Passed Microsoft 70-688 Exam with Pass4sure and Lead2pass PDF & VCE 21-30

Vendor: Microsoft
Exam Code: 70-688
Exam Name: Supporting Windows 8.1
Version: 14.92

You have a computer that runs Windows 8. The computer has a shared folder named C:\Marketing. The shared folder is on an NTFS volume. The current NTFS and share permissions are configured as follows:


UserA is a member of both the Everyone group and the Marketing group. UserA must access
C:\Marketing from across the network.
You need to identify the effective permissions of UserA to the C:\Marketing folder.
What permission should you identify?

A.    Read
B.    Full Control
C.    Modify
D.    Read and Execute

Answer: C
For example, a user named Dan is directly granted the Allow Read and Execute permission for a folder called Marketing. However, the Dan user account is a member of the group Marketing Users, which is granted the Allow Full Control permission, and the group Everyone, which granted the Allow Read permission.
Based on the cumulative nature of NTFS permissions, the user Dan would be granted the effective permission Allow Full Control. This example is fairly basic, and production environments typically involve a much greater number of groups, with both allowed and denied permissions.
In these cases, the Effective Permissions tab can greatly ease the burden of attempting to determine which permissions will or will not apply for a particular user.

Drag and Drop Questions
You support a desktop computer that runs Windows 8 Pro. The computer is joined to an Active Directory domain. The computer has a folder named C:\Reports. The folder NTFS permissions are shown in Exhibit 1. (Click the Exhibit button.)


The folder is shared over the network with Read permission for a domain user account named User1 as shown in Exhibit 2. (Click the Exhibit button.)


Members of the domain security group named Accountants must have access to the shared folder.
You need to assign the required permissions.
Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)




Share Folders From `Users Profile’ Locations & Local Drives
If you want to quickly share a folder residing in local drives or User Profile folders, open Properties dialog from right-click context menu, and then head over to Sharing tab.
From Network File and Folder Sharing section, click Share to open File Sharing dialog.
Now, select Everyone from drop-down menu, and click Add.


This will add Everyone group in File Sharing list, and allow you to change folder access permission. Using Read pull-down menu, you can give read and write permissions to users, and remove Everyonegroup from the File Sharing list.


Once done, click Share to share the folder on the network. It will open a separate dialog, allowing you to email and copy the shared folder link.


Now, you can access the shared folder from any PC connected on the network.

You administer laptops that run Windows 8 Enterprise. The laptops are members of an Active Directory domain and are configured with IPv6 disabled. Some users require access to the internal company database servers while traveling.
You need to configure the requested network connection to the database servers.
What should you configure on the laptops?

A.    A DirectAccess connection to the company network
B.    A virtual private network (VPN) connection to the company network
C.    A metered network connection
D.    Out of band management

Answer: B
DirectAccess cannot be used in this case as IPv6 is disabled and DirectAccess requires IPv6 and IPsec.
IPv6 is the cornerstone of DirectAccess communications
The DirectAccess client always uses IPv6 to communicate with the DirectAccess server.
The DirectAccess server will then forward these connections to IPv6-enabled hosts on the corpnet. The corpnet can use native IPv6 infrastructure (where the routers, switches, operating systems, and applications are all IPv6 capable) or it can use IPv6 transition technologies to connect to IPv6 resources on the corpnet.

You have a desktop computer that runs Windows 8 Enterprise.
You add three new 3-terabyte disks.
You need to create a new 9-terabyte volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From Disk Management, create a new spanned volume.
B.    From Disk Management, convert all of the 3-terabyte disks to GPT.
C.    From PowerShell, run the New-VirtualDisk cmdlet.
D.    From Disk Management, bring all disks offline.
E.    From Diskpart, run the Convert MBR command.
F.    From PowerShell, run the Add-PhysicalDisk cmdlet.

Answer: AB
Create a Spanned Volume
A spanned volume is a dynamic volume consisting of disk space on more than one physical disk. If a simple volume is not a system volume or boot volume, you can extend it across additional disks to create a spanned volume, or you can create a spanned volume in unallocated space on a dynamic disk.
To create a spanned volume using the Windows interface
1. In Disk Management, right click the unallocated space on one of the dynamic disks where you want to create the spanned volume.
2. Click New Spanned Volume.
3. Follow the instructions on your screen.Using GPT Drives
A GPT disk uses the GUID partition table (GPT) disk partitioning system.
A GPT disk offers these benefits:
Allows up to 128 primary partitions.
Master Boot Record (MBR) disks can support up to four primary partitions and an additional 124 partitions inside extended partitions.
Allows a much larger partition size–greater than 2 terabytes (TB), which is the limit for MBR disks.
Provides greater reliability because of replication and cyclical redundancy check (CRC) protection of the partition table.Can be used as a storage volume on all x64-based platforms, including platforms running Windows XP Professional x64 Edition.
Starting with Windows Server 2003 SP1, GPT disks can also be used as a storage volume on x86-based Windows platforms.Can be used as a boot volume on x64-based editions of Windows 7, Windows Vista, and Windows Server 2008.
Starting with Windows Server 2003 SP1, GPT disks can also be used as a boot volume on Itanium-based systems.
Note: Windows only supports booting from a GPT disk on systems that contain Unified Extensible Firmware Interface (UEFI) boot firmware.

You administer laptop and desktop computers that run Windows 8 Pro. Your company uses Active Directory Domain Services (AD DS) and Active Directory Certificate Services (AD CS). Your company decides that access to the company network for all users must be controlled by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?

A.    Install smart card readers on all computers. Issue smart cards to all users.
B.    Enable the Password must meet complexity requirements policy setting.
Instruct users to log on by using the domain \username format for their username and their
strong password.
C.    Create an Internet Protocol security (IPsec) policy that requires the use of Kerberos to authenticate
all traffic.
Apply the IPsec policy to the domain.
D.    Issue photo identification to all users.
Instruct all users to set up and use PIN Logon.

Answer: A
Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates.
A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources.
Registry certificates cannot be used for two factor authentication. Although certificates are ideal candidates for two-factor authentication, registry certificates – which are protected by a strong private key and are the most appropriate certificates for two-factor authentication – cannot be used. The reason for this is that Windows does not support registry certificates and completely ignores them.
As a result, organizations must deploy and manage complex and expensive smart card solutions rather than using registry based certificates.

You administer computers that run Windows 8 Enterprise and are members of an Active Directory domain. Some volumes on the computers are encrypted with BitLocker. The BitLocker recovery passwords are stored in Active Directory. A user forgets the BitLocker password to local drive E: and is unable to access the protected volume.
You need to provide a BitLocker recovery key to unlock the protected volume.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    Ask the user to run the manage-bde -protectors -disable e: command.
B.    Ask the user for his or her logon name.
C.    Ask the user to run the manage-bde -unlock E: -pw command.
D.    Ask the user for his or her computer name.
E.     Ask the user for a recovery key ID for the protected drive.

Answer: DE
Asking user their logon name is a very lame way to verify their identity.
Answers D & E seem to be the best solution, because:
– You need to know computer name in order to find computer object in AD, where bitlocker passwords are store;
– Without recovery key ID you will not know which bitlocker recovery password to use.

Drag and Drop Questions
You support desktop computers for a company named Fabrikam, Inc. The computers are members of the Active Directory domain named Fabrikam works with a supplier named Contoso, Ltd. Each company has a public key infrastructure (PKI), and no public certificate authorities (CAs) are used. Fabrikam employees regularly use a Contoso website that is hosted on a server in the domain. The website requires SSL and mutual authentication.
You need to configure the computers to allow Fabrikam users to access the Contoso website without any warning prompts.
You also need to use the fewest certificates possible.
Which certificate or certificates should you use? (To answer, drag the appropriate certificate to the correct certificate store. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)




* provided the resources. be the trusted root authorities store
* No untrusted certificates
* Not allow access to local computer account (just to user account)
* user account access through client (user) certificate issued by Contoso

A company has 10 client computers that run Windows 8. Employees log on to resources by using multiple accounts.
You need to back up the user name and password for each logon account.
What should you do on each client computer?

A.    Back up each user’s Personal Information Exchange PKCS #12 (.pfx) certificate.
B.    Use Credential Manager to save the information to a USB flash drive.
C.    Use File History to back up the ntuser.dat file.
D.    Run the Export-Certificate Windows PowerShell cmdlet.

Answer: B

A company has client computers that run Windows 8. You implement an AppLocker file hash rule that allows an application to run. You then apply a service pack to the application. When users attempt to run the application, the application is blocked by Group Policy. You need to ensure that the application runs. What should you do?

A.    Enable the Reschedule Automatic Updates scheduled installations Group Policy setting.
B.    Set the wired network connection to non-metered.
C.    Set the wired network connection to metered.
D.    Configure the Automatic Maintenance setting.

Answer: B

You are a systems administrator of a small branch office.
Computers in the office are joined to a Windows 8 HomeGroup.
The HomeGroup includes one shared printer and several shared folders.
You join a new computer to the HomeGroup and try to access the HomeGroup shared folders. You discover that the shared folders are unavailable, and you receive an error message that indicates the password is incorrect.
You need to reconfigure the new computer in order to access the HomeGroup resources.
What should you do?

A.    Adjust the time settings on the new computer to match the time settings of the HomeGroup computers.
B.    Change the HomeGroup password and re-enter it on the computers of all members of the HomeGroup.
C.    Change the default sharing configuration for the shared folders on the HomeGroup computers.
D.    Reset your account password to match the HomeGroup password.

Answer: A
You may receive a misleading error message when trying to join a Windows 7 Homegroup, when the computer’s date and time does not match the date/time of system that owns the homegroup Symptoms
When joining a system to a homegroup, you may receive the following error message “The password is incorrect”, even though you have typed the password correctly.
This can be caused by a difference in the Date and Time settings on the computer trying to join the homegroup, and not an invalid password. If the date/time of the computer joining a homegroup is greater than 24 hours apart from the date/time of the system that owns the homegroup, this will cause the error.
Adjust the date/time settings on the system joining the homegroup, to match the system that owns the homegroup, and then try to join again.

If you want to pass Microsoft 70-688 exam successfully, donot missing to read latest lead2pass Microsoft 70-688 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back