Tựa đề: Microsoft 70 - 270 : Installing, Configuring and administering Microsoft windows XP professional : Version 21.0
Từ khóa: Windows XP
Ngày phát hành: 3-Feb-2010
Series/Report no.: 250 Tr.
250 trang |
Chia sẻ: banmai | Lượt xem: 2094 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Microsoft 70 - 270: Installing, Configuring and administering Microsoft windows XP professional: Version 21.0, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
s for individual resources such as files, Active Directory
objects, and registry keys. The Power Users group cannot, by default, manage the
security and auditing logs. This option is not required for this scenario, however. We
just want the Power users to be able to specify auditing on files and folders.
Subsection, Configure, manage, and troubleshoot account settings (0
questions)
Subsection, Configure, manage, and troubleshoot account policy (2
Questions)
QUESTION NO: 1
You are a help desk technician for TestKing.com. Susan is an executive. Because
Susan travels frequently, she uses a Windows XP Professional portable computer
that has a smart card reader.
Susan asks you to configure her computer so that she can dial in to the company
network when she is out of the office. Company security policy states that dial-in
users must use a smart card when they connect to the network, and that the users
must use the strongest form of data encryption possible. Company security policy
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 224 -
also states that client computers must disconnect if the routing and remote access
server does not support both smart card authentication and the strongest possible
authentication.
You need to configure the dial-up connection properties on Susan’s computer to dial
in to the company network. Your solution must ensure that company security
policies are enforced.
Which three actions should you perform? (Each correct Answer: presents part of
the solution. Choose three)
A. Select the Advanced (custom settings) security option.
B. Select the Require data encryption check box.
C. Select the Typical (recommended settings) security option.
D. Select the Use smart card item from the Validate my identity as follows list.
E. Select the Maximum strength encryption item from the Data encryption list.
F. Select the Allow these protocols option, and select the MS-CHAP v2 check box.
G. Select the Extensible Authentication Protocol (EAP) option, and select Smart
Card or other Certificate from the EAP list.
Answer: A, E, G.
Explanation: Company security policy requires that dial-in users must use a smart card
to connect to the network, must use the strongest form of data encryption possible and
client computers must disconnect if the routing and remote access server does not support
both smart card authentication and the strongest possible authentication. Therefore we
should configure the dial-up connection properties on Susan’s computer by selecting the
advanced settings to set specific protocols and other options. We must then select the
Extensible Authentication Protocol (EAP) option and select Smart Card or other
Certificate from the EAP list. This will enable smart card authentication. We must then
select the Maximum strength encryption item from the Data encryption list to ensure
that only the maximum security is used. This will ensure that client computers will
disconnect if the routing and remote access server does not support both smart card
authentication and the strongest possible authentication.
Incorrect Answers:
B: By select the Require data encryption check box we will ensure that some form of
encrypted authentication occurs but we will not ensure that maximum strength
encryption is used.
C: The Typical (recommended settings) security option does not use maximum
strength encryption.
D: The Use smart card item in the Validate my identity as follows list will not ensure
that only the maximum strength encryption is used, you have to edit the advanced
properties.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 225 -
F: MS-CHAP v2 is not the highest form of encryption.
QUESTION NO: 2
You are a help desk technician for TestKing.com. Marie is a member of your
company's sales department. Marie asks you to configure her Windows XP
Professional portable computer so that she can dial in to the company network
when she is out of the office.
The company uses two servers for Routing and Remote Access: one is a Microsoft
Windows NT server 4.0 computer, and the other is a Windows 2000 Server
computer. Each server contains four modems. Each modem connects to a dial-up
telephone line, and a single telephone number distributes incoming calls across the
eight telephone lines.
Company security policy requires that dial-up logon credentials be encrypted and
use the maximum possible security when they are transmitted.
You need to ensure that Marie can dial in and log on by using her domain user
account. You also need to ensure that company security policy is enforced. How
should you configure the security settings for the dial-up connection?
A. Select the Typical (recommended settings) option.
Select the Require data encryption (disconnect if none) check box.
B. Select the Typical (recommended settings) option.
Select the Require secured password list item from the validation list.
C. Select the Typical (recommended settings) option.
Select the Automatically use my Windows logon name and password (and
domain if any) check box.
D. Select the Advanced (custom settings) option.
On the Advanced Security Settings tab, clear all check boxes except the
Microsoft CHAP Version 2 (MS-CHAP v2) check box.
Answer: D.
Explanation: MS-CHAP version 2 encrypts all authentication traffic and thus meets the
company security policy.
Note: Originally Windows NT 4.0 Server did not support MS CHAP v2. Windows NT
4.0 Server Service pack 4 and later supports MS CHAP V2. It seems safe to assume that
the Windows NT Server 4.0 computer in this scenario has service pack 4.0 or later.
Incorrect Answers:
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 226 -
A: The Require data encryption (disconnect if none) check box will encrypt the data
but not the authentication. It will therefore still permit unencrypted authentication.
B: We should require both secured password and data encryption. We need to ensure the
MS-CHAP v2 is used as it has the strongest encryption. The only way to do this is
with the advanced settings.
C: The Automatically use my Windows logon name and password (and domain if
any) check box will not provide encryption of authentication information.
Subsection, Configure, manage, and troubleshoot user and group rights (0
questions)
Subsection, Troubleshoot cache credentials. (1 question)
QUESTION NO: 1
You are a help desk technician for TestKing.com. Your company's network includes
an Active Directory domain and Windows XP Professional computers that are
configured as members of the domain.
Company policy prohibits users from accessing their computers unless they are
authenticated by a domain controller. However, users report that they can log on to
their computers, even though a network administrator has told then that a domain
controller is not available.
As a test, you log off of your computer and disconnect it from the network. You
discover that you can log on by using your domain user account.
You need to ensure that users cannot access their computers unless they are
authenticated by a domain controller. How should you configure the local computer
policy on these computers?
A. Enable the Require domain controller to unlock policy.
B. Set the Number of previous logons to cache policy to 0.
C. Remove all user and group accounts from the Log on locally user right.
D. Remove all user and group accounts from the Access this computer from the
network user right.
Answer: B.
Explanation: If we log on to a computer and we are authenticated by a Domain
Controller, our logon is cached. If we try to log on again, but no Domain Controller is
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 227 -
available, Windows will look for a cached logon. If one exists, we will be permitted to
log on. To disable this ability, we should configure Windows not to cache logons.
Incorrect Answers:
A: This setting does not exist.
C: This will disable all logons even if a DC is available for authentication.
D: This will not affect the user’s ability to log on locally.
Section 4: Configure, manage, and troubleshoot Internet
Explorer security settings. (9 Questions)
QUESTION NO: 1
You are a help desk technician for Trey Research. All employees use Windows XP
Professional computers. A user named Anne reports a problem browsing the
Internet. She says that she cannot use a search to browse to www.treyresearch.com
You use Remote Assistance to examine search engines on Anne’s computer. When
you try to use the search engine, you receive the following warning message: "You
cannot send HTML forms."
When you try to use other search engines on Anne's computer, you receive the same
message. Anne verifies that she is able to use the search engine to browse the
company intranet without problems.
You need to ensure that Anne can use any search engine to browse the Internet
from her computer. What should you do?
A. Instruct Anne to click the Search button on the Internet explorer toolbar and then
type her search keywords in the form displayed by Internet explorer.
B. Instruct Anne to use https:// instead of http:// when typing the URLs for the
search engines.
Instruct Anne to ensure that Internet Explorer displays a lock icon in its status bar
before she submits information in a form on a Web page.
C. On Anne’s computer, open the Security properties for Internet explorer.
Add www.treyresearch.com to the Trusted Sites list.
Clear the Require server verification for all sites in this zone check box.
D. On Anne’s computer, open the Security properties for Internet explorer.
In the security settings for the Internet zone, select the Submit non-encrypted
form data option.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 228 -
Answer: C.
Explanation: The Trusted sites zone is intended for sites that we consider absolutely
safe. In our scenario the www.treyresearch.com should be considered safe, since it is the
URL of the company. The Require server verification for all sites in this zone check
box specifies whether Internet Explorer verifies that the server for a Web site is secure
before connecting to any Web site in this zone. By clearing this option http traffic would
be allowed and https would not be required.
Incorrect Answers:
A: This is a security configuration problem. The user does not need to be instructed how
to perform the search – the procedure is correct.
B: It would be awkward for the users to type https://. It is better to clear the Require
server verification for all sites in this zone check box for the zone
www.treyresearch.com. This would allow http traffic.
D: This option is the default setting. No encrypted data would be needed to access the
site www.treyresearch.com.
QUESTION NO: 2
You are a help desk technician for your company Litware,Inc. Litware, Inc.
maintains a secure intranet Web site at intranet.litwareinc.com. All employees use
Windows XP Professional computers.
A user named Katherine reports that she cannot access the secure Web site by using
Internet explorer. When she types into the Internet
explorer address bar, an error message reports that the digital certificate is not
from a trusted source.
You confirm that the intranet Web server is using a digital certificate issued by your
company's Enterprise Certificate Authority. The Enterprise Certificate Authority is
located on a server named certificates.litwareinc.com
You need to ensure that Katherine can access the secure intranet Web site without
receiving an error message. What should you do?
A. Ask a network administrator to modify the properties for IIS on
intranet.litwareinc.com and set the SSL port number to 443.
B. Ask your network administrator to create a Certificate Trust List (CTL) that
includes your Enterprise Certificate Authority. On Katherine’s computer, open the
Certificates settings for Internet explorer and import the CTL.
C. On Katherine’s computer, open the security properties for Internet Explorer. Add
intranet.litwareinc.com to the Trusted Sites list.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 229 -
D. On Katherine’s computer, open the Security properties for Internet Explorer.
Open the Trusted Sites dialog box, and select the Require server verification
for all sites in this zone check box.
E. On Katherine’s computer, open Internet Explorer’s list of certificates. Import a
copy of the certificate used by the intranet.litwareinc.com server into Katherine’s
Trusted Publishers certificates store.
Answer: E.
Explanation: The Internet Explorer Certificate Manager enables you to install and
remove trusted certificates for clients and CAs. Many CAs have their root certificates
already installed in Internet Explorer. You can select any of these installed certificates as
trusted CAs for client authentication, secure e-mail, or other certificate purposes, such as
code signing and time stamping. If a CA does not have its root certificate in Internet
Explorer, you can import it. Each CA’s Web site contains instructions that describe how
to obtain the root certificate. To install or remove clients and CAs from the list of trusted
certificates click Internet Options on the Tools menu, and then click the Content tab.
Click Certificates and then click the Trusted Publishers tab. To add other certificates to
the list, click Import. The Certificate Manager Import Wizard steps you through the
process of adding a certificate.
Incorrect Answers:
A: This is the default setting and so does not need to be changed.
B: You do not need to create a new list. You can add certificates to the existing list.
C: The Trusted sites zone is intended for sites that you consider absolutely safe. For
the most part, IE will accept just about any type of content from such sites, without
considering potential harm. The only exception is that users will be prompted
before downloading unsigned ActiveX controls or ActiveX controls that have not
been marked as safe. We want to avoid this prompting.
D: The Require server verification for all sites in this zone setting specifies whether
Internet Explorer should verify that the server for a Web site is secure before
connecting to any Web site in this zone. This setting does not concern digital
certificates.
QUESTION NO: 3
You are a help desk technician for TestKing.com. All users have Windows XP
Professional computers.
A user named Richard reports that he cannot access www.southridgevideo.com, an
Internet Web site, by using Internet explorer. Whenever Richard types
into the Internet explorer address bar, he receives
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 230 -
the following error message; “Your security settings prohibit the display of
unsigned ActiveX Controls.”
According to company policy, users should download unsigned ActiveX control only
from Internet Web sites that have been approved by the company's information
security department.
You verify that www.southridgevideo.com is listed as an approved Web site. On
Richard’s computer, you also verify that Internet explorer is configured with the
default settings.
You need to ensure that Richard can access www.southridgevideo.com without
receiving an error message. You also want to comply with company properties for
Internet explorer on Richard’s computer.
You need to configure Richards's computer. First, you open the Security properties
for Internet Explorer on Richards's computer.
Which two actions should you perform next? (Each correct Answer: presents part
of the solution. Choose two)
A. Add www.southridgevideo.com to the Trusted Sites list.
B. Remove www.southridgevideo.com from the Restricted Sites list.
C. In the Internet zone settings, enable the Allow unsigned ActiveX control option.
D. Open the Local intranet sites dialog box and clear the Include all network
paths check box.
E. Open the Trusted Sites dialog box and clear the Require server verification for
all sites in this zone check box.
F. Open the Intranet Sites dialog box. In Advanced properties, add
www.southridgevideo.com to the list of Web sites.
Answer: A, E.
Explanation: The Trusted sites zone is intended for sites that you consider absolutely
safe. For the most part, Internet Explorer will accept just about any type of content from
such sites, without considering potential harm. The only exception is that users will be
prompted before downloading unsigned ActiveX controls or ActiveX controls that have
not been marked as safe.
The Require server verification for all sites in this zone check box specifies whether
Internet Explorer verifies that the server for a Web site is secure before connecting to any
Web site in this zone. By clearing this option http traffic would be allows and https would
not be required.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 231 -
Incorrect Answers:
B: www.southridgevideo.com has not been added to the Restricted Sites list. Unsigned
drivers are disabled by default in the Internet zone.
C: Enabling the Allow unsigned ActiveX control option in the Internet zone would give
access to www.southridgevideo.com but it would also allow downloading of unsigned
from any internet site. This would break company policy which only allows
downloading of unsigned drivers from approved sites.
D: This is not a problem with a local intranet site. It is a problem with a public Internet
site.
F: The Intranet zone does not allow unsigned controls by default.
QUESTION NO: 4
You are a help desk technician for TestKing.com. Michael and Veronica are users in
your company's marketing department. Michael and Veronica use Windows XP
Professional portable computers.
Michael and Veronica use Internet explorer to connect to a Web-based Internet e-
mail service. Michael reports that he is required to provide a user name and
password each time he accesses the Web site. However, Veronica is not required to
log on each time she accesses the Web site. The Web site remembers Veronica’s user
name and password.
You need to configure Michael’s computer so that the Web site can remember his
user name and password. How should you configure Internet explorer on Michael’s
computer?
A. Set the security level for the Internet zone to medium.
B. Set the privacy configuration for First party cookies to accept.
C. Modify the privacy configuration so that the Always allow session cookies check
box is selected.
D. Modify the security configuration so that the Internet e-mail Web site is included
in the Trusted Sites list.
Answer: B.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 232 -
Explanation: A cookie is a text file that the Web site places on our hard disk. In this
case, the text file would contain the username and password. First-party cookies are
cookies that are associated with the host domain. Third-party cookies are cookies from
any other domain.
Incorrect Answers:
A: This would affect all the security settings. We only need to change one setting.
C: Session cookies are deleted when the user disconnects from the Web site. We need a
permanent cookie so the information is still there after we disconnect from the
website.
D: This will not resolve the problem. The site needs to write a cookie to our hard disk.
QUESTION NO: 5
You are the administrator of 20 Windows XP Professional computers for Contoso,
Ltd. The computers are members of a Windows 2000 domain. The domain contains
an enterprise certification authority (CA). The CA is used to issue Web server
certificates to the human resources (HR) department's intranet Web servers.
When users connect to the intranet Web servers at https://intra.hr.contoso.com, the
Security Alert dialog box appears, as shown in the exhibit.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 233 -
You want to ensure that the users can securely connect to the HR department's
intranet Web servers and that the Security Alert dialog box does not appear. What
should you do?
A. Add *.hr.contoso.com to the list of sites in the Local intranet zone.
B. Add the server certificate for intra.hr.contoso.com to the Trusted Publishers list.
C. Add the enterprise CA root certificate to the Trusted Root Certificate
Authorities list.
D. Configure Internet Explorer to enable the Use TLS 1.0 option
Answer: C
Explanation: The clients receive the certificate, but they don't trust the publisher of the
certificate. We should add the certificate of issuing CA, the CA root certificate, to the
Trusted Root Certificate Authorities list.
Incorrect Answers:
A: Adding the domain to the Local intranet zone, would set the security level for this
Internet domain. It would not, however, remove the Security Alert dialog box. The
clients must be configured to trust the Certificate Authority.
B: First the certifying authority must be trusted. The server for intra.hr.contosos.com is a
Web server, not a Certificate Authority.
D: The clients must be configured to trust the Certificate Authority. This is not achieved
by enabling the Use TLS 1.0 option. TLS 1.0 is communication protocol, and it is not
involved in security.
QUESTION NO: 6
You are the administrator of 300 Windows XP Professional computers. The
computers are members of a Windows 2000 domain and are connected to the
Internet.
A user named Andrea reports that when she attempts to place an online order at
https://www.contoso.com/sales, she receives the dialog box that is shown in the
Security Alert exhibit.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 234 -
When you connect to https://www.contoso.com/sales from other Windows XP
Professional computers, you do not receive an error message.
You verify that Andrea correctly typed the address of the Web site. The security
certificate that was returned from the Web site to Andrea's computer is shown in
the Certificate exhibit.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 235 -
You want to ensure that Andrea can securely place an online order at
https://www.contoso.com/sales without receiving an error message stating that the
security certificate and the site name do not match. What should you do?
A. Use the Certificate Import Wizard to install the certificate in the certificate store.
B. Configure Internet Explorer to enable the Check for server certificate
revocation option.
C. Configure Internet Explorer to add www.contoso.com to the list of sites in the
Trusted sites zone.
D. Update the Hosts file on Andrea's computer. Use virus-detection software to
check for Trojan horse applications that might have changed the Hosts file.
Answer: B
Explanation: The first exhibit shows that the security certificate is from a trusted
certifying authority, but that name of the security certificate is invalid or does not match
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 236 -
the name of the site. The second exhibit shows the Canonical Name (CN) incorrectly is
set to warez.cpandl.com instead of the correct www.contoso.com. Clearly this certificate
should not be trusted. We should make Internet Explorer to check if certificates already
have been revoked. We must enable the Check for server certificate revocation option
(see note below).
Note: Entrust.net's Certificate Revocation List (CRL) is a list of every Web server
certificate that has been revoked. Revoked Web server certificates are no longer trusted
for a variety of reasons ( for example, the private key has been lost or compromised).
Modern browsers will automatically check a CA's CRL to determine if a Web server
certificate is trustworthy. Without such a capability, it is not possible to maintain a
trustworthy networking environment.
End users who have Internet Explorer 5.0 or higher can turn on Auto CRL by following
the steps below:
1. Click on the Tools menu
2. Select Internet Options
3. Select the Advanced tab
4. Scroll down to Security Options and make sure the following 2 options are
checked:
- Check for publisher's certificate revocation
- Check for server certificate revocation
5. Restart your machine
Reference: What are the benefits of Entrust.net's Web server certificate service?
Incorrect Answers:
A: The second exhibit shows that the exhibit is certificate is not trustworthy. The
Canonical Name, warez.cpandl.com, and the O=Contoso fake site is a clear indication
of this. We should not use this certificate.
C: The problem is that the certificate is fake, not that www.contoso.com is not trusted.
D: This is not a name resolution problem. The problem is the fake certificate.
Note: The Hosts file contains host name to IP address mappings.
QUESTION NO: 7
You are the administrator of 20 Windows XP Professional computers. The
computers are members of a Windows 2000 domain and are used by your
company’s Web developers.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 237 -
The Web developers report that that can access the company’s intranet Web servers
successfully when they use short DNS names, such as and
However, when they attempt to access the intranet servers by
using the corresponding IP addresses, such as and
they cannot download ActiveX components or execute scripts from the intranet
servers. For testing purposes, the Web developers access the intranet servers by
using the IP addresses.
The IP addresses of the intranet servers are in the 10.65.1.0/24 address range. There
is no firewall between the intranet servers and the Windows XP Professional
computers that are used by the Web developers.
You want to ensure that the Web developers can download ActiveX components
and execute scripts when they access the intranet servers by using the IP addresses.
You do not want to change the current settings for ActiveX components and scripts
for Internet Explorer security zones.
What should you do?
A. Add the 1.65.10.in-addr.arpa reverse zone to the DNS server on the company
network.
B. Add 10.65.1.* to the list of sites in the Local intranet zone.
C. Configure the Internet Explorer LAN connection settings to disable the Bypass
proxy server for local addresses option.
D. Configure the Local intranet zone to disable the Include all local (intranet)
sites not listed in other zones option.
Answer: B
Explanation: A security setting prevents the downloading of ActiveX components and
the execution of scripts when IP addresses are used. We solve this problem by explicitly
adding the Web site to the Local intranet (see below). Local intranet sites are considered
to be trusted and ActiveX components would be download and scripts would execute.
Procedure: Open Internet Explorer->Tools Menu->Internet Options->Security tab-
>Select Local Intranet->Sites button->Advanced button->finally add the site (see
picture).
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 238 -
Incorrect Answers
A: There is no need to add entries to the DNS zone since the web servers can be
accessed. Furthermore, reversed entries would be of no use here.
C: There is no firewall or proxy between the web servers and the clients.
D: If we disable the Include all local (intranet) sites not listed in other zones the local
zones would no longer be considered local. This would be counterproductive. We
want to add the IP address range to the zone, not remove sites from the local zone.
QUESTION NO: 8
You are the administrator of a Windows XP Professional computer. The computer
is a member of a Windows 2000 domain. The domain contains an enterprise
certification authority (CA). You use the computer to connect to the Internet.
Six months ago, you paid for online computer support services from a support
company. The support company's Web site is at https://www.testkings.com. Now
you attempt to connect to the Web site again to use the support service. Before the
Web page is displayed, you receive a dialog box. The message in the dialog box asks
you to select a certificate to use when you connect. However the list of certificates
that is shown in the dialog box is empty. You cannot select a certificate and you
cannot connect to the companys. Web page.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 239 -
In Internet Explorer, you open the Internet Options dialog box and check
Certificates. Several personal certificates appear in the Advanced Purposes list.
You want to be able to connect to the support company's Web site at
https://www.testkings.com. What should you do?
A. Configure Internet Explorer to enable the Use TLS 1.0 option.
B. Add the server certificate for www.testkings.com to the Trusted Publishers list.
C. Contact the support company to obtain a certificate and add the certificate to the
list of personal certificates.
D. Request a user certificate from the enterprise CA.
E. Change the security settings of the Internet zone to enable the Anonymous logon
option.
Answer: C
Explanation: We need provide a valid certificate to be able to access the support site.
We should ask the support company to provide us with an appropriate certificate.
Note: Secure Sockets Layer (SSL) uses certificates for authentication.
Incorrect Answers
A: TLS (Transport Layer Security) 1.0 is used for backward compatibility. It would not
be helpful here.
B: The scenario does not seem to indicate that the client receives any server certificate
from the support company. The client is immediately required to provide a certificate.
D: A certificate from a local Certificate Authority would no help accessing the external
site.
E: Logon credentials are not used with SSL. Certificates are used instead.
QUESTION NO: 9
Exhibit:
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 240 -
You are the administrator of a Windows XP Professional portable computer at the
TestKing.com main office in Toronto. When you are traveling, you often dial in to
the Internet to connect to TestKing.com’s network.
TestKing has a policy that prohibits Web sites that do not have a Platform for
Privacy Preferences (P3P) privacy policy from saving cookies on employees’
computers. Web sites that do not have a P3P policy are allowed to save cookies. You
configure Internet Explorer to comply with TestKing policy.
After you make this configuration change, you receive a Privacy dialog box when
you visit Web sites that do not comply with TestKing policy. The Privacy dialog box
is shown in the exhibit.
However, you notice that these Web sites still welcome you based on personalized
information. The Restricted Web sites list in the privacy reports lists blocked
cookies for these Web sites.
You want to ensure that Web sites that do not comply with TestKing.com’s policy
cannot track your access to their Web sites.
What should you do?
A. Change the Privacy setting to High.
B. Change the Advanced Privacy setting to block cookies for first-party and third-
party cookies.
C. Change the Temporary Internet Files setting to check for newer versions of stored
pages every time you start Internet Explorer.
D. Delete existing cookies that you received from the noncompliant Web sites.
Answer: D
Explanation: The web sites are able to welcome you based on personalized information
because their cookies already exist on your computer from previous visits to the sites. To
prevent this, you need to delete your existing cookies.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 241 -
Incorrect Answers:
A: The Privacy setting will not affect existing cookies. It will only block new cookies.
B: This will block new cookies. It won’t affect the existing cookies.
C: This will check for newer versions of cached web pages. It will not affect existing
cookies.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 242 -
Questions that are not be allocated in the above Topics
(8 Questions)
QUESTION NO: 1
You are the desktop administrator for your company’s sales department. There are
20 Windows 2000 Professional portable computers in the sales department. You
need to upgrade these computers to Windows XP Professional.
You are able to successfully upgrade all 20 of the computers. However, one user
reports that he is unable to open Add or Remove Program in Control Panel. You
suspect that there is a corrupt .dll file.
You want to repair this user’s computer with the least amount of administrative
effort. What should you do?
A. Run the Sfc.exe command to scan the computer.
B. Run the Sigverif.exe command to verify file signatures.
C. Run the Verify command to ensure file verification.
D. Restart the computer, and select the last known good configuration.
Answer: A
Explanation: In Windows 2000 and Windows XP, the Windows File Protection (WFP)
feature prevents overwriting or replacement of certain system files, such as system .dll
files. A command-line utility called System File Checker (SFC.EXE) allows an
Administrator to scan all protected files to verify their versions. SFC.exe scans all
protected system files and replaces incorrect versions with correct Microsoft versions.
In this scenario it seems likely that a system .dll is corrupted and should be replace or
repaired-
Reference:
Windows 2000 Platform Development, Windows File Protection and Windows
How to Use the File Signature Verification Tool to Find Third-Party Drivers (Q259283)
Incorrect Answers:
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 243 -
B: The Windows Signature Verification tool (Sigverif.exe) can be used to identify
unsigned drivers on a Windows-based computer. However, it would not be able to
repair or replace corrupted .dll files.
C: There is no specific command called Verify in Windows XP that verifies files.
Instead the sfc.exe command can be used to verify system files.
D: Last Known Good configuration would be useless since the computer has just been
upgraded from Windows 2000 Professional.
QUESTION NO: 2
You are the desktop administrator for you company’s sales department. The IT
manager for the sales department needs to distribute three custom applications to
the department’s Windows XP Professional computers. She deploys these
applications by using Group Policy.
Some users report that they must log several times before the newly deployed
applications are present on their computers. You need to ensure that all software is
deployed the next time the users log on.
What should you do?
A. Enable the Always wait for the network at computer startup and logon policy.
B. Enable the Always use classic logon policy.
C. Enable the Turn off background refresh of Group Policy policy.
D. Enable the Group Policy slow link detection policy.
Answer: A
Explanation: By default Windows XP clients, contrary to Windows 2000 clients, use
Fast Logon Optimization. This results in the asynchronous application of policy when the
computer starts up and when the user logs on. This makes the logon process faster, but
some GPOs might not be applied. To ensure that all GPOs are applied we should enable
the Always wait for the network at computer startup and logon policy. This would
force the Windows XP clients to process the GPOs synchronously which guarantee that
they are all applied.
In this scenario this would ensure that the all published software would be deployed next
time the users log on.
Reference:
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 244 -
Professor Windows - February 2002, Managing a Windows 2000 Domain with Windows
XP Professional Clients Present
MSDN, Platform SDK: Policies and Profiles, Logon Optimization
Microsoft Windows XP Professional Administrator's Pocket Consultant, Chapter 8,
Working with Logon and Startup Policies
MSDN, Platform SDK: Policies and Profiles, Background Refresh of Group Policy
Windows 2000 Server documentation, Policy for Group Policy: User configuration
Incorrect Answers:
B: The Always use classic logon policy only override the default simple logon screen
and uses the logon screen from previous versions of Windows. It would not affect the
processing of GPOs.
C: The Background Refresh of Group Policy determines how often the GPOs are
refreshed. If we enable the Turn off background refresh of Group Policy no GPOs
would be refreshed. This would not address the current problem.
D: The Group Policy slow link detection policy defines a slow connection for purposes
of applying and updating Group Policy. There is no indication that any slow WAN
links are used in this scenario however.
QUESTION NO: 3
You are the administrator of 150 Windows XP Professional computers. The
computers are members of a Windows 2000 domain. You use Group Policy objects
(GPOs) and Windows Installer to install applications on the computers.
Users in the App Managers group frequently need access to new applications. You
want to deploy the applications so that they can be used from all 150 Windows XP
Professional computers. You do not want the deployed applications to appear on
users’ Start menus before the applications are installed.
What should you do?
A. Use a GPO linked to the domain to assign the new applications to users.
Filter the GPO for the App Managers group.
B. Use a GPO linked to the domain to publish the new applications to users.
Filter the GPO for the App Managers group.
C. Use a GPO linked to the domain to assign the new applications to computers.
Filter the GPO for the App Managers group.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 245 -
D. Use a GPO linked to the domain to publish the new applications to computers.
Filter the GPO for the App Managers group.
Answer: B
Explanation: Published applications do not appear in the Start menu. You must install
them with the Add/Remove Programs Control Panel applet. Applications can only be
published to users, not to computers.
Reference: Microsoft Windows 2000 Server White Paper, Windows 2000 Group Policy
Incorrect Answers:
A: We cannot use assigned applications as they appear on the Start menu.
C: We cannot use assigned applications as they appear on the Start menu.
D: Applications cannot be published to computers, only assigned.
QUESTION NO: 4
You are the desktop administrator for TestKing.com. You install Windows XP
Professional on a new portable computer that will be used by one of the company’s
software developers. You test the computer after you complete the installation and
find out the computer functions properly.
The computer contains a 6-GB hard disk and a removable 4-GB hard disk. The 6-
GB hard disk is configured as drive C, and the removable hard disk is configured as
disk D. You install Windows 98 on drive D and deliver the computer to the software
developer.
The software developer reports that the computer does not start when drive D is not
connected. Instead, the computer briefly displays an operating system menu, and
then it displays an error message stating that an operating system could not be
found. When drive D is connected, the computer starts Windows 98.
You need to configure the computer so that it starts Windows XP Professional
whether or not drive D is connected. What should you do?
A. Modify the computer’s BIOS so that it automatically detect whether drive D is
connected.
B. Modify the computer’s BIOS so that drive C is first in the computers boot
order.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 246 -
C. Modify the Boot.ini file on the computer by changing the default= entry to the
following value: multi(0)disk(0)rdisk(0)partition(1)=”Microsoft Windows
XP Professional” /fastdetect
D. Modify the Boot.ini file on the computer by changing the entry for Windows
98 to the following value: D: “Microsoft Windows 98” /fastdetect
Answer: C
Explanation: The scenario indicates that the computer always tries to start from the
second disk:
• When the second disk is connected it starts from it.
• When only the first disk is connected it fails to start.
We must change the default start entry to the first disk. This is achieved by changing the
default entry to:
multi(0)disk(0)rdisk(0)partition(1)=”Microsoft Windows XP Professional”
/fastdetect
Incorrect Answers
A: This is not a feature that can be configured in BIOS. Furthermore, the BIOS always
detects if any drives are connected in the first place.
B: The C drive is already the drive which the computer boots from. It is just that disk 2
is the default boot disk.
D: This is not the format of boot.ini entries.
QUESTION NO: 5
You are the desktop administrator for TestKing.com’s sales department. The IT
manager for the sales department wants to ensure that each Windows XP
Professional event log retains approximately 5 MB of data. He deploys this policy to
the computers in the sales department by using Group Policy.
You find out that the policy has not been applied consistently. You need to ensure
that the policy is applied consistently. Which command should you run?
A.Secedit /refreshpolicy user_policy
B.Secedit /refreshpolicy machine_policy
C.Gpupdate /target:computer
D.Gpupdate /target:user
Answer: C
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 247 -
Explanation: The Gpupdate command refreshes local and Active Directory–based
Group Policy settings, including security settings. This command supersedes the now
obsolete /refreshpolicy option for the secedit command.
We should apply the policy to the computers, not to the users.
Reference: Windows XP help, gpupdate
Incorrect Answers
A, B: The "old" secedit.exe was replaced with GPUpdate.
D: We should apply the policy to the computers, not to the users.
QUESTION NO: 6
You are the desktop administrator for TestKing.com. The company has an Active
Directory domain that includes 15 Microsoft Windows NT Workstation 4.0
computers and 20 new Windows XP Professional computers.
Domain users of Windows NT Workstation 4.0 computers can run an older
application, developed by TestKing, on their computer. However, domain users of
Windows XP Professional computers cannot run the same legacy application on
their computers.
You need to enable all users of Windows XP Professional computers to run this
application. Your solution must not give the users administrative control of their
computers.
You create an organizational unit (OU) named Pro and a Group Policy object
(GPO) named TestKingLegacy. How should you reconfigure the Windows XP
Professional computers?
A. Add the domain user accounts to the Pro OU. Import the Basicwk.inf security
template to the TestKingLegacy GPO.
B. Add the domain user accounts to the Pro OU. Import the Compatws.inf security
template to the TestKingLegacy GPO.
C. Add the computer accounts to the Pro OU. Import the Basicwk.inf security
template to the TestKingLegacy GPO.
D. Add the computer accounts to the Pro OU. Import the Compatws.inf security
template to the TestKingLegacy GPO.
Answer: D
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 248 -
Explanation: We must use the Compatws.inf security template to make the Legacy
application to run. The security template should be applied to the specific computers.
Note: The Compatible template changes the default file and registry permissions that are
granted to Users in a manner that is consistent with the requirements of most non-
certified applications. Additionally, since it is assumed that the administrator that is
applying the Compatible template does not want end users to be Power Users, the
Compatible template also removes all members of the Power Users group.
Reference: Windows XP Help, Predefined security templates
Incorrect Answers
B: The Security template should be applied to computers, not users.
A, C: There is no basicwk.inf security template in Windows XP.
QUESTION NO: 7
You are the desktop administrator for TestKing. Laura is a user in TestKing's
accounting department. Laura uses a Windows XP Professional computer. Laura
installs a new software application that was listed in her Add or Remove Programs
list.
Laura reports that the new application now opens whenever she double-clicks any
file that has a .doc file name extension. She also reports that 24 new icons appear on
the New menu when she right-clicks her desktop. Laura asks you to reconfigure her
computer so that Microsoft Word opens when she double-clicks files that have a
.doc file name extension. She also wants you to remove the new icons from the New
menu.
You instruct Laura to uninstall the new application. After she uninstalls the
application, she reports that she can no longer open .doc files by double-clicking
them. She also reports that the unwanted icons on the New menu are still present.
You reinstall the new application, and it continues to open when Laura double-
clicks .doc files.
You want to restore the .doc file association and to remove the unwanted icons from
the New menu on Laura's computer. You want to accomplish these tasks as quickly
as possible. You also want to ensure that none of Laura's other documents or
personal settings are affected.
What should you do?
A. Restore the computer to the restore point that was created when Laura installed
the new application.
B. Restore the System State data to Laura's computer from a backup tape.
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 249 -
C. Use the Windows XP Professional CD-ROM to perform an Automated System
Recovery (ASR) restore.
D. Restart the computer by using the last known good configuration.
Answer: A
Explanation: System Restore is a component of Windows XP Professional that you can
use to restore your computer to a previous state, if a problem occurs, without losing your
personal data files (such as Microsoft Word documents, browsing history, drawings,
favorites, or e-mail). System Restore monitors changes to the system and some
application files, and it automatically creates easily identified restore points. These
restore points allow you to revert the system to a previous time. They are created daily
and at the time of significant system events (such as when an application or driver is
installed). You can also create and name your own restore points at any time.
Incorrect Answers:
B: Restoring the system state data will not remove the application or restore file
associations.
C: An Automated System Recovery (ASR) restore would be used to repair a computer
that won’t boot. It is not used to restore file associations or remove applications.
D: The last known good configuration will return the registry to its state at the time of
the last successful logon. This will not restore file associations or remove applications.
QUESTION NO: 8
You are the desktop administrator for TestKing's sales department. The IT
manager for the sales department needs to distribute a custom application to the
Windows XP Professional computers in the sales department. He deploys the
software by using Group Policy.
Susan is a user in the sales department. She reports that the custom application is
not available. You examine her computer, and you verify that the application is not
present on her computer.
You want to ensure that the software is deployed the next time Susan logs on.
Which command should you run?
A. Secedit /refreshpolicy user_policy /enforce
B. Secedit /refreshpolicy machine_policy /enforce
C. Gpupdate /target:computer /sync
D. Gpupdate /target:user /sync
Answer: C
70 - 270
Leading the way in IT testing and certification tools, www.testking.com
- 250 -
Explanation: The question states that the application is deployed to the computers.
Therefore, we need to refresh the computer policy. The command to refresh the
computer policy is gpupdate /target:computer /sync. This command has replaced the
old secedit /refreshpolicy command.
Incorrect Answers:
A: The secedit /refreshpolicy command has been superseded by the gpupdate
command.
B: The secedit /refreshpolicy command has been superseded by the gpupdate
command.
D: The question states that the application is deployed to the computers. Therefore, we
need to refresh the computer policy, not the user policy.
Các file đính kèm theo tài liệu này:
- test 70270.pdf