Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/45

Click to flip

45 Cards in this Set

  • Front
  • Back
You have a Windows 7 computer that you use at work.
You are only a standard user on the computer (you are not an administrator of the computer).
You connect your MP3 player to the computer. Your computer is not able to play files from the device. You need to get information about the device to help see what the problem is.

What should you do?
- In Windows Media Player, select "Sync", then "Connect a device".
- In Computer Manager, go to Device manager
- In the Network and Sharing Center, select "Connect or disconnect"
- In the Control Panel, go to Devices and Printers.
- In the Control Panel, go to Devices and Printers.

Explanation
To view information about external devices connected to your computer, go to the Devices and Printers folder in the Control Panel. The status of the device will be shown, and you can open the device to perform certain functions. Note: To troubleshoot problems, you will need administrative credentials.
You must have administrative credentials to use Device Manager. Use the Network and Sharing Center to manage connections to networks. Sync settings in Windows Media Player allow you to work with external devices. However, the Connect a device item is a message telling you to connect a device, not an option you can use to connect the device.

Section 3.1
You are working on a computer running Windows 7.
You have several standard users needing permission to install devices on this computer because Windows 7 does not include the necessary drivers for the devices.

What should you do? (Select two. both answers are complete solutions.)
- Add the user accounts to the Power Users group in the Local Uses group in Local Users and Groups.
- Copy the driver to the System32 directory.
- Change the UAC settings to Never Notify and allow users to make changes to the computer.
- Run pnputil -i -a to add the drivers to the driver store
- Enable Allow non-administrators to install drivers for these device setup classes in Group Policy
- Run pnputil -i -a to add the drivers to the driver store
- Enable Allow non-administrators to install drivers for these device setup classes in Group Policy

Explanation
In this case, you can:
* Prestage the drivers in the driver store with the PnPUtil (pnputil.exe) command line tool. Once a driver is in the driver store, any user can install a device that uses the driver without providing administrative credentials. The driver store is located in the %systemroot%\System32\DriverStore directory.
*Use group Policy to enable the Allow non-administrators to install drivers for these device setup classes setting.
By default, only members of the Administrators group on a computer can install devices. In Windows 7, the Power Users group does not have additional permissions over regular users. User Account Control (UAC) helps minimize the dangers of unwanted actions or unintended software installations. Changing the UAC level will not grant standard users rights to install devices.

Section 3.1
You manage a Windows 7 computer that is shared by multiple users.
You want to prevent users from running a common game on the computer. You want to prevent the game from running even if the executable file is moved or renamed.
You decide to create a Software Restriction policy rule to protect your computer.

What should you do?
- Create a hash rule.
- Create a path rule.
- Create a certificate rule.
- Create an Internet zone rule.
- Create a hash rule.

Explanation
Create a hash rule to restrict the application from running on your computer. Because you have access to the executable file, you can easily create a hash for the file by using Software Restriction Policy. A has is a series of bytes with a fixed length that uniquely identifies a file. A hash rule will apply regardless of the file name or location. The file would have to be modified to bypass the rule.
You could use a path rule to restrict a program by file name or directory path, but the rule would not prevent the application from running if it were moved or renamed.

Section 3.9
You have several computers running Windows 7 Professional. The computers are members of a domain.
You need to protect the computers while users browse the Internet with Internet Explorer 8. You want to display a warning message to users when they attempt to visit a Web site that is known to host malware.

What should you do?
- Enable the SmartScreen filter.
- Enable the Content Advisor.
- Enable Windows Defender.
- Enable InPrivate Browsing
- Enable the SmartScreen filter.

Explanation
The SmartScreen filter detects and initially blocks access to a Web site if it is known to be unsafe, and displays the address bar in red. The user can still continue to the unsafe site or they can navigate away.
Windows Defender protects against security threats caused by spyware and other unwanted software, but does not display a message in Internet Explorer. InPrivate Browsing protects a user's privacy by not retaining passwords or browsing history. Content Advisor controls the type of information users can access through Internet Explorer by using rating levels.

Section 3.8
You have a computer running Windows 7 Home Premium.
While using Internet Explorer 8, you want to protect yourself from phishing sties.

What should you do?
- Enable the Content Advisor.
- enable InPrivate Browsing.
- Enable InPrivate Filtering.
- Enable the SmartScreen filter.
- Enable the SmartScreen filter.

Explanation
Use the SmartScreen filter to detect phishing Web sites and Web sites that dispense malware. The SmartScreen Filter:
* Uses Anti-malware technology and Group Policy settings
* Compares the Web site URL to a database of phishing and malicious sites.
* Initially blocks access to the site if it is known to be unsafe.
* Allows the users to navigate away from an unsafe site, or continue to the unsafe site.

InPrivate Browsing protects a user's privacy by not retaining passwords or browsing history. InPrivate Filtering restricts what information about a browsing session can be tracked by external 3rd party Web sites and applications. Content Advisor controls the type of information users can access through Internet Explorer by using rating levels.

Section 3.8
You have a Windows 7 Ultimate computer that is shared by multiple users.
The default printer on your computer is a Sharp Al-2040. When you send a print job to the default printer, nothing happens. Other users who also use the same printer are not experiencing any problems.

What should you do?
- Use Device Manager to disable the Sharp AL-2040 printer.
- Reinstall the device driver for the Sharp AL-2040 printer.
- In Devices and Printers, right-click the Sharp AL-2040 icon and select Troubleshoot.
- Roll back the device driver for the Sharp AL-2040 printer.
- In Devices and Printers, right-click the Sharp AL-2040 icon and select Troubleshoot.

Explanation
Use Devices and Printers in the control Panel to manage printers and other external devices connected to your computer. Devices and Printers is the only method to manage printers; printers do not appear in Device Manager.
Because other users do not have the same problem, the problem is likely not caused by the driver.

Section 3.1
You are working on a computer running Windows 7.
After upgrading a video driver, the screen becomes unresponsive.
You need to get the system working properly with the least amount of effort and time.

What should you do?
- During the boot process, press F8 and boot into Safe Mode to roll back the driver.
- Replace your current graphics adapter.
- Reinstall Windows 7 on your desktop computer.
- During the boot process, press F8 and use System Recovery options
- During the boot process, press F8 and boot into Safe Mode to roll back the driver.

Explanation
Booting into Safe Mode to roll back the driver will solve the problem. If a system becomes unstable enough to prevent accessing Device Manager, press F8 during the reboot process and use Safe Mode to roll back the driver.
You have a computer running Windows 7.
Multiple people use the computer. Users sometimes allow Internet Explorer to remember passwords when accessing various Web sites. You need to secure the computer against the possibility that the stored passwords can be stolen off the system.

What should you do?
- Add the Web sites in question to the Restricted sites zone.
- Enable password complexity requirements int he Local Security Policy.
- Encrypt the Internet Explorer directory C:\Program Files\Internet Explorer using EFS.
- In the AutoComplete settings, clear the User names and passwords on forms check box.
- In the AutoComplete settings, clear the User names and passwords on forms check box.

Explanation
It is good security practice not to allow Internet Explorer to store passwords on the system. Turning off this option in the AutoComplete settings will accomplish your goal; users may not like it, but this may be a necessary security option in some environments.
Adding Web sites to the Restricted sites zone does not affect AutoComplete options. Enabling password complexity requirements enforces rules that make it difficult to guess passwords, but would not prevent passwords from being stored by Internet Explorer. Encryption a program with EFS would prevent other users from accessing the program and likely disable the functionality of the program altogether.

Section 3.8
You are working on a computer running Windows 7.
You would like to update the video driver that is used on the computer.
Select the area in device Manager where you would make this change.
You are working on a computer running Windows 7.
You would like to update the video driver that is used on the computer.
Select the area in device Manager where you would make this change.
- Display adapters

Explanation
To update the video driver, select Display Adapters, then right-click on the specific video adapter and select Update Driver Software....

Section 3.1
You have a computer running Windows 7.
You must prevent Internet Exporer from saving data during a browsing session.

What should you do?
- Open an InPrivate Browsing session.
- Enable InPrivate Filtering.
- Disable the internet zone security settings.
- Disable the BranchCache service.
- Open an InPrivate Browsing session.

Explanation
use an InPrivate Browsing session to not retain the following information
* Browsing history
* Temporary Internet files
* Form data
* cookies
* user names
* Passwords

InPrivate Filtering restricts what information about a browsing session can be tracked by external 3rd party Web sites and applications. BranchCache is a feature which stores (i.e. caches) content in remote locations so that users in branch offices can access information more quickly. You cannot disable the security settings for the Internet zone.

Section 3.8
You manage a computer that runs Windows 7.
Your company has a corporate intranet Web site.  you open Internet Explorer as shown in the image.
You need to ensure that you can access Web pages on both the Internet and the intranet.

What should you do?
You manage a computer that runs Windows 7.
Your company has a corporate intranet Web site. You open Internet Explorer as shown in the image.
You need to ensure that you can access Web pages on both the Internet and the intranet.

What should you do?
- From the Tools menu, click Work Offline.
- From the Safety menu, click InPrivate Browsing.
- from the Safety menu, click InPrivate Filtering.
- From the Security tab, add the intranet Web site to the Trusted sites zone.
- From the Tools menu, click Work Offline.

Explanation
You must clear the Work Offline option in the Tools menu to access Websites not int he local cache. When Work Offline is selected, the system enters an offline stat independent of a current network connection, and content is read exclusively from the ache. If the content is not available locally. windows Internet Explorer informs the user and asks if the user wants to go back online or continue working offline.
Use InPrivate Browsing to not retain user information, such as browsing history and passwords. Use InPrivate Filtering to restrict what information about a browsing session can be tracked by external 3rd party Web sites and applications. Add sites to the Trusted sites zone if they require elevated privileges.
You have a computer running windows 7 Ultimate. Using Internet Explorer 8, a user downloaded an ActiveX control and now the browser seems unstable.

You need to remove the ActiveX control.

What should you do?
- Use the Programs tab in Internet Options.
- Use the Content tab in Internet Options
- Use the Security tab in Internet Options.
- Use the Privacy tab in Internet Options.
- Use the Programs tab in Internet Options.

Explanation
Use the Programs tab in Internet Options to manage the add-ons in Internet Explorer and disable the ActiveX control.
Use the Content tab to manage the Content Advisor settings. Content Advisor controls the type of information users can access through Internet Explorer. Use the "Security" tab to add the site to the Trusted sites zone for sites which use Secure sockets layer (SSL) encryption. Use the "Privacy" tab to manage the InPrivate filtering settings and cookie settings for Web sites in the Internet zone.

Section 3.8
You manage several computers running Windows 7.
Desktop users have an in-house application that is hosted on your intranet Web server. When a user clicks a specific option int he application, they receive an error message that the popup was blocked.
You need to configure the security settings so that users can see the pop-up without compromising overall security.

What should you do?
- Add the URL of the Web site to the Local Intranet zone.
- Change the filter level in pop-up blocker to Medium.
- Change the filter level in pop-up blocker to High.
- In Internet Options, use the Privacy tab to turn off the pop-up blocker
- Add the URL of the Web site to the Local Intranet zone.

Explanation
Add the URL of the intranet Web site to the Local Intranet zone. This gives the Web site an higher security clearance. By default, the Local Intranet zone turns the pop-up blocker to Medium or High, it still blocks pop-ups. If you disable the Pop-up blocker, all pop-ups are displayed.

Section 3.7
You are working on a computer running Windows 7 Enterprise.
Two devices connected to the computer are not performing correctly. You suspect the devices are conflicting with each other because they may be using the same system resources.

What should you do to identify the problem? ( Select two. Each answer is a possible solution.)
- Run System Information (msinfo32).
- Run PnPUtil.
- Run Driver Query.
- Open Reliability Monitor and use the stability index.
- Open device Manager and view the "Resources" tab.
- Run System Information (msinfo32).
- Open device Manager and view the "Resources" tab.

Explanation
To identify the system resources used by a device (including conflicts), view the device properties and use the Resources tab of Device manager or use Msinfo32.
Reliability Monitor maintains historical data that describes the operating system's stability. It shows a historical chart that identifies when software installs/uninstalls and failures have occurred. PnPUtil (pnputil.exe) stages and removes drivers from the driver store. Driver Query (driverquery.exe) displays all installed device drivers and their properties, but not system resources.

Section 3.1
You have a computer that runs Windows 7.
You create the D:\drivers folder on the computer for third party drivers and copy drivers for special devices to that folder.
You want non-administrative users r to be able to install devices on the computer without needing administrative privileges and without being prompted for the driver, but only for those devices whose driver is located in the D:\drivers folder.

What should you do?
- In user configuration in the local security policy, configure driver installation policies.
- In the registry, edit the DevicePath key.
- In computer configuration int he local security policy, configure driver installation policies.
- In computer configuration int he local security policy, configure the device installation policies.
- In computer configuration int he local security policy, configure user rights assignment policies.
- In the registry, edit the DevicePath key.

Explanation
By default, non-administrative users cannot install devices whose driver is not already added to the system (non-administrators do not have rights to install drivers). Edit the DevicePath registry key to identify alternate locations for Windows to search for device drivers. if a driver is found int he driver store or an alternate location specified by the registry key, non-administrative users will be able to add the device.
Configure user rights to allow non-administrators to install drivers based on the device setup class (GUID). Configure driver installation policies for the computer configuration to allow or deny driver installation based on the GUID.
Configure device installation policies for the computer configuration to allow or deny device installation based on the GUID (the user must also have rights to add the driver if the driver does not already exist on the system). Use driver installation policies for the user configuration to configure driver prompts and unsigned driver behavior on computers prior to Windows Vista.

Section 3.1
You manage a computer that runs Windows 7.
You want to find out who has been running a specific game on your computer. You do not want to prevent users from running the program, but instead want to log information when the file runs. The application is not digitally signed.

What should you do?
- In application control policies, create an executable rule with a publisher condition. For executable rules, configure "Audit only".
- In application control policies, create an executable rule with a path condition that identifies the file. For executable rules, configure "Audit only".
- In application control policies, create an executable rule with a path condition that identifies the file. For executable rules, configure "Enforce rules".
- In application control policies, create an executable rule with a publisher condition. For executable rules, configure "Enforce rules".
- In application control policies, create an executable rule with a path condition that identifies the file. For executable rules, configure "Audit only".

Explanation
Because the file is not digitally signed, you will need to use a hash or a path condition in the executable rule. To log when the application runs without restricting users from running the application, edit the enforcement mode for the executable rules and choose "Audit only."
Using a publisher condition requires that the software be digitally signed. choosing "Enforce rules" for the enforcement type would allow or deny running the software.

Section 3.9
You are working on a computer running Windows 7
Your audio card is working, but you learn about an updated driver that adds some new features to the device.
You download and install the new driver.
After you restart and log on to Windows 7, you can no longer play audio files. Using a minimum of administrative tasks, you need to find a solution to be able to play audio.

What should you do?
- During the boot process, press F8 and boot using the Last Known Good configuration.
- Reinstall Windows 7.
- In Device Manager, uninstall the device.
- In Device Manager, roll back the driver.
- In Device Manager, roll back the driver.

Explanation
Roll back the driver in Device Manager to revert to the previous driver version.
Uninstalling the device removes it form the operating system, but it will be redetected at the next startup and the current driver will be reused. reinstalling Windows 7 also solves the problem, but requires extra effort. Because you have logged on successfully since the driver upgrade, you cannot use the Last Known Good option to revert to the previous driver. Last Known Good works only if you have not logged on after making a hardware change.
You have a windows 7 computer that is shared by multiple users at work.
You want to allow only members of the Sales team to run the sales lead application. The rule should use the digital signature of the software and apply to all current and future versions of the applications, regardless of the filename or its location.
You decide to create an executable rule with a publisher condition using application control policies.

What should you do?
- Browse and select the executable file for the application. Modify the rule to include the product name information.
- Add the publisher's certificate to the Trusted Publishers certificate store on your computer.
- Add the publisher's certificate to the Trusted Root certificate store on your computer.
- Copy the publisher's certificate to your computer. Browse and select the certificate when creating the rule.
- Browse and select the executable file for the application. Modify the rule to include the product name information.

Explanation
When creating an executable rule using the publisher condition, the digital certificate information is extracted from the signature information included in an executable file. Select the executable file, then select the information contained int he certificate to use in creating the rule.

When creating a certificate rule with software restrictions policies, you must copy the certificate to your computer and use the certificate when creating the rule.

Section 3.9
You have a computer running Windows 7 Home Premium.
You have enabled the content Advisor in Internet Explorer 8.
While browsing thee Internet, a specific Web site is blocked by the Content Advisor. you want users to be able to view the Web site.

What should you do?
- In Internet Options, use the "Programs" tab to add the Web site as an approved site.
- In Internet Options, use the "Security" tab to add the site to the Trust3ed sites zone.
- In Internet Options, use the "Content" tab to add the Web site as an approved site.
- In Internet Options, use the "Privacy" tab to add the Web site as an approved site.
- In Internet Options, use the "Content" tab to add the Web site as an approved site.

Explanation
use the "Content" tab in Internet Options to manage the Content Advisor settings. Int his case, use the 'Approved Sites" tab to always allow the specific Web site. content Advisor controls the type of information users can access through Internet Explorer.
use the Security tab to add the site to the Trusted sites zone for sites which use Secure Sockets layer (SSL) encryption. use the Programs tab to manage the add-ons settings, such as ActiveX controls. Use the Privacy tab to manage the InPrivate filtering settings. InPrivate Filtering restricts what information about a browsing session can be tracked by external 3rd party Web sites and applications.

Section 3.8
You have a computer running Windows 7 Ultimate.
Using Internet Explorer 8, you need to set restriction on ActiveX controls.
Select the tab you would choose to set the restrictions?
You have a computer running Windows 7 Ultimate.
Using Internet Explorer 8, you need to set restriction on ActiveX controls.
Select the tab you would choose to set the restrictions?
- Security Tab

Explanation
Use the "Security" tab to add the site to the Trusted sites zone for sites which use Secure Sockets Layer (SSL) encryption.
Use the "Programs" tab in Internet Options to manage the add-ons in Internet Explorer and disable the ActiveX control.
Use the "Content" tab to manage the Content Advisor settings. Content Advisor controls the type of information users can access through Internet Explorer. Use the Privacy tab to manage the InPrivate filtering settings and cookie settings for Web sites in the Internet zone.

Section 3.4
You manage a computer running Windows 7 and shared by multiple users.
Recently, users have downloaded and installed two malware programs onto the computer. After download, the applications are installed by running programs with a .msi extension. The files are not digitally signed.
You want to prevent all users from installing these applications, regardless of how they have obtained the files.

What should you do?
- In applications control policies, create an executable rule with a hash condition.
- In application control policies, create a script rule with a path condition.
- In software restriction policies, create a network zone rule for restricted sites. Add the websites to the restricted sites in Internet Explorer.
- In software restriction policies, create a path rule.
- In application control policies, create a Windows Installer rule with a file hash condition.
- In application control policies, create a Windows Installer rule with a file hash condition.

Explanation
To prevent running the files with .msi or .msp extensions, use a Windows Installer rule in application control policies. Because you know the exact files that you want to restrict, create a file hash condition for the rule.
A network zone rule applies to the Microsoft Installer Package (MSI) obtained or downloaded using Internet Explorer (IE). The rule does not apply to installer packages copied to the computer, so this rule would not offer complete protection against these files.
Script rules in application control policies only restrict files with .ps1, .bat, .cmd, .vbs, and .js file extension. Using a path condition would not prevent running the file because the file could be copied to a different location to get around the path restriction.

Section 3.9
You are workign ona computer running Windows 7. It is a member of a domain.
You need to discover if there are any drivers on the computer which do not have a digital signature.

Which of the following tools should you use?
- Pnputil.exe
- Dxdiag.exe
- Verifier.exe
- Sigverif.exe
- Sigverif.exe

Explanation
The Signature verification tool (sigverif.exe) scans the computer and identifies any unsigned drivers.
The Driver Verifier Monitor tool (verifier.exe) is a command line tool which can inform you that a device driver will fail if memory usage or CPU usage is above or below a certain limit. The DirectX Diagnostic tool (dxdiag.exe) displays information about the display capabilities of the system. The PnPUtil (Pnputil.exe) command line tool stages drivers in the driver store.

Section 3.1
You recently bought a computer running Windows 7 Professional.
After using Internet Explorer 8, you notice that over 10 of your favorite Web sites are not displaying properly.
With the last amount of administrative effort, you want to configure Internet Explorer 8 so that the sites display properly. You do not want to affect how other sites on the Internet are displayed.

What should you do first?
- Use Windows Update to update the list of Web sites which require Compatibility View.
- Approve each site in the Compatibility View settings.
- Use Group Policy to enable Compatibility View for each site.
- Use Group Policy to enable Compatibility View for all Web sites.
- Use Windows Update to update the list of Web sites which require Compatibility View.

Explanation
- Internet Explorer 8 has a list of sites which require the Compatibility View mode. you should first update the list through Windows Updates. Updating the list requires the least amount of effort; however, if the updated list does not include all of your favorite Web sites, you will then need to manually approve them in the Compatibility View settings, or use Group Policy to enable Compatibility View for the reaming Web sites.

Using Group Policy to enable Compatibility View for all Web sites does not meet the scenario requirements.

Section 3.8
You have a computer running Windows 7.

Multiple people use the computer. One of the users installs a new Internet Explorer add-on that interferes with the browsing functionality of other users on the system, but the add-on is necessary for business purposes.

What should you do?
- Instruct the other users to log on and run Internet Explorer in No Add-ons mode.
- Log on as administrator and remove the add-on.
- Instruct the other users to log on and disable the add-on.
- Log on as administrator and disable the add-on for the other users.
- Instruct the other users to log on and run Internet Explorer in Protected Mode.
- Instruct the other users to log on and disable the add-on.

Explanation
Instruct the other users to log on and disable the add-on. Add-on functionality is stored on a per user basis in the user profile, so each user would need to disable the add-on.

Because add-on functionality is stored on a per user basis, by have the administrator disable the add-on, it will only be disabled for the administrator. Running Internet Explorer in No Add-ons Mode, will disable all add-ons, but the original user needs one for business purposes. Running Internet Explorer in Protected mode specifically blocks the execution of content on your machine without your permission. It enforces strict requirements as to how Web applications can interact with Internet Explorer and the Vista operating system. It will not solve the problem with the add-ons here. Removing the add-on would remove it for all users including the user who needs it.

Section 3.8
You have a computer running Windows 7 Ultimate.
A user made some modifications on the computer. You notice Internet Exporer isn't the default browser anymore.
With the least administrative effrort, you need to make sure that Internet Explorer is the deafult browser.

What should you do? (Select two. Each answer is a complete solution.)
- In Internet Options on the "Advanced" tab, click the "Reset..." button.
- In Internet Options on the "Programs" tab, click the "Make default" button.
- In Internet Options on the "Security" tab, click the "Reset all zones to default level" button.
- Reinstall Internet Explorer.
- In Internet Options on the "Advanced" tab, click the "Reset..." button.
- In Internet Options on the "Programs" tab, click the "Make default" button.

Explanation
To make Internet Explorer the default browser:
* Click the "Make default" button on the Programs tab in Internet Options.
* Click the "Reset..." button on the Advanced tab in Internet Options.

Resetting zones will not change the default Web browser. Reinstalling Internet Explorer requires more effort than necessary to complete the task.

Section 3.7
You have a Windows 7 computer.

You install a new internal sound card in the computer. After rebooting, you install the driver, but the device doesn't appear to be working.

You need to view information for the device and perform troubleshooting steps.

What should you do?
- In windows Media Player, select "Sync, then "Connect a device."
- In the Control Panel, go to Devices and Printers.
- In Computer Management, go to Device Manager.
- Boot into Safe Mode and roll back the driver.
- In Computer Management, go to Device Manager.

Explanation
Use Device Manager to troubleshoot devices in your system. For external devices, you can also use the Devices and Printers folder in the Control Panel. However, internal devices (such as sound cards) are not shown in Devices and Printers.

Rolling back the driver will not work because you have only one version of the driver installed. You must update a driver before you can roll back the driver. Sync settings in Windows Media Player allow you to work with external devices. However, the "Connect a device" item is a message telling you to connect a device, not an option you can use to connect the device.

Section 3.1
You have experimented with several Internet Explorer advanced options. Now several web sites do not appear correctly. You would like to reset Internet Explorer's settings back to what they were when Internet Explorer was first installed, but you don't want to lose password files, add-ons , or toolbars.
On the "Advanced" tab in the Internet Properties dialog, click, "Restore advanced settings"

Section 3.7
You manage a network with 30 computers. Each computer is currently running Windows XP. All computers are members of a domain.

You need to upgrade the computers to Windows 7 Professional. You will use a system image to deploy a clean installation of Windows 7 to each computer.

Before you begin the upgrading process, you need to identify which application installed on computers can run on Windows 7.

What should you do?
- Use the Microsoft Deployment Toolkit (MDT).
- Use Windows Deployment Services (WDS).
- Use the Microsoft Application Compatibility Toolkit (ACT).
- Use the Windows Automated Installation Kit (AIK).
- Use the Microsoft Application Compatibility Toolkit (ACT).

Explanation
The Application Compatibility Toolkit (ACT) is a set of tools used to resolve applications compatibility issues with Windows 7. Specifically, the Application Compatibility Manager tool in ACT collects, configures, and analyzes compatibility information, and will report compatibility issues you are likely to experience with the currently installed applications.

Microsoft Deployment Toolkit (MDT 2010) is a tool used to deploy operating systems and applications. The Windows Automated Installation Kit (Windows AIK) includes the tools to help in system image preparation, maintenance, and deployment. The Windows Deployment Services (WDS) server role enables the deployment of Windows operating systems to client and server computers.

Sections 2.7 and 3.5
You have a computer running Windows 7.

You need to see a list of third-party drivers on the system.

What should you do?
- Run sigverif at the command prompt.
- Run verifier at the command prompt.
- Run driverquery /si at the command prompt.
- Run pnputil -e at the command prompt.
- Run pnputil -i -a at the command prompt.
- Run pnputil -e at the command prompt.

Explanation
Run pnputil -e to display all third-party drivers on the system. All third-party drivers have an oem##.inf published name, where ## is a unique numeric value.

Pnputil -a adds a driver to the driver store. Sigverif scans the computer and identifies any unsigned drivers. Verifier informs you that a device driver will fail if memory usage or CPU usage is above or below a certain limit. Driverquery /si lists the digital signature information for the drivers.

Section 3.1
You have a Windows 7 computer that is shared by multiple users.

You want to allow non-administrative users to install devices that use third-party drivers. users should be able to install the device without prompts for administrative credentials. Users should only be able to install devices that use the drivers that you specifically identify.

You copy the necessary drivers to the computer. You configure the DevicePath registry key to identify the folder where the drivers are located.

A standard user logs on and tries to install the device, but gets a prompt for administrative credentials.

What should you do?
- Obtain drivers that have a digital signature.
- Configure the "Allow installation of devices using drivers that match these device setup classes" policy.
- Add the user to the "Load and unload device drivers" user right policy.
- Configure the "Code signing for device drivers" policy to "Ignore."
- Obtain drivers that have a digital signature.

Explanation
If a driver does not have a digital signature, the user will be prompted for administrative credentials to continue with the installation. Drivers without a digital signature can be installed, but require elevated credentials to complete the installation.

In this situation, create an executable rule with a hash condition. The hash identifies the executable file regardless of its name or location on the computer. However, the hash condition will only apply to the current version of the program, not to future versions. To restrict future versions of the software, you will need to use a publisher rule which requires that the software is digitally signed. The publisher rule uses the digital signature of the file to identify the software publisher, application, and version. Because the software is not digitally signed, you will be unable to prevent access to future versions (you will need to redo the hash condition when future versions are released).

Software restriction policies have a has rule as well, but software restriction policies cannot be applied on a per-user or per-group basis. Tip: When asked to choose between software restriction policies and application control policies for a computer running Windows 7, choosing application control policies will always be a correct solution. Application control policies can do everything that software restriction policies can do, and more.

Section 3.9
You manage a computer that runs Windows 7.
You want to prevent users from running any file with a .bat or .vbs extension unless the file is digitally signed by your organization.

What should you do?
- In application control policies, create a script rule with a hash condition.
- In application control policies, create an executable rule with a hash condition.
- In application control policies, create an executable rule with a publisher condition.
- In application control policies, create a script rule with a publisher condition.
- In application control policies, create a script rule with a publisher condition.

Explanation
Use a script rule to control executing files with .ps1, .bat, .cmd, .vbs, and .js extensions. to allow only software that is digitally singed, use a publisher condition and specify your organization as the publisher to allow.

Executable rules only apply to .exe and .com files. A hash rule uses the digital fingerprint of a file, not the digital certificate, to allow or deny access to the file. Each script would require its own hash value to allow the script based on the hash.

Section 3.9
Describe each application compatibility setting

* Run in 256 colors
* Run in 640 x 480 screen resolution
* Disable visual themes
* Disable desktop composition
* Disable display scaling on high DPI settings
* Run in 256 colors = allows applications with a limited color pallet to display correctly
* Run in 640 x 480 screen resolution = allows low resolution applications to display properly.
* Disable visual themes = resolves display problems with menus and buttons in some applications.
* Disable desktop composition = disables Windows Aero features, such as transparency
* Disable display scaling on high DPI settings = turns off automatic resizing of applications when large-scale fonts are being used.

Section 3.5
You have a computer running Windows 7 Professional.

You have a custom application that will not run on the computer. The application works well on computers running a 32-bit installation of Windows XP Professional. You decide to use Windows XP mode to run the applications.

Your computer has the following hardware specifications:
* C: drive with 62 GB of free space
* 1GB of Ram, one additional socket available
* One Core 2 duo processor with Intel VT support
* Video card with 128 MB of memory with WDDM support.

You need the computer to run Windows XP mode.

What should you do?
- Upgrade the video card.
- Add more memory.
- Upgrade to a processor that supports AMD Visualization.
- Upgrade to Windows 7 Ultimate.
- Add more memory.

Explanation
You need to add more memory before you can use Windows XP mode. Windows XP mode requires at least 2GB of RAM; 256MB of which is exclusive to the Windows XP virtual machine.

The CPU must support hardware virtualization using either AMD-V or Intel VT options. The video card specifications are sufficient for Windows 7 installation. Windows XP mode is available in Windows 7 Professional, Ultimate, and Enterprise editions

Section 3.5
You just purchased a new Windows 7 system for an artist in your company.

After installing an art application to the computer, the artist states that the application does not work correctly. The application worked fine on a Windows XP machine.

In an attempt to fix the problem, you tried to run the application in compatibility mode. When this didn't work, you temporarily disabled UAC, but this still didn't fix the problem.

You decide to create a shim for the application. You download the Application Compatibility Toolkit (ACT).

What should you do next?
- Run the Standard User Analyzer.
- Run the Application Compatibility Manager.
- Run the Compatibility Administrator
- Run the Setup Analysis Tool
- Run the Compatibility Administrator

Explanation
Use the Compatibility Administrator to create shims. A shim is a piece of software that allows the application to work with Windows 7 in a similar fashion to how it worked with previous Windows versions. In addition to creating custom shims, the Compatibility Administrator has a collection (or database) of compatibility shims and modes that can resolve problems with a large number of existing applications.

The Application Compatibility Manager collects, configures, and analyzes compatibility information, and will report compatibility issues you are likely to experience with the currently installed applications. The Setup Analysis Tool monitors application installers and can detect issues with kernel mode drivers, 16-bit applications, DLLs, and registry key modifications. The Standard User Analyzer detects, creates, and tests application fixes to address application compatibility issues in the User Account Control (UAC)
You have a computer running Windows 7 Ultimate.

You need to restrict access to Web sites that contain nudity, sex, or violence.

What should you do?
- Enable the SmartScreen filter.
- Enable the Parental Controls.
- Enable InPrivate browsing.
- Enable the Content Advisor.
- Enable the Content Advisor.

Explanation
Use the Content Advisor to block access to Web sites which contain nudity, sex, or violence. Access to Web sites is controlled through rating levels, as provided by rating bureaus.

Use Parental Controls to enforce time limits, grant access to games with specific ratings, and allow specific program execution for each user account on the computer. Parental Controls works similarly to the Content Advisor, but does not control access to Web content.

The SmartScreen filter detects and initially blocks access to a Web site if it is known to be unsafe, and displays the address bar in red. The user can still continue to the unsafe site or they can navigate away. Windows Defender protects against slow performance and security threats caused by spyware and other unwanted software

Section 3.8
You manage several computers that run Windows 7.

You would like to have better control over the applications that run on these computers, so you have decided to implement AppLocker. You have created default rules and an executable rule that allows the company's accounting application to run. You notice that you can still run any program on your test client.

What should you do? (Select two. Each choice is a possible solution.)
- Start the Application Management service on the client.
- Set the enforcement mode for executable rules to Audit only.
- Set the enforcement mode for DLL rules to Audit only
- Set the enforcement mode for executable rules to Enforce rules.
- Start the Application Identity service on the client.
- Start the Application Information service on the client.
- Set the enforcement mode for executable rules to Enforce rules.
- Start the Application Identity service on the client

Explanation
To ensure that AppLocker rules are being enforced on the client:
* Start the Application Identity service on the client. This service is used to enforce AppLocker rules.
* Set the enforcement mode for executable rules to Enforce rules.

Setting the enforcement mode to "Audit Only" allows you to monitor AppLocker events, but blocked software is still allowed to run

Section 3.9
You have many computers running Windows 7 Enterprise. The computers are members of a domain.

Your company uses a site on its intranet to manage customer records. Your company also uses a site on the Internet to mange customer files. Both the intranet site and the Internet site were developed for Internet Explorer 7.

Without user intervention, you want both sites to display properly in Internet Explorer 8, but not affect other sites found on the Internet net.

What should you do?
- Use Group Policy to enable Compatibility View using the URL for both websites; restart Internet Explorer.
- Use Group Policy to enable Compatibility View using the URL of the Internet website.
- Use Group Policy to enable Compatibility View using the URL for both websites.
- Add the URL of the intranet website to the Local intranet site in Internet Options. Use Group Policy to enable Compatibility View using the URL of the Internet website.
- Use Group Policy to enable Compatibility View using the URL of the Internet website.

Explanation
In this scenario, use Group Policy to manage the list of approved Compatibility View Internet sites. Specifically, the Use Policy List of Internet Explorer 7 Sites setting creates a default list of sites that use Compatibility View in Internet Explorer 8. When using Internet Explorer 8, sites can manually be added by users, but the default list of sites cannot be removed.

The Compatibility View mode is automatically enabled for all intranet sites. Enabling or disabling Compatibility View mode does not require Internet Explorer to restart

Section 3.8
You have a computer running Windows 7 Enterprise.
A customer application works great on previous versions of Windows; however, it does not execute correctly on the Windows 7 computer.

In an attempt to fix the problem, you tried to run the application in compatibility mode. When this didn't work, you temporarily disabled UAC, but this still didn't fix the problem.

You must get the application to work correctly on this computer.

What should you do next?
- Implement a shim from the Compatibility Administrator
- Use Credential Manager to run the application as an administrator.
- Run the application in compatibility mode and as an administrator.
- Create and enable the default AppLocker rules.
- Implement a shim from the Compatibility Administrator

Explanation
In this case, you need to implement a shim. A shim is a piece of software that allows the application to work with Windows 7 in a similar fashion to how it works with previous Windows versions. The Compatibility Administrator has a collection (or database) of shims and modes that can resolve problems with a large number of existing applications. You can also use the compatibility Administrator to create shims if no solution exists in its database.

Granting users administrative privileges gives them rights to the entire system and not just to the single application.
Credential Manager stores account credentials for network resources, such as file servers and Web sties. AppLocker is a Windows 7 feature which restricts the execution of specific applications.

Section 3.5
You manage a Windows 7 computer that is shared by multiple users.

You want to prevent non-administrator users from being able to use USB flash storage devices on this computer.

What should you do?
- In user configuration in the local security policy, configure device installation policies.
- In computer configuration in the local security policy, configure device installation policies.
- Run pnputil -d to remove the driver
- In user configuration in the local security policy, configure driver installation policies.
- In computer configuration in the local security policy, configure device installation policies.

Explanation
Use device installation restriction to prevent specific device classes from being installed on the computer. installation is restricted based on the globally unique identifier (GUID) that corresponds to the device type. Enable the "Allow administrators to override Device Installation Restriction policies" policy to allow administrators to install that device class.

Use driver installation policies for the computer configuration to allow non-administrator users to install new drivers for specific device classes. In many cases, preventing the installation of the driver will also prevent the installation of the device. However, because the driver for USB devices already exists int he driver store, no driver installation is necessary to install the device, so preventing adding the driver would have no effect int his scenario.

use driver installation policies for the user configuration to configure driver prompts and unsigned driver behavior on computers prior to Windows Vista. Because the driver for USB storage devices is included with Windows, you cannot remove the driver from the driver store. Even if you could, this would remove the driver for administrative users as well.

Section 1.5 and 3.1
You have a computer running Windows 7 Ultimate.

For several years, the developers in your company have used a specific application.

After installing the application on your computer, it no longer executes correctly. The application worked best on Windows XP machines with Service Pack 3.

You need to have the application work correctly on this computer with the least amount of administrative effort.

What should you do?
- Make all users who need to run the application members of the local Administrators group.
- Create a virtual computer that runs Windows XP. Run the virtual computer each time the application runs.
- Run the application in its own memory space.
- Run the application in compatibility mode.
- Run the application in compatibility mode.

Explanation
Use the compatibility mode in Windows 7 to run older applications as if they were running under an older operating system version, such as Windows XP or Windows 2000. Use the "Compatibility" tab of an executable file's properties to manually set the compatibility mode.

You can run a virtual machine of Windows XP to run the applications, but this option requires extra work, such as installing Windows Virtual PC, installing the Windows XP mode on the virtual machine, and finally installing the necessary applications within the Windows XP mode environment,. Granting users administrative privileges gives them rights to the entire system and not just the single application. On Windows 7, most applications already run in a separate memory space

Section 3.5
You manage a computer that runs Windows 7.

You would like to prevent users from running all software on the computer except for software that has been digitally signed. The rule should apply to all known and unknown software.

What should you do?
- In Internet Options, add certificates from trusted publishers to the Trusted Publishers store.
- In Internet Options, edit the advanced settings to check for signatures on downloaded programs.
- In the local security policy, modify the Certificate Path Validation Settings policy.
- Configure an executable rule in application control policies with a publisher condition.
- Configure a certificate rule in software restriction policies
- Configure an executable rule in application control policies with a publisher condition.

Explanation
To prevent running any unsigned software, use application control policies (AppLocker). Create an executable rule with a publisher condition. Allow running software from any publisher to allow running all digitally signed software. Using AppLocker, you can create a single rule which applies to all software that is signed by any certificate.

Using certificate rules in software restriction policies, you would have to obtain the certificate for every software publisher, then explicitly allow each publisher. You cannot allow software from any publisher (i.e. for all signed applications) using software restriction policies.

Settings in Internet Options apply only to using Internet Explorer, and do not apply to software already saved on the computer or saved outside of Internet Explorer.

Section 3.9
You are working on a computer running Windows 7.

You recently installed a device that you only need temporarily. After several days of using the device, you remove it from the computer, and now you would like to remove the device driver as well.

What should you do? (Select two. Both answers are complete solutions.)
- In Device Manager, uninstall the device.
- During the boot process, press F8 and boot using the Last Known Good configuration.
- At the command prompt, run pnputil -d.
- In Device Manager, disable the device.
- In Device Manager, uninstall the device.
- At the command prompt, run pnputil -d.

Explanation
In this case, you can :
* Run pnputil -d to remove the driver from the driver store.
* Uninstall the device using the Device Manager and select the Delete the driver software for this device option to remove the driver from the driver store.

Disabling the device prevents it from being used but does not remove the driver. Using the Last Known Good option will not remove the device driver as you have rebooted and used the device for several days. last Known Good works only if you have not logged on after making a hardware change.

Section 3.1
You have a windows 7 computer that is shared by multiple users at work.

You want to allow only members of the Sales team to run the sales lead application. The rule should apply to all current and future versions of the application, regardless of the filename or its location.

What should you do?
- Create an executable rule with a file hash condition in application control policies.
- Create an executable rule with a publisher condition in application control policies.
- Create a hash rule in software restriction policies.
- Create a certificate rule in software restriction policies.
- Create an executable rule with a publisher condition in application control policies.

Explanation
Create an executable rule with a publisher condition in application control policies (AppLocker). The publisher rule uses the digital signature of the file to identify the software publisher, application, and version. with AppLocker, you can create a rule that applies to current and future versions of the application.

Hash condition and rules are manually created on a per-file and version basis, and will not apply to new versions of the applications. The hash value of the file will be the same, regardless of the file name or file location, but will change with each new version. hash rules cannot be used to restrict future versions of software.

Software restriction policies have a certificate rule which restricts software based on the certificate. However, software restriction policies cannot be applied on a per-user or per-group basis, and certificate rules cannot apply to future versions of the software. Tip: When asked to choose between software restriction policies and application control polices for a computer running Windows 7, choosing application control policies will always be a correct solution. Application control policies can do everything that software restriction policies can do, and more.

Section 3.9
You have set up the AccountWizard.exe program to run in Compatibility mode on a Windows 7 computer.  After running the program, you find that the large-scale fonts do not appear correctly and the movement of the window appears erratic.

Select the setti
You have set up the AccountWizard.exe program to run in Compatibility mode on a Windows 7 computer. After running the program, you find that the large-scale fonts do not appear correctly and the movement of the window appears erratic.

Select the settings you would enable to correct these issues. (Select two.)
- Disable desktop composition
- Disable display scaling on high DPI settings

Explanation
To resolve the erratic display of the program windows, select "Disable desktop composition", which disables Windows Aero effect features, such as transparency. To resolve the large-scale font display problem, select "Disable display scaling on high DPI settings", which turns off automatic resizing of applications when large-scale fonts are being used.

"Run in 256 colors" allows applications with limited color pallet to display correctly. "Run in 640 x 480" screen resolution allows low resolution applications to display properly. "Disable visual themes" resolves display problems with menus and buttons in some applications

Section 3.5
You manage several computers running Windows 7.

A user made some modifications on the Advanced tab in Internet Explorer and is now having some problems.

You need to restore the default Internet Explorer settings with the least amount of effort.

What should you do?
- Reinstall Internet Explorer.
- In Internet Options on the "Advanced" tab, click the "Restore advanced settings" button.
- In Internet Options on the "Security" tab, click the "Reset all zones to default level" button.
- In Internet Options on the "Advanced" tab, click the "Reset..." button.
- In Internet Options on the "Advanced" tab, click the "Restore advanced settings" button.

Explanation
Click the "Restore advanced settings" button on the Advanced tab in Internet Explorer. This puts all advanced settings back to their default values.

Clicking on the "Reset..." button also disables all browser add-ons and deletes temporary files. While this will restore the values to their original settings, it will also affect too many other settings. Resetting zones will not affect the Advanced tab settings. Reinstalling Internet Explorer requires too much effort.

Section 3.7