Download Windows 10.MD-100.NewDumps.2021-07-24.235q.vcex

Vendor: Microsoft
Exam Code: MD-100
Exam Name: Windows 10
Date: Jul 24, 2021
File Size: 19 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup. 
You discover that none of the computers are activated. 
You need to recommend a solution to activate the computers without connecting the network to the Internet. 
What should you include in the recommendation?
  1. Volume Activation Management Tool (VAMT)
  2. Key Management Service (KMS)
  3. Active Directory-based activation
  4. the Get-WindowsDeveloperLicense cmdlet
Correct answer: A
Explanation:
A. Volume Activation Management Tool (VAMT) (correct) B. Key Management Service (KMS) (needs more than 25 computers) C. Active Directory-based activation (needs to be domain member) D. the Get-WindowsDeveloperLicense cmdlet (shows developer license) Reference:https://docs.microsoft.com/en-us/windows/deployment/volume-activation/introduction-vamt
A. Volume Activation Management Tool (VAMT) (correct) 
B. Key Management Service (KMS) (needs more than 25 computers) 
C. Active Directory-based activation (needs to be domain member) 
D. the Get-WindowsDeveloperLicense cmdlet (shows developer license) 
Reference:
https://docs.microsoft.com/en-us/windows/deployment/volume-activation/introduction-vamt
Question 2
You plan to deploy Windows 10 to 100 secure computers. 
You need to select a version of Windows 10 that meets the following requirements:
  • Uses Microsoft Edge as the default browser 
  • Minimizes the attack surface on the computer 
  • Supports joining Microsoft Azure Active Directory (Azure AD) 
  • Only allows the installation of applications from the Microsoft Store 
What is the best version to achieve the goal? More than one answer choice may achieve the goal.  
Select the BEST answer.
  1. Windows 10 Pro in S mode
  2. Windows 10 Home in S mode
  3. Windows 10 Pro
  4. Windows 10 Enterprise
Correct answer: A
Explanation:
Windows 10 in S mode is a version of Windows 10 that's streamlined for security and performance, while providing a familiar Windows experience. To increase security, it allows only apps from the Microsoft Store, and requires Microsoft Edge for safe browsing. Azure AD Domain join is available for Windows 10 Pro in S mode and Windows 10 Enterprise in S mode. It's not available in Windows 10 Home in S mode. References:https://docs.microsoft.com/es-es/windows/deployment/s-modehttps://support.microsoft.com/en-gb/help/4020089/windows-10-in-s-mode-faq
Windows 10 in S mode is a version of Windows 10 that's streamlined for security and performance, while providing a familiar Windows experience. To increase security, it allows only apps from the Microsoft Store, and requires Microsoft Edge for safe browsing. 
Azure AD Domain join is available for Windows 10 Pro in S mode and Windows 10 Enterprise in S mode. 
It's not available in Windows 10 Home in S mode. 
References:
https://docs.microsoft.com/es-es/windows/deployment/s-mode
https://support.microsoft.com/en-gb/help/4020089/windows-10-in-s-mode-faq
Question 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
You have a computer named Computer1 that runs Windows 10. 
A service named Application1 is configured as shown in the exhibit:
    
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1.  
The solution must use the principle of least privilege.  
Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account. 
Does this meet the goal?
  1. Yes 
  2. No
Correct answer: B
Explanation:
Configuring Application1 to sign in as the LocalSystem account would ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop on Computer1. However, this does not use the principle of least privilege. The LocalSystem account has full access to the system. Therefore, this solution does not meet the goal. References:https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally
Configuring Application1 to sign in as the LocalSystem account would ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop on Computer1. However, this does not use the principle of least privilege. The LocalSystem account has full access to the system. Therefore, this solution does not meet the goal. 
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally
Question 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
You have a computer named Computer1 that runs Windows 10. 
A service named Application1 is configured as shown in the exhibit:
    
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1.  
The solution must use the principle of least privilege.  
Solution: On Computer1, you assign Service1 the deny log on as a service user right.
Does this meet the goal?
  1. Yes
  2. No 
Correct answer: A
Explanation:
By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question. However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right. References:https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service
By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question. 
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right. 
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service
Question 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. 
You have a computer named Computer1 that runs Windows 10. 
A service named Application1 is configured as shown in the exhibit:
    
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1.  
The solution must use the principle of least privilege.  
Solution: On Computer1, you assign Service1 the deny log on as a service user right.
Does this meet the goal?
  1. Yes
  2. No 
Correct answer: B
Explanation:
A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right. References:https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service
A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function. 
To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right. 
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service
Question 6
You have a Microsoft Azure Active Directory (Azure AD) tenant. Some users sign in to their computer by using Windows Hello for Business.  
A user named User1 purchases a new computer and joins the computer to Azure AD. User1 attempts to configure the sign-in options and receives the error message shown in the exhibit 
    
You open Device Manager and confirm that all the hardware works correctly. You need to ensure that User1 can use Windows Hello for Business facial recognition to sign in to the computer. 
What should you do first?
  1. Purchase an infrared (IR) camera.
  2. Upgrade the computer to Windows 10 Enterprise.
  3. Enable UEFI Secure Boot. 
  4. Install a virtual TPM driver.
Correct answer: A
Explanation:
Windows Hello facial recognition requires an infrared (IR) camera. If your device does not have an infrared camera (or any other biometric device such as a fingerprint scanner), you will see the message shown in the exhibit. The question states that Device Manager shows all hardware is working properly. Therefore, it is not the case that the computer has an IR camera but it isn't working properly. The problem must be that the computer does not have an IR camera. Incorrect Answers:B: Windows 10 Enterprise is not required for Windows Hello. Windows Hello also works on Windows 10 Pro. C: UEFI Secure Boot is not required for Windows Hello.D: A virtual TPM driver is not required for Windows Hello.References:https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide
Windows Hello facial recognition requires an infrared (IR) camera. If your device does not have an infrared camera (or any other biometric device such as a fingerprint scanner), you will see the message shown in the exhibit. The question states that Device Manager shows all hardware is working properly. Therefore, it is not the case that the computer has an IR camera but it isn't working properly. The problem must be that the computer does not have an IR camera. 
Incorrect Answers:
B: Windows 10 Enterprise is not required for Windows Hello. Windows Hello also works on Windows 10 Pro. 
C: UEFI Secure Boot is not required for Windows Hello.
D: A virtual TPM driver is not required for Windows Hello.
References:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide
Question 7
Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers. 
The company purchases 1,000 new computers. 
You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.  
What are two possible ways to achieve the goal?  
Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point.
  1. Add a task sequence step that adds a provisioning package.
  2. In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.
  3. Add a custom command to the Unattend.xml file.
  4. Add a configuration setting to Windows Deployment Services (WDS).
  5. Add a task sequence step that runs dism.exe.
Correct answer: CE
Explanation:
A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question. The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe. To add Hyper-V using dism.exe, you would run the following dism command:DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-VReferences:https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image  https://mdtguy.wordpress.com/2016/09/14/mdt-fundamentals-adding-features-using-dism-from-within-the-task-sequence/  https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v
A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question. 
The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe. 
To add Hyper-V using dism.exe, you would run the following dism command:
DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V
References:
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image  
https://mdtguy.wordpress.com/2016/09/14/mdt-fundamentals-adding-features-using-dism-from-within-the-task-sequence/  
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v
Question 8
Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. 
Your company purchases a Microsoft 365 subscription. 
You need to migrate the Documents folder of users to Microsoft OneDrive for Business. 
What should you configure?
  1. One Drive Group Policy settings
  2. roaming user profiles
  3. Enterprise State Roaming
  4. Folder Redirection Group Policy settings
Correct answer: A
Explanation:
You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365. Importing the OneDrive group policy template files into Group Policy adds OneDrive related settings that you can configure in your Group Policy. One of the group policy settings enables you to redirect 'Known Folders' to OneDrive for business. Known folders are Desktop, Documents, Pictures, Screenshots, and Camera Roll. There are two primary advantages of moving or redirecting Windows known folders to OneDrive for the users in your domain:Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive. Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device. References:https://docs.microsoft.com/en-us/onedrive/redirect-known-folders?redirectSourcePath=%252fen-us%252farticle%252fredirect-windows-known-folders-to-onedrive-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12
You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365. 
Importing the OneDrive group policy template files into Group Policy adds OneDrive related settings that you can configure in your Group Policy. 
One of the group policy settings enables you to redirect 'Known Folders' to OneDrive for business. Known folders are Desktop, Documents, Pictures, Screenshots, and Camera Roll. 
There are two primary advantages of moving or redirecting Windows known folders to OneDrive for the users in your domain:
  • Your users can continue using the folders they're familiar with. They don't have to change their daily work habits to save files to OneDrive. 
  • Saving files to OneDrive backs up your users' data in the cloud and gives them access to their files from any device. 
References:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders?redirectSourcePath=%252fen-us%252farticle%252fredirect-windows-known-folders-to-onedrive-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12
Question 9
Your network contains an Active Directory domain. The domain contains a user named User1. 
User1 creates a Microsoft account. 
User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials. 
Which settings should User1 configure?
  1. User Accounts in Control Panel
  2. Email & app accounts in the Settings app
  3. Users in Computer Management
  4. Users in Active Directory Users and Computers
Correct answer: B
Explanation:
Open the Setting app, select Accounts then select Email and accounts. Here you can add accounts for the cloud resources and configure the login credentials for the accounts. If you configure the accounts with the login credentials of the Microsoft account, you won't be prompted for credentials when you open the apps. References:https://support.microsoft.com/en-za/help/4028195/microsoft-account-how-to-sign-in
Open the Setting app, select Accounts then select Email and accounts. Here you can add accounts for the cloud resources and configure the login credentials for the accounts. If you configure the accounts with the login credentials of the Microsoft account, you won't be prompted for credentials when you open the apps. 
References:
https://support.microsoft.com/en-za/help/4028195/microsoft-account-how-to-sign-in
Question 10
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You have a workgroup computer named Computer1 that runs Windows 10. 
You need to add Computer1 to contoso.com. 
What should you use? 
  1. Computer Management
  2. dsregcmd.exe
  3. the Settings app
  4. netdom.exe
Correct answer: C
Explanation:
You join a computer to a domain, including an Azure AD domain in the Settings panel in Windows 10, under System->About References:https://aadguide.azurewebsites.net/aadjoin/
You join a computer to a domain, including an Azure AD domain in the Settings panel in Windows 10, under System->About 
References:
https://aadguide.azurewebsites.net/aadjoin/
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!