HOTSPOT -
You have four computers that run Windows 10. The computers are configured as shown in the following table.
On Computer1, you create a user named User1. In the domain, you create a user named User2.
You create the groups shown in the following table.
You need to identify to which computers User1 can sign in, and to which groups you can add User2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Computer 1 only.
User1's account was created on Computer1. The account is a local account on Computer1. Therefore, User1 can only sign in to Computer1.
Box 2: Group5 only.
User2's account was created in the domain. A domain is a security boundary. Therefore, you can only add User2 to groups in the domain.
User1 is a member of the Administrators group on a computer that runs Windows 10.
When User1 attempts to view the security settings of a folder named C:\SecretData, the user receives the message in the Security exhibit. (Click the Security tab.)
On the computer, you sign in as a member of the Administrators group and view the permissions to C:\SecretData as shown in the Permissions exhibit. (Click the
Permissions tab.)
You need to restore Use1's access to C:\SecretData.
What should you do first?
Answer:
B
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/dont-have-permission-access-folder
HOTSPOT -
Your network contains an Active Directory domain. The domain contains the users shown in the following table.
The Authenticated Users group has the Add workstations to domain user right in the Default Domain Controllers Policy.
The Device Managers and Help Desk groups are granted the Create Computer objects permission for the Computers container of the domain.
You have 15 workgroup computers that run Windows 10. Each computer contains a local user account named LocalAdmin1 that is a member of the following groups:
✑ Administrators
✑ Device Owners
✑ Authenticated Users
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: No -
User1 is a member of the Authenticated Users group which has the Add workstations to domain user right. However, with the Add workstations to domain user right, you are restricted to joining a maximum of 10 computers to the domain.
Box 2: No -
User2 is a member of the Authenticated Users group which has the Add workstations to domain user right. User2 is also a member of the Device Managers group which is granted the Create Computer objects permission for the Computers container of the domain. The Create Computer objects permission overrides the 10- computer limit imposed by the Add workstations to domain user right so User2 can join more than 10 computers to the domain.
Box 3. Yes -
User3 is a member of the Authenticated Users group which has the Add workstations to domain user right. User3 is also a member of the Help Desk group which is granted the Create Computer objects permission for the Computers container of the domain. The Create Computer objects permission overrides the 10- computer limit imposed by the Add workstations to domain user right so User3 can join all the computers to the domain.
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.
Computer1 contains the local users shown in the following table.
The Users group has Modify permissions to a folder named D:\Folder1.
User3 creates a file named File1.docx in Folder1.
Which users can take ownership of File1.docx?
Answer:
B
Only a member of the Administrator's group can take ownership of a file or folder.
HOTSPOT -
You have two workgroup computers named Computer1 and Computer2 that run Windows 10. The Guest account is enabled on both computers.
The computers contain the users shown in the following table.
The computers contain the shared folders shown in the following table.
Computer1 has password-protected sharing turned on. Computer2 has password-protected sharing turned off.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
When password protected sharing is turned on, only people who have a user account and password on your computer can access shared files.
Box 1: Yes -
Password protected sharing is turned off on Computer2 so User1 can access Share2 from Computer1.
Box 2: Yes -
Password protected sharing is turned on on Computer1. User2 has an account on Computer1 so User2 can access Share1 from Computer2.
Box 3: Yes -
The answer to this question depends on which version of Windows 10 is running on the computers. This isn't specified in the question so it's likely that the question will be updated in future.
Password protected sharing is turned on on Computer1. User3 does not have an account on Computer1 so User3 cannot access Share1 from Computer2.
However, the Guest account is enabled which could provide access depending on which version of Windows 10 is running. If it is Windows 10 Home or Pro, then the answer to this question is Yes. The Guest account does provide access. However, in later versions of Windows 10 Enterprise and Windows 10 Education
(from build 1709 onwards), the Guest account does not enable access to the shared folder.
Reference:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default
You need to enable BitLocker Drive Encryption (BitLocker) on a computer named Computer1 that runs Windows 10. Computer1 has the following configurations:
✑ Contains only one 200-GB NTFS volume named C:\
✑ Contains 50 GB of unallocated disk space
✑ Is the member of a workgroup
✑ Has TPM enabled
What should you do first?
Answer:
C
Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq
You have a workgroup computer that runs Windows 10.
You need to set the minimum password length to 12 characters.
What should you use?
Answer:
B
You can set the password length on computers that are not domain joined by using the Local Security Policy or the Local Group Policy Editor.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. Local Group Policy Editor
2. Local Security Policy
Other incorrect answer options you may see on the exam include the following:
1. System Protection in System Properties
2. Local Users and Groups in Computer Management
3. Sign-in options in the Settings app
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings
You have 20 computers that run Windows 10. The computers are in a workgroup.
You need to create a local user named User1 on all the computers. User1 must be a member of the Remote Management Users group.
What should you do?
Answer:
C
Reference:
https://blogs.technet.microsoft.com/askpfeplat/2017/11/06/use-group-policy-preferences-to-manage-the-local-administrator-group/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10. The computer contains a folder named D:\Scripts. D:\Scripts contains several PowerShell scripts.
You need to ensure that you can run the PowerShell scripts without specifying the full path to the scripts. The solution must persist between PowerShell sessions.
Solution: From System Properties, you add D:\Scripts to the PATH environment variable.
Does this meet the goal?
Answer:
B
You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.
You join the computers to Microsoft Azure Active Directory (Azure AD).
You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.
What should you do first?
Answer:
B
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bitlocker-key- protectors
