Windows 10 v1.0
Question 1
Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has IT, human resources (HR), and finance departments.
Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.
Existing environment -
Contoso uses Microsoft 365.
The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).
All computers run Windows 10 Enterprise.
You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.
In the domain, you create four groups named Group1, Group2, Group3, and Group4.
Computer2 has the local Group Policy settings shown in the following table.
The computers are updated by using Windows Update for Business.
The domain has the users shown in the following table.
Computer1 has the local users shown in the following table.
Requirements -
Planned Changes -
Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.
Technical requirements -
Contoso identifies the following technical requirements:
The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).
Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.
Users in the HR department must be able to view the list of files in a folder named D:\Reports on Computer3.
ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.
Quality update installations must be deferred as long as possible on ComputerA.
Users in the IT department must use dynamic lock on their primary device.
User6 must be able to connect to Computer2 by using Remote Desktop.
The principle of least privilege must be used whenever possible.
Administrative effort must be minimized whenever possible.
Kiosk (assigned access) must be configured on Computer1.
HOTSPOT -
You need to meet the technical requirements for the HR department users.
Which permissions should you assign to the HR department users for the D:\Reports folder? To answer, select the appropriate permissions in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
References:
https://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/
Question 2
Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
Contoso has IT, human resources (HR), and finance departments.
Contoso recently opened a new branch office in San Diego. All the users in the San Diego office work from home.
Existing environment -
Contoso uses Microsoft 365.
The on-premises network contains an Active Directory domain named contoso.com. The domain is synced to Microsoft Azure Active Directory (Azure AD).
All computers run Windows 10 Enterprise.
You have four computers named Computer1, Computer2, Computer3, and ComputerA. ComputerA is in a workgroup on an isolated network segment and runs the Long Term Servicing Channel version of Windows 10. ComputerA connects to a manufacturing system and is business critical. All the other computers are joined to the domain and run the Semi-Annual Channel version of Windows 10.
In the domain, you create four groups named Group1, Group2, Group3, and Group4.
Computer2 has the local Group Policy settings shown in the following table.
The computers are updated by using Windows Update for Business.
The domain has the users shown in the following table.
Computer1 has the local users shown in the following table.
Requirements -
Planned Changes -
Contoso plans to purchase computers preinstalled with Windows 10 Pro for all the San Diego office users.
Technical requirements -
Contoso identifies the following technical requirements:
The computers in the San Diego office must be upgraded automatically to Windows 10 Enterprise and must be joined to Azure AD the first time a user starts each new computer. End users must not be required to accept the End User License Agreement (EULA).
Helpdesk users must be able to troubleshoot Group Policy object (GPO) processing on the Windows 10 computers. The helpdesk users must be able to identify which Group Policies are applied to the computers.
Users in the HR department must be able to view the list of files in a folder named D:\Reports on Computer3.
ComputerA must be configured to have an Encrypting File System (EFS) recovery agent.
Quality update installations must be deferred as long as possible on ComputerA.
Users in the IT department must use dynamic lock on their primary device.
User6 must be able to connect to Computer2 by using Remote Desktop.
The principle of least privilege must be used whenever possible.
Administrative effort must be minimized whenever possible.
Kiosk (assigned access) must be configured on Computer1.
You need to meet the technical requirements for EFS on ComputerA.
What should you do?
- A. Run certutil.exe, and then add a certificate to the local computer certificate store.
- B. Run cipher.exe, and then add a certificate to the local computer certificate store.
- C. Run cipher.exe, and then add a certificate to the local Group Policy.
- D. Run certutil.exe, and then add a certificate to the local Group Policy.
Answer : B
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate
Manage Devices and Data -
Question 3
You have several computers that run Windows 10. The computers are in a workgroup and have BitLocker Drive Encryption (BitLocker) enabled.
You join the computers to Microsoft Azure Active Directory (Azure AD).
You need to ensure that you can recover the BitLocker recovery key for the computers from Azure AD.
What should you do first?
- A. Disable BitLocker.
- B. Add a BitLocker key protector.
- C. Suspend BitLocker.
- D. Disable the TMP chip.
Answer : B
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies#bitlocker-key- protectors
Question 4
HOTSPOT -
Your network contains an Active Directory forest. The forest contains a root domain named contoso.com and a child domain named corp.contoso.com.
You have a computer named Computer1 that runs Windows 10. Computer1 is joined to the corp.contoso.com domain.
Computer1 contains a folder named Folder1. In the Security settings of Folder1, Everyone is assigned the Full control permissions.
On Computer1, you share Folder1 as Share1 and assign the Read permissions for Share1 to the Users group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
References:
https://www.techrepublic.com/article/learn-the-basic-differences-between-share-and-ntfs-permissions/
Question 5
HOTSPOT -
You have a computer named Computer1 that runs Windows 10. Computer1 is in a workgroup.
Computer1 contains the folders shown in the following table.
On Computer1, you create the users shown in the following table.
User1 encrypts a file named File1.txt that is in a folder named C:\Folder1.
What is the effect of the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
References:
https://support.microsoft.com/en-za/help/310316/how-permissions-are-handled-when-you-copy-and-move-files-and-folders
Question 6
HOTSPOT -
You have a computer named Computer1 that runs Windows 10 and is joined to an Active Directory domain named adatum.com.
A user named Admin1 signs in to Computer1 and runs the whoami command as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Question 7
You have a computer named Computer1 that runs Windows 10.
You need to configure User Account Control (UAC) to prompt administrators for their credentials.
Which settings should you modify?
- A. Administrators Properties in Local Users and Groups
- B. User Account Control Settings in Control Panel
- C. Security Options in Local Group Policy Editor
- D. User Rights Assignment in Local Group Policy Editor
Answer : C
References:
https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings
Question 8
You have several computers that run Windows 10. The computers are in a workgroup.
You need to prevent users from using Microsoft Store apps on their computer.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. From Security Settings in the local Group Policy, configure Security Options.
- B. From Administrative Templates in the local Group Policy, configure the Store settings.
- C. From Security Settings in the local Group Policy, configure Software Restriction Policies.
- D. From Security Settings in the local Group Policy, configure Application Control Policies.
Answer : BD
References:
https://www.techrepublic.com/article/how-to-manage-your-organizations-microsoft-store-group-policy/
Question 9
You have a computer named Computer1 that runs Windows 10.
You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.
What should you use?
- A. Windows Configuration Designer
- B. MSConfig
- C. Local Group Policy Editor
- D. an MMC console that has the Group Policy Object Editor snap-in
Answer : C
Question 10
HOTSPOT -
You have three computers that run Windows 10 as shown in the following table.
All the computers have C and D volumes. The Require additional authentication at startup Group Policy settings is disabled on all the computers.
Which volumes can you encrypt by using BitLocker Drive Encryption (BitLocker)? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
References:
https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10
Question 11
Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10.
On Computer1, you create an NTFS folder and assign Full control permissions to Everyone.
You share the folder as Share1 and assign the permissions shown in the following table.
When accessing Share1, which two actions can be performed by User1 but not by User2? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Delete a file created by another user.
- B. Set the permissions for a file.
- C. Rename a file created by another user.
- D. Take ownership of file.
- E. Copy a file created by another user to a subfolder.
Answer : BD
References:
https://www.varonis.com/blog/ntfs-permissions-vs-share/
Question 12
HOTSPOT -
You have a computer that runs Windows 10. The computer contains a folder named C:\ISOs that is shared as ISOs.
You run several commands on the computer as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Question 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
User2 attempts to access Share1 and receives the following error message: ג€The username or password is incorrect.ג€
You need to ensure that User2 can connect to Share1.
Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Change access to Share1.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
References:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v%3dws.10)
Question 14
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
User2 attempts to access Share1 and receives the following error message: ג€The username or password is incorrect.ג€
You need to ensure that User2 can connect to Share1.
Solution: You create a local user account on Computer1 and instruct User2 to use the local account to connect to Share1.
Does this meet the goal?
- A. Yes
- B. No
Answer : B
Question 15
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A user named User1 has a computer named Computer1 that runs Windows 10. Computer1 is joined to an Azure Active Directory (Azure AD) tenant named contoso.com. User1 joins Computer1 to contoso.com by using [email protected]
Computer1 contains a folder named Folder1. Folder1 is in drive C and is shared as Share1. Share1 has the permission shown in the following table.
A user named User2 has a computer named Computer2 that runs Windows 10. User2 joins Computer2 to contoso.com by using [email protected]
User2 attempts to access Share1 and receives the following error message: ג€The username or password is incorrect.ג€
You need to ensure that User2 can connect to Share1.
Solution: In Azure AD, you create a group named Group1 that contains User1 and User2. You grant Group1 Modify access to Folder1.
Does this meet the goal?
- A. Yes
- B. No
Answer : A
References:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v%3dws.10)