Windows 10. You have a Windows Server Update Services (WSUS) server. You need to configure the computers to install updates from WSUS.

Which two settings should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

383. Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.

You need to disable the tips and the daily background image for all the Windows 10 computers.

Which Group Policy settings should you modify?

Turn off the Windows Welcome Experience

Turn off Windows Spotlight on Settings

Do not suggest third-party content in Windows spotlight

Turn off all Windows spotlight features

384. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Data on drive C.

The Advanced Security Settings for the Data folder are shown in the exhibit. (Click the Exhibit tab.)

You share C:Data as shown in the following table.

User1 is a member of the Users group. Administrators are assigned Full control NTFS permissions to C:Data. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

385. You have a file named Reg1.reg that contains the following content.

What is the effect of importing the file?

A key named command will be renamed as notepad.exe.

In a key named Notepad, the command value will be set to @="notepad.exe".

In a key named command, the default value will be set to notepad.exe.

386. You have a computer named Computer1 that runs Windows 10.

On Computer1, you create the local users shown in the following table.

Which three user profiles will persist after each user signs out? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

User1

User2

User3

User4

User5

387. HOTSPOT

You have a computer that runs Windows 10. The computer is in a workgroup. The computer is used to provide visitors with access to the Internet.

You need to configure the computer to meet the following requirements:

- Always sign in automatically as User1.

- Start an application named App1.exe at sign-in.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

388. You have 20 computers that run Windows 10. The computers are in a workgroup.

You need to create a local user named Admin1 on all the computers. Admin1 must be a member of the Remote Management Users group.

What should you do?

From Windows Configuration Designer, create a provisioning package, and then run the provisioning package on each computer.

Create a script that runs the New-ADUser cmdlet and the Set-AdGroup cmdlet.

Create a Group Policy object (GPO) that contains the Local User Group Policy preference.

Create a script that runs the New-MsolUser cmdlet and the Add-ADComputerServiceAccountcmdlet.

389. You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.

You join the computers to Microsoft Azure Active Directory (Azure AD).

You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.

What should you do first?

Disable BitLocker.

Add a BitLocker key protector.

Suspend BitLocker.

Disable the TMP chip.

390. HOTSPOT

Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.

You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.

Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the

Full control permissions.

On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Page 40 of 46

391. HOTSPOT

You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.

Computer1 contains the folders shown in the following table.

On Computer1, you create the users shown in the following table.

392. HOTSPOT

You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.

A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

393. You have a computer named Computer1 that runs Windows 10. You need to configure User Account Control (UAC) to prompt administrators for their credentials.

Which settings should you modify?

Administrators Properties in Local Users and Groups

User Account Control Settings in Control Panel

Security Options in Local Group Policy Editor

User Rights Assignment in Local Group Policy Editor

394. You have several computers that run Windows 10. The computers are in a workgroup. You need to prevent users from using Microsoft Store apps on their computer.

What are two possible ways to achieve the goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

From Security Settings in the local Group Policy, configure Security Options.

From Administrative Templates in the local Group Policy, configure the Store settings.

From Security Settings in the local Group Policy, configure Software Restriction Policies.

From Security Settings in the local Group Policy, configure Application Control Policies.

395. You have a computer named Computer1 that runs Windows 10.

You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

What should you use?

Windows Configuration Designer

MSConfig

Local Group Policy Editor

an MMC console that has the Group Policy Object Editor snap-in

396. HOTSPOT

You have three computers that run Windows 10 as shown in the following table.

All the computers have C and D volumes. The Require additional authentication at startup Group

Policy settings is disabled on all the computers.

Which volumes can you encrypt by using BitLocker Drive Encryption (BitLocker)? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

397. Your network contains an Active Directory domain named contoso.com. The domain contains named Computer1 that runs Windows 10. On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.

You share the folder as Share1 and assign the permissions shown in the following table.

When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Delete a file created by another user.