MD-100: Windows 10 - Free download from Exam Files

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on locally user right.

Does this meet the goal?

Yes
No

Correct answer: A

Explanation:

By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question. However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right. References:https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally

By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.

However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default.

Therefore, we can prevent this by assigning Service1 the deny log on locally user right.

References:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally

Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers.

The company purchases 1,000 new computers.

You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Add a task sequence step that adds a provisioning package.
In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.
Add a custom command to the Unattend.xml file.
Add a configuration setting to Windows Deployment Services (WDS).
Add a task sequence step that runs dism.exe.

Correct answer: CE

Explanation:

A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question. The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe. To add Hyper-V using dism.exe, you would run the following dism command:DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-VReferences:https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image https://mdtguy.wordpress.com/2016/09/14/mdt-fundamentals-adding-features-using-dism-from-within-the-task-sequence/ https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v

A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question.

The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe.

To add Hyper-V using dism.exe, you would run the following dism command:

DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V

References:

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image

https://mdtguy.wordpress.com/2016/09/14/mdt-fundamentals-adding-features-using-dism-from-within-the-task-sequence/

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v

Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.

Your company purchases a Microsoft 365 subscription.

You need to migrate the Documents folder of users to Microsoft OneDrive for Business.

What should you configure?

One Drive Group Policy settings
roaming user profiles
Enterprise State Roaming
Folder Redirection Group Policy settings

Correct answer: A

Explanation:

You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365. Importing the OneDrive group policy template files into Group Policy adds OneDrive related settings that you can configure in your Group Policy. One of the group policy settings enables you to redirect “Known Folders” to OneDrive for business. Known folders are Desktop, Documents, Pictures, Screenshots, and Camera Roll. There are two primary advantages of moving or redirecting Windows known folders to OneDrive for the users in your domain:Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive. Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device. References:https://docs.microsoft.com/en-us/onedrive/redirect-known-folders?redirectSourcePath=%252fen-us%252farticle%252fredirect-windows-known-folders-to-onedrive-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365.

Importing the OneDrive group policy template files into Group Policy adds OneDrive related settings that you can configure in your Group Policy.

One of the group policy settings enables you to redirect “Known Folders” to OneDrive for business. Known folders are Desktop, Documents, Pictures, Screenshots, and Camera Roll.

There are two primary advantages of moving or redirecting Windows known folders to OneDrive for the users in your domain:

Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive.
Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device.

References:

https://docs.microsoft.com/en-us/onedrive/redirect-known-folders?redirectSourcePath=%252fen-us%252farticle%252fredirect-windows-known-folders-to-onedrive-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

You deploy Windows 10 to a new computer named Computer1.

You sign in to Computer1 and create a user named User1.

You create a file named LayoutModification.xml in the C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\folder. LayoutModification.xml contains the following markup.

What is the effect of the configuration? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

References:https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar

References:

https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar

Use the drop-down menus to select the answer choice that completes each statement based on the information presented on the graphic.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer that runs Windows 10. The computer contains a folder. The folder contains sensitive data.

You need to log which user reads the contents of the folder and modifies and deletes files in the folder.

Solution: From the properties of the folder, you configure the Auditing settings and from the Audit Policy in the local Group Policy, you configure Audit directory service access.

Does this meet the goal?

Yes
No

Correct answer: B

Explanation:

Files and folders are objects and are audited through object access, not though directory service access. References:https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html

Files and folders are objects and are audited through object access, not though directory service access.

References:

https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html

You have a computer named Computer 1 that runs Windows 10.

You turn on System Protection and create a restore point named Point1.

You perform the following changes:

Add four files named File1.txt, File2.dll, File3.sys, and File4.exe to the desktop.
Run a configuration script that adds the following four registry keys:
- Key1 to HKEY_CURRENT_USER
- Key2 to HKEY_CLASSES_ROOT
- Key3 to HKEY_LOCAL_MACHINE\SYSTEM
- Key4 to HKEY_CURRENT_CONFIG

You restore Point1.

Which files and registry keys are removed? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

References:https://www.maketecheasier.com/what-system-restore-can-and-cannot-do-to-your-windows-system/https://superuser.com/questions/343112/what-does-windows-system-restore-exactly-back-up-and-restore

References:

https://www.maketecheasier.com/what-system-restore-can-and-cannot-do-to-your-windows-system/

https://superuser.com/questions/343112/what-does-windows-system-restore-exactly-back-up-and-restore

You have 10 computers that run Windows 10.

You have a Windows Server Update Services (WSUS) server.

You need to configure the computers to install updates from WSUS.

Which two settings should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

References:https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus#configure-automatic-updates-and-update-service-location

References:

https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus#configure-automatic-updates-and-update-service-location

Your network contains an Active Directory domain. The domain contains 1,000 computers that run Windows 10.

You discover that when users are on their lock screen, they see a different background image every day, along with tips for using different features in Windows 10.

You need to disable the tips and the daily background image for all the Windows 10 computers.

Which Group Policy settings should you modify?

Turn off the Windows Welcome Experience
Turn off Windows Spotlight on Settings
Do not suggest third-party content in Windows spotlight
Turn off all Windows spotlight features

Correct answer: D

Explanation:

References:https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight

References:

https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Data on drive C. The Advanced Security Settings for the Data folder are shown in the exhibit. (Click the Exhibit tab.)

You share C:\Data as shown in the following table.

User1 is a member of the Users group.

Administrators are assigned Full control NTFS permissions to C:\Data.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct answer: To work with this question, an Exam Simulator is required.

Explanation:

User1 cannot write files when connected to \\Computer1\Data because the Users group only has Read & Execute NTFS permission to the C:\Data folder and there are no explicit NTFS permissions for User1.User1 cannot write files locally because the Users group only has Read & Execute NTFS permission to the C:\Data folder and there are no explicit NTFS permissions for User1. Administrators cannot change the NTFS permissions of files and folders when connected to \\Computer1\Data because they only have Change share permission. The would need Full Control share permission. They could do it locally because they have Full Control NTFS permission.

User1 cannot write files when connected to \\Computer1\Data because the Users group only has Read & Execute NTFS permission to the C:\Data folder and there are no explicit NTFS permissions for User1.

User1 cannot write files locally because the Users group only has Read & Execute NTFS permission to the C:\Data folder and there are no explicit NTFS permissions for User1.

Administrators cannot change the NTFS permissions of files and folders when connected to \\Computer1\Data because they only have Change share permission. The would need Full Control share permission. They could do it locally because they have Full Control NTFS permission.