Ensurepass

QUESTION 101

You are a help desk technician for your company. The company network consists of a single Active Directory domain. All client computers run Windows XP Professional. The help desk technicians use Remote Assistance to remotely control user sessions to provide online support to users. The users currently use Microsoft Exchange and Microsoft Outlook to submit Remote Assistance invitations to the help desk technicians. Stephen is a user in the sales department. Stephen has a portable computer and frequently travels to customer locations. While Stephen is in the corporate office, he submits a Remote Assistance invitation to the help desk. When you attempt to answer the invitation and establish the Remote Assistance session, you receive the error message shown in the exhibit.

 

70-270-demo-21

 

You verify that Stephen’s computer is connected to the network and that he did not cancel the invitation. You also verify that the invitation did not expire. You do not experience similar problems when establishing Remote Assistance sessions with other computers. You need to be able to establish a Remote Assistance session with Stephen’s computer. What should you do?

 

  1. Enable the Remote Desktop service definition in Internet Connection Firewall (ICF) on Stephen’s computer.

  2. Add your user account to the Remote Desktop Users list on Stephen’s computer.

  3. In the System properties of Stephen’s computer, select the Allow users to connect remotely to this computer option, and add your user account to the list of allowed users.

  4. In the Local Security Policy of Stephen’s computer, grant your user account the Allow logon through Terminal Services user right.

 

Correct Answer: A

 

 

QUESTION 102

You are the administrator of a Windows XP Professional computer named Pro1. The computer is connected to the Internet. Pro1 provides Internet access to eight other Windows XP Professional computers that are connected to Pro1. You enable Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF) on Pro1. You run an application named App1 on Pro1. App1 communicates with an online training company on the Internet. In order to display an online seminar, the training company needs to contact the App1 application at port 5800.You want to ensure that the training company can connect to the App1 application. What should you do?

 

  1. Configure ICF to enable the Internet Control Message Protocol (ICMP) Allow redirect option. Then start the App1 application that opens port 5800.

  2. Create a new service definition named App1. Use port 5800 as the external and internal port number.

  3. Edit the %systemroot%System32DriversEtcServices file on Pro1 to include a service definition named App1 for port 5800.

  4. Change the TCP/IP settings on Pro1 to enable TCP/IP filtering. Permit network traffic on port 5800.

 

Correct Answer: B

 

 

QUESTION 103

You are a help desk technician for your company. All users have Windows XP Professional computers. Ten users run a custom application named Finance on their computers. Finance stores user passwords in a file named Passwords.ini. By default, the Passwords.ini file is stored in a folder named C:WinntApp1. The location and name of the file can be changed by an administrator. Each Passwords.ini file is unique. Each computer contains a single logical drive, which is drive C and is formatted as NTFS. In order to comply with a new company security policy, you need to ensure that the Passwords.ini files are encrypted. What should you do?

 

  1. In the properties of the C:WinntApp1 folder, use Windows Explorer to select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box.

  2. Ask a network administrator to share a new encrypted folder named PassFiles on a network server and to permit users to read the files contained within the folder. Copy the Passwords.ini file from each computer into the PassFiles folder. On each computer, configure Finance to use the Passwords.ini file in the PassFiles folder.

  3. Create a folder named C:Files. Copy the Passwords.ini file to the C:Files folder. In the properties of the C:Files folder, select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:FilesPasswords.ini file.

  4. Create a folder named C:Files. Move the Passwords.ini file to the C:Files folder. Instruct the user of each computer to open the properties of the C:Files folder and select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:FilesPasswords.ini file.

 

Correct Answer: D

 

 

QUESTION 104

You are the administrator of the Windows XP Professional portable computers that are used by your company’s sales representatives. The computers are members of a Windows 2000 domain. A Windows 2000 Server computer named Server1 contains the sales data used by the sales representatives in a shared folder named Data. When sales representatives travel, they use the Offline Files feature to access the files in the \Server1Data shared folder. You want to ensure that the offline files on the portable computers are not accessible by unauthorized persons, in the event that a portable computer is lost. What should you do?

 

  1. Instruct the sales representatives to configure the permissions on the offline files on their portable computers to allow access for only their user accounts.

  2. On Server1, configure the permissions on all files in the Data shared folder to allow access for only the sales representatives.

  3. Use a Group Policy object (GPO) to enable the Encrypt the Offline Files cache option for the portable computers.

  4. On the portable computers, enable encryption of the %systemroot%CSC folder.

  5. Apply this setting to the folder and files in the CSC folder.

  6. On Server1, encrypt all files in the Data shared folder. G. Add all sales representatives to the encryption details.

 

Correct Answer: C

 

 

QUESTION 105

You are the desktop administrator for one of your company’s branch offices. The network in the branch office contains 20 Windows XP Professional computers. Windows XP Professional was installed on the computers by using a RIS image. The computers also use a security template named Standard.inf, which you created and applied to the computers. The company’s information security department releases a new security template named Corporate.inf. You are instructed to apply Corporate.inf to all 20 Windows XP Professional computers in your office. You are also instructed to make a list of all policies that are defined in Corporate.inf but that are not already enforced on the Windows XP Professional computers. You import Corporate.inf into the Security Configuration and Analysis console on your Windows XP Professional computer. The analysis is shown in the exhibit. You need to document the security policies that will be enforced for the first time when Corporate.inf is applied to the computers in your office. Which policies should you document?

 

70-270-demo-22

 

  1. the policies that are displayed with an X or an exclamation point in the analysis

  2. the policies that are displayed with a check mark in the analysis

  3. the policies that are displayed as Enabled in the Computer Setting column

  4. the policies that are displayed as Disabled in the Computer Setting column

 

Correct Answer: A

 

 

QUESTION 106

You are the desktop administrator for Contoso, Ltd. The company’s network contains 1,000 Windows XP Professional computers, which are members of a single Active Directory domain. The computers’ hard disks are formatted as NTFS. The company’s software developers release a new custom application. The application uses a .dll file named AppLib.dll, which is installed in a folder named Program FilesContosoOpsApp. The company’s help desk technicians report that several users experience problems when they use the application because the AppLib.dll file was deleted on their client computers. The company’s software developers recommend that you modify the file permissions on AppLib.dll so that users have only Read permission on the file. You need to ensure that all users have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should you do?

 

  1. Write a logon script that moves the AppLib.dll file into the %systemroot%System32 folder. Ensure that Windows File Protection is enabled on all 1,000 Windows XP Professional computers. Apply the logon script to all domain user accounts.

  2. Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions on AppLib.dll. Use the Active Directory Group Policy to import and apply the template to all 1,000 Windows XP Professional computers.

  3. Repackage the customer application in a Windows Installer package. Ask a domain administrator to create a Group Policy object (GPO) that advertises the package to all domain user accounts.

  4. Write a Microsoft Visual Basic Scripting Edition (VBScript) file named Modify.vbs that modifies the file permissions on AppLib.dll. Email Modify.vbs to all company employees and instruct them to double click the file in order to run it.

 

Correct Answer: B

 

 

QUESTION 107

You are the desktop administrator for your company. The company’s network consists of a single Microsoft Windows NT domain. The network contains 2,000 Windows XP Professional computers. The information security department releases a new security template named NewSecurity.inf. You are instructed to apply the new template to all 2,000 Windows XP Professional computers. You use the Security Configuration and Analysis console to import NewSecurity.inf into a security database named NewSec.sdb. You copy NewSec.sdb to a folder named Sec on a server named Server1. You need to apply NewSecurity.inf to the Windows XP Professional computers. What should you do?

 

  1. Use the Security Configuration and Analysis console to export a template named NewSec.inf from NewSec.sdb. Copy NewSec.inf to each client computer.

  2. Write a logon script that copies NewSec.sdb to the %systemroot%System32 folder on each client computer.

  3. Copy NewSec.sdb to the Netlogon shared folder on each domain controller.

  4. Write a logon script that runs the Secedit /configure /db \Server1SecNewSec.sdb command. Apply the logon script to all domain user accounts.

 

Correct Answer: D

 

 

QUESTION 108

You are the desktop administrator for your company. The company’s network contains 500 Windows XP Professional computers. The information security department releases a new security template named NewSec.inf. You import NewSec.inf into a security database named NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the security policies that are defined in NewSec.inf. You discover that the settings in NewSec.inf have not been implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your computer’s local security policy. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)

 

  1. Run the Secedit /configure /db C:NewSec.sdb command.

  2. Run the Secedit /refreshpolicy machine_policy command.

  3. Copy NewSec.inf to the C:WindowsInf folder.

  4. Copy NewSec.sdb to the C:WindowsSystem32MicrosoftProtect folder.

  5. Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a Configure operation.

  6. Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security template.

 

Correct Answer: AE

 

 

QUESTION 109

You are the desktop administrator for one of your company’s branch offices. The network in your branch office contains 100 Windows XP Professional computers. The computers are configured with the Compatws.inf security template. One of the network administrators in the company’s main office creates a new security template named CompanySec.inf. The new template is designed to be applied to each of the company’s Windows XP Professional computers. The users in your branch office have different security requirements from the users in the main office. You need to find out whether the new security template will violate the security requirements of the users in the branch office. What should you do?

 

  1. Run the Secedit.exe command in validation mode and specify the new security template.

  2. Run the Secedit.exe command in configuration mode and specify the new security template.

  3. Use the Security Configuration and Analysis console to import both templates into a security database, and then perform an Analyze operation.

  4. Use the Security Configuration and Analysis console to import both templates into a security database, and then perform a Configure operation.

Correct Answer: C

 

 

QUESTION 110

You are a help desk technician for your company. Your company’s network includes an Active Directory domain and Windows XP Professional computers that are configured as members of the domain. Company policy prohibits users from accessing their computers unless they are authenticated by a domain controller. However, users report that they can log on to their computers, even though a network administrator has told them that a domain controller is not available. As a test, you log off of your computer and disconnect it from the network. You discover that you can log on by using your domain user account. You need to ensure that users cannot access their computers unless they are authenticated by a domain controller. How should you configure the local computer policy on these computers?

 

  1. Enable the Require domain controller to unlock policy.

  2. Set the Number of previous logons to cache policy to 0.

  3. Remove all user and group accounts from the Log on locally user right.

  4. Remove all user and group accounts from the Access this computer from the network user right.

 

Correct Answer: B

 

Instant Access to Download Latest Complete Collection of Microsoft MCSE 70-270 Real Exam

Try Microsoft MCSE 70-270 Free Demo

 

Comments are closed.