Microsoft 70-688 Online Practice
Questions and Exam Preparation
70-688 Exam Details
Exam Code
:70-688
Exam Name
:Supporting Windows 8.1
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:224 Q&As
Last Updated
:Apr 07, 2020
Microsoft 70-688 Online Questions &
Answers
Question 21:
Your network contains Windows 8.1 Enterprise client computers. The computers are members of an Active Directory domain.
Your company purchases a subscription to Windows Intune.
Synchronization between Active Directory and Windows Intune is not configured.
You enroll all of the computers in Windows Intune.
You plan to create groups that contain the computers by using dynamic membership.
You need to identify which criteria you can use to populate the groups dynamically.
Which three criteria should you identify? (Each correct answer presents a complete solution. Choose three.)
A. organizational unit (OU) B. domain C. security group D. manager E. device type
A. organizational unit (OU) B. domain E. device type
A device group dynamic membership criteria:
*
(A) Organizational unit (OU): You can specify the OU for computers as membership criteria. OUs cannot be retrieved for mobile devices. The OUs are retrieved directly from the Windows Intune inventory. *(B) Domain: You can specify the domain for a computer as membership criteria. This information is retrieved from the Windows Intune inventory. Domain names cannot be retrieved for mobile devices.
*
(E) Device type: You can specify computers as membership criteria, and if your environment is configured to support mobile devices, mobile devices. Device type information for computers is retrieved from the Windows Intune inventory. Device type information for mobile devices is retrieved from Exchange.
Reference: Windows Intune, Device and User Group Considerations
Question 22:
You administer laptop and desktop computers that run Windows 8 Pro. Your company uses Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS).
Your company decides that access to the company network for all users must be controlled by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?
A. Install smart card readers on all computers. Issue smart cards to all users. B. Enable the Password must meet complexity requirements policy setting. Instruct users to log on by using the domain \username format for their username and their strong password. C. Create an Internet Protocol security (IPsec) policy that requires the use of Kerberos to authenticate all traffic. Apply the IPsec policy to the domain. D. Issue photo identification to all users. Instruct all users to set up and use PIN Logon.
A. Install smart card readers on all computers. Issue smart cards to all users.
Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates. A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources. Registry certificates cannot be used for two factor authentication. Although certificates are ideal candidates for two-factor authentication, registry certificates ?which are protected by a strong private key and are the most appropriate certificates for two-factor authentication - cannot be used. The reason for this is that Windows does not support registry certificates and completely ignores them. As a result, organizations must deploy and manage complex and expensive smart card solutions rather than using registry based certificates. http://technet.microsoft.com/en-us/library/cc770519.aspx] http://technet.microsoft.com/ en-us/library/ jj200227.aspx
Question 23:
Your company has a main office and a branch office. Each office contains several servers that run Windows Server 2012.
You need to configure BranchCache for the client computers in the branch office. The solution must ensure that all of the cached content is in a central location.
What should you run on each client computer?
A. the Enable-BCLocal cmdlet B. the netdom command C. the netstat command D. the netsh command
Your company has a main office and a branch office. All servers are located in the main office. The branch office contains 20 client computers that are the members of a worlcg roup.
You need to configure the client computers to use BranchCache. The solution must minimize the amount of traffic between the offices.
Which Windows PowerShell cmdlet should you run?
A. Enable-BCHostedServer B. Enable-BCLocal C. Enable-BCHostedClient D. Enable-BCDistributed
A. Enable-BCHostedServer
Enable-BCHostedServer - Configures BranchCache to operate in hosted cache server mode. Enable-BCLocal - Enables the BranchCache service in local caching mode. Enable-BCHostedClient - Configures BranchCache to operate in hosted cache client mode. Enable-BCDistributed - Enables BranchCache and configures a computer to operate in distributed cache mode. http://technet.microsoft.com/en-us/library/hh848423.aspx http://technet.microsoft.com/en-us/library/ hh848394.aspx http://technet.microsoft.com/en-us/library/ hh848400.aspx http://technet.microsoft.com/en-us/library/hh848398.aspx
Question 26:
Your network contains an Active Directory forest named adatum.com. The forest contains three domains named adatum.com, na.adatum.com, and eu.adatum.com.
You have a client computer named Computer1 that runs Windows 8 Enterprise. Computer1 is a member of the na.adatum.com domain.
You need to ensure that single-label names can be resolved from all three domains.
Which setting should you configure? (To answer, select the appropriate setting in the answer area.)
You administer Windows 8.1 Pro tablets that are members of an Active Directory domain. Your company policy allows users to download and install only certain few Windows Store apps.
You have created a new AppLocker Packaged Apps policy to help enforce the company policy.
You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.
What should you do?
A. Open PowerShell and run the Get-AppLockerPoIicy -Effective cmdlet to retrieve the AppLocker effective policy. B. Open Group Policy Management console and run the Group Policy Modeling Wizard. C. Open Group Policy Management console and run the Group Policy Results Wizard. D. Open Group Policy Management console and enforce the new AppLocker policy in Audit Only mode.
D. Open Group Policy Management console and enforce the new AppLocker policy in Audit Only mode.
Step 1: Enable the Audit only enforcement setting By using the Audit only enforcement setting, you can ensure that the AppLocker rules that you have created are properly configured for your organization. This setting can be enabled on the Enforcement tab of the AppLocker Properties dialog box. Step 2: Configure the Application Identity service to start automatically Step 3: Test the policy Test the AppLocker policy to determine if your rule collection needs to be modified. Because you have created AppLocker rules, enabled the Application Identity service, and enabled the Audit only enforcement setting, the AppLocker policy should be present on all client computers that are configured to receive your AppLocker policy. Reference: Test and Update an AppLocker Policy
Question 28:
You have the disk configuration shown in the following exhibit (Click the Exhibit button.)
Use the drop-down menus to select the answer choice that completes each statement. Each correct selection is worth one point.
Hot Area:
http://technet.microsoft.com/en-us/library/cc737048%28v=WS.10%29.aspx New disks appear as Not Initialized. Before you can use a disk, you must first initialize it http://technet.microsoft.com/en-us/library/cc771486.aspx The Virtual Hard Disk (VHD) format is a publicly available image format specification that specifies a virtual hard disk encapsulated in a single file, capable of hosting native file systems while supporting standard disk and file operations. http://technet.microsoft.com/en-us/library/dd851645.aspx
Question 29:
Your network contains an Active Directory domain. All client computers run Windows 8.1 Enterprise. Microsoft System Center 2012 Endpoint Protection is deployed to all of the computers by using the default settings contained in the Default
Antimalware Policy.
The users in the research department report that a folder named C:\TestApp must not be scanned by the Endpoint Protection client.
You need to configure the Endpoint Protection client not to scan the C:\TestApp folder for the computers in the research department only.
What should you do first?
A. In the Default Antimalware Policy, modify the Exclusion settings. B. Create a new antimalware policy and modify the Threat overrides settings. C. Create a new antimalware policy and modify the Exclusion settings. D. In the Endpoint Protection client, modify the Excluded files and locations setting for each research department computer.
C. Create a new antimalware policy and modify the Exclusion settings.
Once enabled, Endpoint Protection client settings are controlled centrally through Antimalware Policies and Windows Firewall Policies. You can create antimalware policies on a per-collection basis and configure them with the following settings:
* Exclusion settings. Use these settings to exclude files, folders, file types and processes from scanning. Etc.
Reference: Using System Center Endpoint Protection https://technet.microsoft.com/en-us/security/jj900682.aspx
Question 30:
A user reports that multiple stop errors are occurring on his Windows 8.1 laptop. The user has installed no new software since he received the laptop.
You need to find out when the problem started and which events preceded it.
Which tool should you use?
A. Task Manager. B. Device Manager. C. Performance Monitor D. Reliability Monitor.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 70-688 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.