It is impossible to pass Microsoft 70-685 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Microsoft 70-685 practice questions. You will get a surprising result by our Up to date Pro: Windows 7, Enterprise Desktop Support Technician practice guides.

Q61. This is the first in a series of questions that all present the same scenario. For your convenience, the scenario is repeated in each question. Each presents a different goal and answer choices, but the text of the scenario is exactly the same in each in this series.

Topic 6, Fabrikam, Inc.

Scenario:

You are an enterprise desktop support technician for Fabrikam, Inc.

Active Directory Information

The company has a main office and a branch office. The main office hosts all of the company's servers. The main office connects to the branch office by using a WAN link.

The network contains a single Active Directory domain that has 500 users. The domain contains three domain controllers and an enterprise root certification authority (CA).

All servers run Windows Server 2008 R2.

All user accounts are in an organizational unit (OU) named Employees. The computer accounts for all desktop computers are in an OU named Desktops. The computer accounts for all portable computers are in an OU named Laptops.

A startup script is deployed to all computers by using Group Policy objects (GPOs).

Client Configurations

All client computers run Windows 7 Enterprise. All users have desktop computers. All computers are members of the domain.

All desktop computers use wired connections to connect to the network. All portable computers use wireless connections to connect to the network. The wireless network is secured by using EAP-TLS.

Company policy states that all client computers must be configured by using DHCP.

The company has an internal Web site. The Web site is configured to use SSL encryption and to require client certificates. All company users can access the internal Web site.

Your users access a third-party Web site to fulfill purchase orders.

The Web site is updated.

Users receive the following error message when they access the updated Web site:

"Internet Explorer has blocked this site from using an ActiveX control in an unsafe manner. As a result, this page may not display correctly."

You need to ensure that users can access the Web site and that the Web site content is displayed correctly.

What should you do?

A.

Software Environment

An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that:

   No .bat files are allowed to be run by users and rules are enforced

An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that:

   No .bat files are allowed to be run by users and rules are enforced

Data Protection Environment

Some users at the Manufacturing site use EFS to encrypt data.

A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA).

The DRA certificate and private key are stored on a portable USB hard drive.

As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company's existing security configurations related to network security and data security. The management team has issued the following requirements:

New software requirements

All installation programs must be digitally signed.

Minimum permissions must be granted for installation of programs.

Internet Explorer requirements

Users must not be able to bypass certificate warnings.

Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT.

Data protection requirements

All portable storage devices must use a data encryption technology. 

The solution must meet the following requirements: 

Allow all users a minimum of read access to the encrypted data while working from their company client computers. Encrypt entire contents of portable storage devices. Minimize administrative overhead for users as files and folders are added to the portable storage devices.

Recovery information for client computer hard drives must be centrally stored and protected with data encryption.

Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin's certificate is not available.

You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them.

What should you recommend that the users do?

A. From the command line, run the cipher.exe /e command.

B. From the command line, run the certutil.exe /backupKey command.

C. Enroll for a secondary EFS certificate.

D. Export their EFS certificates with private keys to an external location.

Answer: D


Q67. A company has computers running the 64-bit version of Windows 7 Enterprise. All computers are joined to an Active Directory Domain Services (AD DS) domain. All users are part of the local Administrators group.

A user is trying to install a legacy 32-bit application that requires administrative permissions to install. The user reports that the inst.exe installer does not run. Instead, it shows an "access denied" error message and closes. The user does not see a prompt to grant the application permission to make changes to the computer.

You need to ensure that inst.exeruns successfully and can install the application.

What should you do? (Choose all that apply.)

A. Run Disk Defragmenteron the hard disk and then run inst.exe.

B. Modify the properties for inst.exeto run as Administrator.

C. Run the Troubleshoot compatibility wizard for inst.exe.

D. Enable the Administrator account, log on, and then run inst.exe.

E. Advise the user that inst.exe cannot be installed on this system because it is not compatible with 64-bit operating systems.

F. Advise the user that inst.exe cannot be installed on this system because it is not compatible with Windows 7.

Answer: BCD


Q68. A new printer is installed on FP1 and is shared as Printer1.

Users report that they receive an error when they try to connect to \\FP1\Printer1, and that after they click OK they are prompted for a printer driver.

The server administrator confirms that the printer is functioning correctly and that he can print a test page.

You need to ensure that users are able to connect to the new printer successfully. Your solution must minimize administrative effort.

What should you request?

A. an x86 printer driver be installed on FP1

B. the permissions be changed on the shared printer

C. a new Group Policy object (GPO) be created that includes a printer mapping for \\FP1\Printer1

D. the Devices: Prevent users from installing printer drivers setting in the Default Domain Policy be set to disabled

Answer: A


Q69. All client computers on your company network run Windows 7. The computers are members of a Windows Server 2008 Active Directory Domain Services domain.

Malicious software is spreading automatically from removable drives.

You need to ensure that malicious software does not automatically run on the computers.

What should you do?

A. Disable the Windows Installer by using Domain Group Policy.

B. Disable the Autoplay function by using Domain Group Policy.

C. Disable the ActiveX installation policy by using Domain Group Policy.

D. Prevent the installation of unsigned drivers by using Domain Group Policy.

Answer: B


Q70. Users report that it takes a long time to access resources by using DirectAccess.

You need to provide the network administrator with a network capture of DirectAccess traffic.

Which tool should you use?

A. Netsh.exe

B. Netstat.exe

C. Perfmon.exe

D. Winsat.exe

Answer: A