Free of 70 680 practice test download materials and cram for Microsoft certification for examinee, Real Success Guaranteed with Updated 70 680 exam pdf dumps vce Materials. 100% PASS TS:Windows 7,Configuring exam Today!

Q51. - (Topic 2) 

You have a computer that runs windows 7. 

You have a third-party application. 

You need to ensure that only a specific version of the application runs on the computer. 

You have the application vendor's digital signature. 

What should you do? 

A. From Application Control Policies, configure a path rule. 

B. From Application Control Policies, configure a publisher rule. 

C. From Software Restriction policies, configure a path rule. 

D. From Software Restriction policies, configure a certificate rule. 



AppLocker Application Control Policies AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. As you learned earlier in this chapter, hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer Configuration\Windows Settings\ Security Settings \Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO. AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies. AppLocker Application Control Policies - Publisher Rules Publisher rules in AppLocker work on the basis of the code-signing certificate used by the file's publisher. Unlike a Software Restriction Policy certificate rule, it is not necessary to obtain a certificate to use a publisher rule because the details of the digital signature are extracted from a reference application file. If a file has no digital signature, you cannot restrict or allow it using AppLocker publisher rules. Publisher rules allow you more flexibility than hash rules because you can specify not only a specific version of a file but also all future versions of that file. This means that you do not have to re-create publisher rules each time you apply a software update because the existing rule remains valid. You can also allow only a specific version of a file by setting the Exactly option.AppLocker Application Control Policies - Path RulesAppLocker path rules work in a similar way to Software Restriction Policy path rules. Path rules let you specify a folder, in which case the path rule applies to the entire contents of the folder, including subfolders, and the path to a specific file. The advantage of path rules is that they are easy to create. The disadvantage of path rules is that they are the least secure form of AppLocker rules. An attacker can subvert a path rule if they copy an executable file into a folder covered by a path rule or overwrite a file that is specified by a path rule. Path rules are only as effective as the file and folder permissions applied on the computer. 

Software Restriction Policies Software Restriction Policies is a technology available to clients running Windows 7 that is available in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. You manage Software Restriction Policies through Group Policy. You can find Software Restriction Policies in the Computer Configuration \Windows Settings\Security Settings\Software Restriction Policies node of a group policy. When you use Software Restriction Policies, you use the Unrestricted setting to allow an application to execute and the Disallowed setting to block an application from executing. You can achieve many of the same application restriction objectives with Software Restriction Policies that you can with AppLocker policies. The advantage of Software Restriction Policies over AppLocker policies is that Software Restriction Policies can apply to computers running Windows XP and Windows Vista, as well as to computers running Windows 7 editions that do not support AppLocker. The disadvantage of Software Restriction Policies is that all rules must be created manually because there are no built-in wizards to simplify the process of rule creation.Software Restriction Policies - Path Rules Path rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: \Program files\Application\App.exe to Unrestricted and one that sets the folder C:\Program files\Application to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:\Program files\Application\*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:\Apps\Filesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed. Software Restriction Policies - Certificate Rules Certificate rules use a code-signed software publisher's certificate to identify applications signed by that publisher. Certificate rules allow multiple applications to be the target of a single rule that is as secure as a hash rule. It is not necessary to modify a certificate rule in the event that a software update is released by the vendor because the updated application will still be signed using the vendor's signing certificate. To configure a certificate rule, you need to obtain a certificate from the vendor. Certificate rules impose a performance burden on computers on which they are applied because the certificate's validity must be checked before the application can execute. Another disadvantage of certificate rules is that they apply to all applications from a vendor. If you want to allow only 1 application from a vendor to execute but the vendor has 20 applications available, you are better off using a different type of Software Restriction Policy because otherwise users can execute any of those other 20 applications. 

Q52. - (Topic 1) 

You have a computer that runs Windows 7. The computer connects to the corporate network by using a VPN connection. 

You need to ensure that you can access the Internet when the VPN connection is active. The solution must prevent Internet traffic from being routed through the VPN connection. 

What should you do? 

A. Configure a static DNS server address. 

B. Configure a static IP address and default gateway. 

C. Configure the security settings of the VPN connection. 

D. Configure the advanced TCP/IP settings of the VPN connection. 



To prevent the default route from being created In the properties of the TCP/IP protocol of the dial-up connection object, in the Advanced TCP/IP Settings dialog box, click the General tab, and then clear the Use default gateway on remote network check box. 

Q53. - (Topic 4) 

A company has a deployment of Windows Deployment Services (WDS), the Microsoft Deployment Toolkit (MDT), and the Windows Automated Installation Kit (WAIK) on a Windows 7 client computer. 

You capture an image of the client computer. 

A new driver is released for the network card that is installed in the client computer. 

You need to update the image with the new driver for the network card. 

What should you do first? 

A. Add a boot image in WDS. 

B. Create a capture image in WDS. 

C. Run the BCDEdit command. 

D. Run the PEImg /Prepcommand. 

E. Run the Start /w ocsetup command. 

F. Run the Dism command with the/Add-Driver option, 

G. Run the Dism command with the /Mount-Wim option. 

H. Run the Dism command with the /Add-Package option. 

I. Run the ImageX command with the /Mountparameter. 

J. Run the DiskPart command and the Attach command option. 

K. Use Sysprep with an answer file and set the PersistAMDeviceInstalls option in the answer file to True. 

L. Use Sysprep with an answer file and set the PersistAllDeviceInstalls option in the answer file to False. 

M. Use Sysprep with an answer file and set the UpdatelnstalledDrivers option in the answer file to Yes. 

N. Use Sysprep with an answer file and set the UpdateInstalledDrivers option in the answer file to No. 


Q54. - (Topic 3) 

You are the administrator of a computer named Computer1 that runs Windows 7. Several users share Computer1. The users plan to encrypt files on the computer. 

You need to ensure that you can access all encrypted files on the computer. 

What should you do first? 

A. At a command prompt, run Cipher.exe. 

B. At a command prompt, run Certutil.exe. 

C. From the local computer policy, modify the User Rights Assignment. 

D. From User Accounts, run the Manage your file encryption certificates wizard. 



Cipher Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains. Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The updated version adds another security option. This new option is the ability to overwrite data that you have deleted so that it cannot be recovered and accessed. When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a low-level disk editor or data-recovery software. 

If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such data. 

/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is genereated. By default, /R creates an 2048-bit RSA recovery key and certificate. If EECC is specified, it must be followed by a key size of 356, 384, or 521. 

Q55. HOTSPOT - (Topic 5) 

You need to uninstall a Windows update from a computer that runs Windows 7. 

Which Control Panel item should you use? (To answer, select the appropriate item in the Control Panel in the answer area.) 


Q56. - (Topic 5) 

You plan to install Windows 7 on a new portable computer. 

The computer will be shared by users who speak English, French, and German. 

You need to select an edition of Windows 7 that enables users to change languages as required. 

Which edition should you choose? 

A. Starter 

B. Ultimate 

C. Home Premium 

D. Professional 


Q57. - (Topic 1) 

You have a computer that runs Windows 7. 

A printer is installed on the computer. 

You remove the Everyone group from the access control list (ACL) for the printer, and then you share the printer. 

You need to ensure that members of the Sales group can modify all the print jobs that they submit. 

You must prevent Sales group members from modifying the print jobs of other users. 

What should you do? 

A. From the printer's properties, assign the Print permission to the Sales group. 

B. From the printer's properties, assign the Manage Documents permission to the Sales group. 

C. From the local Group Policy, assign the Increase scheduling priority user right to the Sales group. 

D. From the local Group Policy, assign the Take ownership of files or other objects user right to the Sales group. 



The available permissions are: 

-Print This permission allows a user to print to the printer and rearrange the documents that they have submitted to the printer. 

-Manage This Printer Users assigned the Manage This Printer permission can pause and restart the printer, change spooler settings, adjust printer permissions, change printer properties, and share a printer. 

-Manage Documents This permission allows users or groups to pause, resume, restart, cancel, or reorder the documents submitted by users that are in the current print queue. 

Q58. HOTSPOT - (Topic 5) 

You use a client computer that has Windows 7 Enterprise installed. The computer is located in a branch office. 

The office is connected by a wide area network (WAN) link to a company's main office. 

You need to configure an event subscription that meets the following requirements: 

Forwards events across the WAN on port 3243. 

Forwards events every 6 hours. 

Protects forwarded events while transmission over the WAN network. 

What should you do? (To answer, configure the appropriate option or options in the dialog box in the answer area.) 


Q59. - (Topic 3) 

You have an offline virtual hard disk (VHD) that contains an installation of Windows 7 Home Premium. 

You need to upgrade the installation to Windows 7 Ultimate by using the minimum amount of administrative effort. 

What should you do? 

A. From a computer that runs Windows 7, attach the VHD. Run Imagex.exe and specify the /apply parameter. 

B. From a computer that runs Windows 7, attach the VHD. Run Dism.exe and specify the /set-edition parameter. 

C. Deploy the VHD to a new computer and upgrade the computer to Windows 7 Ultimate. Run Dism.exe and specify the /image parameter. 

D. Deploy the VHD to a new computer and upgrade the computer to Windows 7 Ultimate. Run Imagex.exe and specify the /capture parameter. 



Dism Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows. images offline before deployment. You can use it to install, uninstall, configure, and update Windows features, packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for servicing a running operating system. Windows 7 introduces the DISM command-line tool. You can use DISM to service a Windows image or to prepare a Windows PE image. DISM replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg in Windows Vista, and includes new features to improve the experience for offline servicing. 

You can use DISM to perform the following actions: 

-Prepare a Windows PE image. 

-Enable or disable Windows features within an image. 

-Upgrade a Windows image to a different edition. 

-Add, remove, and enumerate packages. 

-Add, remove, and enumerate drivers. 

-Apply changes based on the offline servicing section of an unattended answer file. 

-Configure international settings. 

-Implement powerful logging features. 

-Service operating systems such as Windows Vista with SP1 and Windows Server 2008. 

-Service a 32-bit image from a 64-bit host and service a 64-bit image from a 32-bit host. 

-Service all platforms (32-bit, 64-bit, and Itanium). 

-Use existing Package Manager scripts. 

Use the /Set-Edition option without the /ProductKey option to change an offline Windows image to a higher edition. Use /Get-TargetEditions to find the edition ID. Use the /Set-Edition option with the /ProductKey option only to change a running Windows Server. 2008 R2 operating system to a higher edition. 

Q60. - (Topic 1) 

You are installing Windows 7 on from the desktop of a Windows XP Professional PC. Which of the following can be performed from the Windows 7 DVD? Choose three. 

A. Run setup.exe from the DVD to start the Windows 7 installation. 

B. Use the autorun feature on the DVD to start the installation. 

C. Perform a full installation of Windows 7. 

D. Perform and upgrade of Windows 7 keeping all the Windows XP settings. 

Answer: A,B,C