Microsoft 70-688 Online Practice
Questions and Exam Preparation
70-688 Exam Details
Exam Code
:70-688
Exam Name
:Supporting Windows 8.1
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:224 Q&As
Last Updated
:Apr 07, 2020
Microsoft 70-688 Online Questions &
Answers
Question 81:
Your network contains an Active Directory domain. The domain contains Windows 8.1 Enterprise client computers.
Users frequently use USB drives to store sensitive files that are used on multiple computers.
Your corporate security policy states that all removable storage devices, such as USB data drives, must be encrypted.
You need to ensure that if a user forgets the password for a USB disk that is encrypted by using BitLocker To Go, the user can resolve the issue themself.
What should you do?
A. Implement the BitLocker Network Unlock feature. B. Publish a data recovery agent certificate by using a Group Policy object (GPO). C. For each computer, create a USB startup key. D. Instruct the user to open BitLocker Drive Encryption, select Back up recovery key, and then select Save to a file.
B. Publish a data recovery agent certificate by using a Group Policy object (GPO).
You support client Windows 8.1 computers. Some of these computers have the Application Virtualization (App-V) client installed. Multiple App-V applications are published on the network.
A user reports that it is taking a long time to launch App-V applications. You discover that the user has a roaming profile on the computer.
You need to minimize the time that is required for the user to start App-V applications on her computer.
What should you do?
A. Change the location of the App-V client cache file. B. Change the user profile to Local. C. Increase the size of the App-V client cache. D. Change the user profile to Mandatory.
B. Change the user profile to Local.
The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. If the roaming AppData path is local or ino AppData\Roaming location is mapped, nothing happens. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory.
Note: App-V 5.0 SP2 supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user's roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user's roaming AppData is transferred to the actual location of that user's roaming AppData directory.
Reference: Application Publishing and Client Interaction
Question 83:
You support desktop computers and tablets that run Windows 8 Enterprise. All of the computers are able to connect to your company network from the Internet by using DirectAccess.
Your company wants to deploy a new application to the tablets.
The deployment solution must meet the following requirements:
The application is not accessible if a user is working offline. The application is stored on an internal solid-state drive (SSD) on the tablets. The application is isolated from other applications. The application uses the least amount of disk space.
You need to deploy the new application to the tablets.
What should you do?
A. Deploy the application as an Application Virtualization (App-V) package. Install the App- V 4.6 client on the tablets. B. Deploy the application as a published application on the Remote Desktop server. Create a Remote Desktop connection on the tablets. C. Install the application on a local drive on the tablets. D. Install the application in a Windows To Go workspace. E. Install Hyper-V on tablets. Install the application on a virtual machine. F. Publish the application to Windows Store. G. Install the application within a separate Windows 8 installation in a virtual hard disk (VHD) file. Configure the tablets with dual boot. H. Install the application within a separate Windows 8 installation in a VHDX file. Configure tablets with dual boot.
A. Deploy the application as an Application Virtualization (App-V) package. Install the App- V 4.6 client on the tablets.
You administer Windows 8.1 Enterprise laptops that are members of an Active Directory domain. Users travel frequently and access domain resources from inside client networks or from their home network. You want to manage the laptops
when they are connected to the company network from the external networks.
You need to ensure that the laptops can be managed and maintained while users are not logged on to the computers.
What should you recommend?
A. Remote Assistance B. DirectAccess C. Windows Remote Management (WinRM) D. Remote Desktop
C. Windows Remote Management (WinRM)
Windows Remote Management (WinRM) service implements the WS- Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them.
Your network contains an Active Directory domain. The domain contains 100 Windows 8.1 client computers. All of the computers secure all connections to computers on the internal network by using IPSec.
The network contains a server that runs a legacy application. The server does NOT support IPSec.
You need to ensure that some of the Windows 8 computers can connect to the legacy server. The solution must ensure that all other connections are secured by using IPSec.
What should you do?
A. Modify the settings of the Domain Profile. B. Create a connection security rule. C. Create an inbound firewall rule. D. Modify the settings of the Private Profile,
A. Modify the settings of the Domain Profile.
there are three profiles for Windows Firewall with Advanced Security:
Profile Description Domain Applied to a network adapter when it is connected to a network on which it can detect a domain controller of the domain to which the computer is joined. Private Applied to a network adapter when it is connected to a network that is identified by the user or administrator as a private network. A private network is one that is not connected directly to the Internet, but is behind some kind of security device, such as a network address translation (NAT) router or hardware firewall. For example, this could be a home network, or a business network that does not include a domain controller. The Private profile settings should be more restrictive than the Domain profile settings. Public Applied to a network adapter when it is connected to a public network such as those available in airports and coffee shops. When the profile is not set to Domain or Private, the default profile is Public. The Public profile settings should be the most restrictive because the computer is connected to a public network where the security cannot be controlled. For example, a program that accepts inbound connections from the Internet (like a file sharing program) may not work in the Public profile because the Windows Firewall default setting will block all inbound connections to programs that are not on the list of allowed programs. Each network adapter is assigned the firewall profile that matches the detected network type.
You administer Windows 8.1 Enterprise laptops that are members of an Active Directory Domain Services (AD DS) domain.
You want to be able to assist users remotely from the computer at the help desk.
You need to enable the help desk computer to connect to users' laptops while the users are logged in.
Which feature should you use?
A. DirectAccess B. Remote Assistance C. Windows Remote Management (WinRM) D. Remote Desktop
B. Remote Assistance
Sometimes the best way to fix a problem is to have someone show you how. Windows Remote Assistance is a convenient way for someone you trust, such as a friend or technical support person, to connect to your computer and walk you through a solution--even if that person isn't nearby.
Reference: What is Windows Remote Assistance?
Question 87:
Your network contains an Active Directory domain. The domain contains Windows 8.1 Enterprise client computers.
Users frequently use USB drives to store sensitive files that are used on multiple computers.
Your corporate security policy states that all removable storage devices, such as USB data drives, must be encrypted.
You need to ensure that if a user forgets the password for a USB disk that is encrypted by using BitLocker To Go, the user can resolve the issue themself.
What should you do?
A. Instruct the user to open BitLocker Drive Encryption, select Back up recovery key, and then select Save to a file. B. From an elevated command prompt, run Manage-BDE hangeKey. C. Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and then select Save to your Microsoft account. D. For each computer, create a USB startup key.
C. Instruct the user to open BitLocker Drive Encryption, select Backup Recovery Key, and then select Save to your Microsoft account.
The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to your Microsoft account online, or printed. Microsoft highly recommend that you either store the recovery information in AD DS, along with your Microsoft account online, or another safe location.
Note: A BitLocker recovery key is a special key that you can create when you turn on Bitlocker Drive Encryption for the first time on each drive that you encrypt. You can use the recovery key to gain access to your computer if the drive that Windows is installed on (the operating system drive) is encrypted using BitLocker Drive Encryption and BitLocker detects a condition that prevents it from unlocking the drive when the computer is starting up. A recovery key can also be used to gain access to your files and folders on a removable data drive (such as an external hard drive or USB flash drive) that is encrypted using BitLocker To Go, if for some reason you forget the password or your computer cannot access the drive.
You are an IT consultant for small and mid-sized businesses.
One of your clients wants to start using Virtual Smart Cards on its laptops and tablets, which run Windows 8 Pro. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards.
What should you do?
A. Ensure that each laptop and tablet can read a physical smart card. B. Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets. C. Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater. D. Ensure that the laptops and tablets are running Windows 8 Enterprise edition.
C. Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
TPM virtual smart cards
Virtual smart cards (VSCs) emulate the functionality of traditional smart cards, but instead of requiring the purchase of additional hardware, they utilize technology that users already own and are more likely to have with them at all times.
Microsoft virtual smart card platform is currently limited to the use of the Trusted Platform Module (TPM) chip onboard most modern computers.
Your network contains a Microsoft Exchange Server 2013 organization.
You have an Exchange ActiveSync policy that has the following settings configured:
AllowRemoteDesktop AllowInternetSharing RequireDeviceEncryption MinDevicePasswordLength AllowSimpleDevicePassword You need to identify which settings are applied to devices that run Windows RT.
Which three settings should you identify? (Each correct answer presents part of the solution. Choose three.)
A. MinDevicePasswordLength B. AllowRemoteDesktop C. AllowInternetSharing D. RequireDeviceEncryption E. AllowSimpleDevicePassword
A. MinDevicePasswordLength D. RequireDeviceEncryption E. AllowSimpleDevicePassword
Windows 8\RT Supported Policy Parameters for EAS mailbox policies for Exchange Server 2013 are:
* Windows RT is a new Windows-based operating system that's optimized for thin and light PCs that have extended battery life and are designed for life on the go. Windows RT only runs built-in apps or apps that you download from the Windows Store. Windows Update automatically keeps your PC up to date and Windows Defender provides up-to-date virus and malware protection. http://technet.microsoft.com/en-US/library/aa998357%28v=exchg.150%29.aspx
Question 90:
You are an application developer for a federal government agency. You maintain a legacy application that the agency originally developed for Windows 2000. The agency is upgrading all desktop computers to Windows 8.1.
The legacy application does not run on Windows 8.1. You use the Application Compatibility Toolkit (ACT) to create a shim.
You need to deploy the shim to all Windows 8.1 computers.
What should you do?
A. Run the sdbinst.exe utility on each computer to install the shim locally. B. Configure a Group Policy to install the shim with user privileges. C. Install the shim on all Windows XP computers prior to the Windows 8.1 upgrade. D. Install the shim with a PowerShell script by using the ACT PowerShell add-in.
D. Install the shim with a PowerShell script by using the ACT PowerShell add-in.
Deploying a custom shim database to users requires the following two actions:
*
Placing the custom shim database (*.sdb file) in a location to which the user's computer has access (either locally or on the network)
*
Calling the sdbinst.exe command-line utility to install the custom shim database locally While any approach that completes these two actions will work, customers commonly use one of the following two approaches:
*
Packaging the *.sdb file and a script in an .msi file and then deploying the .msi file, making sure to mark the custom action not to impersonate the calling user. For example, if using Microsoft Visual Basic?Scripting Edition (VBScript) script, the custom action type would be msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal.
*
Placing the *.sdb file on a network share, and then calling a script on target computers, making sure to call the script at a time when it will receive elevated rights (for example, from a computer start-up script instead of a user log-in script). Reference: Custom Shim Database Deployment https://technet.microsoft.com/en-us/library/dd837647(v=ws.10).aspx
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 70-688 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.