You are the desktop administrator for Contoso, Ltd. The company’s network contains 1,000 Windows XP Professional computers, which are members of a single Active Directory domain. The computers’ hard disks are formatted as NTFS.
The company’s software developers release a new custom application. The application uses a .dll file named AppLib.dll, which is installed in a folder named \Program Files\Contoso\OpsApp.
The company’s help desk technicians report that several users experience problems when they use the application because the AppLib.dll file was deleted on their client computers. The company’s software developers recommend that you modify the file permissions on AppLib.dll so that users have only Read permission on the file.
You need to ensure that all users have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should you do?
A. Write a logon script that moves the AppLib.dll file into the %systemroot%\System32 folder. Ensure that Windows File Protection is enabled on all 1,000 Windows XP Professional computers. Apply the logon script to all domain user accounts.
B. Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions on AppLib.dlI. Use Active Directory Group Policy to import and apply the template to all 1,000 Windows XP Professional computers.
C. Repackage the custom application in a Windows Installer package. Ask a domain administrator to create a Group Policy object (GPO) that advertises the package to all domain user accounts.
D. Write a Microsoft Visual Basic Scripting Edition (VBScript) file named Modify.vbs that modifies the file permissions on AppLib.dlI. E-mail Modify.vbs to all company employees and instruct them to double-click the file in order to run it
Correct Answer: B
You are the desktop administrator for your company. The company’s network contains 500 Windows XP
Professional computers. The information security department releases a new security template named
You import NewSec.inf into a security database named NewSec.sdb. You analyze the result, and you
review the changes that the template makes.
You examine the security policies that are defined in NewSec.inf. You discover that the settings in
NewSec.inf have not been implemented on your computer.
You need to ensure that the settings in NewSec.inf overwrite the settings in your computer’s local security
policy. What are two possible ways to achieve this goaI? (Each correct answer presents a complete
solution. Choose two.)
A. Run the Secedit /configure /db C:\NewSec.sdb command.
B. Run the Secedit /refreshpolicy machine_policy command.
C. Copy NewSec.inf to the C:\Windows\Inf folder.
D. Copy NewSec.sdb to the C:\Windows\System32\Microsoft\Protect folder.
E. Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a Configure operation.
F. Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security template.
Correct Answer: AE
You are the administrator of 10 Windows XP Professional computers for your company. The computers
are members of a Windows 2000 domain.
Because the computers are used in a public area in the cafeteria, you audit all security events on the
A user named Marc reports that he was using one of the Windows XP Professional computers when the
computer suddenly shut down with a STOP error. When the computer restarted, Marc attempted to log on
by using the same user name and password that he used before. Marc received the following error
message: “Your account is configured to prevent you from using this computer. PIease try another
computer.” Marc states that he did not do anything to cause the STOP error to occur.
You want to ensure that Marc can use this computer. What should you do?
A. On the computer, save and clear the security log, set the CrashOnAuditFail setting to 1, and restart the computer.
B. On the computer, modify the local audit policy so that system events are not audited, set the CrashOnCtrIScroll setting to 1, and restart the computer.
C. In the domain, modify Marc’s Logon Workstations list to include the name of the computer.
D. In the domain, modify Marc’s account properties to unlock the account.
Correct Answer: A
You are a help desk technician for your company. Your company’s network includes an Active Directory domain and Windows XP Professional computers that are configured as members of the domain.
Company policy prohibits users from accessing their computers unless they are authenticated by a domain controller. However, users report that they can log on to their computers, even though a network administrator has told them that a domain controller is not available.
As a test, you log off of your computer and disconnect it from the network. You discover that you can log on by using your domain user account.
You need to ensure that users cannot access their computers unless they are authenticated by a domain controller. How should you configure the local computer policy on these computers?
A. Enable the Require domain controller to unlock policy.
B. Set the Number of previous logons to cache policy to 0.
C. Remove all user and group accounts from the Log on locally user right.
D. Remove all user and group accounts from the Access this computer from the network user right.
Correct Answer: B
You are a help desk technician for your company. AII users have Windows XP Professional computers.
Ten users run a custom application named Finance on their computers. Finance stores user passwords in
a file named Passwords.ini.
By default, the Passwords.ini file is stored in a folder named C:\Winnt\App1. The location and name of the
file can be changed by an administrator.
Each Passwords.ini file is unique. Each computer contains a single logical drive, which is drive C and is
formatted as NTFS.
In order to comply with a new company security policy, you need to ensure that the Passwords.ini files are
encrypted. What should you do?
A. In the properties of the C:\Winnt\App1 folder, use Windows Explorer to select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box.
B. Ask a network administrator to share a new encrypted folder named PassFiles on a network server and to permit users to read the files contained within the folder. Copy the Passwords.ini file from each computer into the PassFiles folder. On each computer, configure Finance to use the Passwords.ini file
in the PassFiles folder.
C. Create a folder named C:\Files. Copy the Passwords.ini file to the C:\Files folder. In the properties of the C:\Files folder, select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:\Files\Passwords.ini file.
D. Create a folder named C:\Files. Move the Passwords.ini file to the C:\Files folder. Instruct the user of each computer to open the properties of the C:\Files folder and select the option to encrypt the contents of the folder. Accept the default settings on the Confirm Attributes Changes dialog box. Configure Finance to use the C:\Files\Passwords.ini file.
Correct Answer: D
You are the administrator of a Windows XP Professional portable computer. When you are traveling, you often dial in to the internet to connect to your company network.
After you make this configuration change, you receive a Privacy dialog box when you visit Web sites that do not comply with company policy. The Privacy dialog box is shown in the exhibit. (Click the Exhibit (X)button.)
However, you notice that these Web sites still welcome you based on personalized information. The Restricted Web sites list in the privacy report lists blocked cookies for these Web sites.
You want to ensure that Web sites that do not comply with your company policy cannot track your access to their Web sites. What should you do?
A. Change the Privacy setting to High.
B. Change the Advanced Privacy setting to block cookies for first-party and third-party cookies.
C. Change the Temporary internet Files setting to check for newer versions of stored pages every time you start internet Explorer.
D. Delete existing cookies that you received from the noncompliant Web sites.
Correct Answer: D
You are the administrator of the Windows XP Professional portable computers that are used by your company’s sales representatives. The computers are members of a Windows 2000 domain. A Windows 2000 Server computer named Server1 contains the sales data used by the sales representatives in a shared folder named Data.
When sales representatives travel, they use the Offline Files feature to access the files in the \\Server1 \Data shared folder. You want to ensure that the offline files on the portable computers are not accessible by unauthorized persons, in the event that a portable computer is lost.
What should you do?
A. Instruct the sales representatives to configure the permissions on the offline files on their portable computers to allow access for only their user accounts.
B. On Server1, configure the permissions on all files in the Data shared folder to allow access for only the sales representatives.
C. Use a Group Policy object (GPO) to enable the Encrypt the Offline Files cache option for the portable computers.
D. On the portable computers, enable encryption of the %systemroot%\CSC folder. Apply this setting to the folder and files in the CSC folder.
E. On Server1, encrypt all files in the Data shared folder. Add all sales representatives to the encryption details.
Correct Answer: C
You are the desktop administrator for your company. AII client computers currently run Windows 2000 Professional. The client computers have a typical disk configuration, as shown in the following table.
You are in the process of deploying new Windows XP Professional computers to users in the graphics department. The new computers currently have one hard disk. Each hard disk is configured as a dynamic disk, and it contains the system and boot volume. To maintain user data, you are moving the physical hard disks from the users’ original computers to the new computers.
Laura is a user in the graphics department. You move disk 1 from Laura’s original computer to her new computer. You do not move disk 0 to the new computer. When you run the Disk Management console on the new computer, the disk that you moved from Laura’s original computer appears with the status of Foreign. When you attempt to run the Import Foreign Disks utility, the Foreign Disk Volumes dialog box is displayed, as shown in the exhibit. (Click the Exhibit (X) button.)
When you click the OK button, the disk is imported. However, the status of the disk changes to Failed, and you cannot access data that is stored on the disk.
You need to ensure that Laura can access the data that is stored on the hard disk that you moved to the new computer. What should you do?
A. Move disk 0 from Laura’s original computer to the new computer. Run the Import Foreign Disks utility in the Disk Management console.
B. Move disk 0 from Laura’s original computer to the new computer. Delete and re-create the spanned volume.
C. Convert the moved hard disk to a dynamic disk. Delete the spanned volume and create a simple volume.
D. Run the Ftonline e: command on the new computer. Back up the data that is on drive E. Delete and re-create the spanned volume, and restore the data.
Correct Answer: A
You are the desktop administrator for your company. The company’s network consists of a single Active Directory domain. AII client computers run Windows XP ProfessionaI.
Employees in the sales department use portable computers. AII portable computers use 802.11b wireless LAN PC adapters and a wireless access point to connect to the network. The wireless access point is connected to the company network by means of a wireless bridge. The wireless LAN uses 128-bit Wired Equivalent Privacy (WEP) encryption.
A user in the sales department returns from a business trip and reports that she cannot connect to the company network. You run the configuration utility for the wireless LAN adapter. The status of the wireless network connection is shown as Not Linked. When you attempt to scan for the network, a connection cannot be made. The configuration for the LAN adapter and the wireless network connection is shown in the exhibit. (Click the Exhibit (X) button.)
You need to ensure that the user can connect to the network. What should you do?
A. Clear the This is a computer-to-computer (ad hoc) network check box.
B. Select the Network Authentication (Shared mode) check box.
C. Clear the The key is provided for me automatically check box. Type the WEP network key information for the wireless LAN.
D. Clear the The key is provided for me automatically check box. Configure the Key index option to 1.
Correct Answer: A
You are the network administrator for your company. The network consists of a single Active Directory domain. AII client computers run Windows XP Professional.
Tom is a user in the development department. Tom uses his computer to develop new applications. The computer is currently running Windows 2000 Server, which is installed in the C:\Winnt folder. The computer’s disk configuration is shown in the following table.
Tom installs Windows XP Professional in the C:\Windows folder on the computer. The installation completes successfully.
However, when Tom restarts the computer, he receives the following error message:
“STOP: INACCESSIBLE_BOOT_DEVICE.” Windows XP Professional will not start. The existing Windows
2000 Server installation starts successfully.
You need to ensure that Tom can start both operating systems. What should you do?
A. From the DiskPart command line, run the Active c: command, and then run the Rescan command.
B. Run the Dmdiag c: command.
C. Reinstall Windows XP Professional and specify drive D as the installation partition.
D. Restart the computer by using the Recovery console, and run the Fixboot command.
Correct Answer: C
Latest update 70-270 Microsoft exam practice questions and answers. Latest discount 70-270 Microsoft study guide. Help you get 70-270 certification and pass Microsoft exam quickly and easily!