The company has enabled password reset through OW

###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.

The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.

The company’s password policy is shown in the following table.

The company’s account lockout policy is shown in the following table.

Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.

• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###

You deploy a WAP in one of the company locations. Client computers connect to it by using the WiFi
GPO. You need to ensure that users cannot change the network location for the connection. Which
policy should you define?

###BeginCaseStudy###
Case Study: 13
Enterprise Company
Scenario:
Background
You are the desktop support technician for an enterprise company. The company offices,
sizes, and platforms are shown in the following table.

The Beijing office has been experiencing remote access issues. The company’s client
computers run Windows Vista and Windows 7. The company is in the process of upgrading
the Windows Vista client computers to Windows 7. All client computers have two volumes,
as shown in the following table.

The company’s password policy is shown in the following table.

The company’s account lockout policy is shown in the following table.

Software Environment
• The company has a single Active Directory Domain Services (AD DS) forest with
one domain. All domain controllers run Windows Server 2008 R2. The forest and domain
functional levels are set to Windows Server 2008 R2.
• The company outsources sales support to a third party.
• Each member of the Sales Support team has an AD DS user account in a global
security group named Sales.
• The Sales security group and the AD DS user accounts for the Sales Support team
reside in an organizational unit (OU) named Sales Support.
• Members of the Sales Support team do not use domain-joined client computers.
• With the exception of the Sales Support team, all user accounts reside in an OU
named Employees.
• All client computers reside in an OU named Client Computers.
• A global security group named Accounting contains users with domain accounts.
They use portable computers running Windows 7 that are joined to the domain.

• The company uses DirectAccess for remote access connectivity. Windows 7 domainjoined computers have been configured to use DirectAccess.
• The company uses Microsoft Exchange and Outlook Web App (OWA) for email and
collaboration. The company has enabled password reset through OWA.
The company uses AppLocker to prevent users from running certain programs. AppLocker
rules are defined at the domain-level in the Corp Group Policy object (GPO). Corp GPO only
contains AppLocker policy settings.
Wireless Requirements
The company has wireless access points (WAPs) that provide wireless connectivity at some
locations. The company uses a GPO named WiFi to enforce wireless security. The WiFi GPO
is linked to the domain. The company mandates that all domain-joined computers must
connect to corporate WAPs automatically. The company’s 802.1 X authentication server must
be used for client computer connections to the WAP. Visitors and contractors are unable to
connect to the corporate wireless network. Management has mandated that a guest wireless
network be established that meets the following criteria:
• Users should not have to provide credentials.
• Maximize wireless network performance.
• Minimize administrative overhead.
Data Protection Environment
• Full system backups are performed on client computers on Sundays with one week of
retention.
• All client computers are configured with System Protection settings to restore only
previous versions of files.
###EndCaseStudy###

You deploy a WAP in one of the company locations. Client computers connect to it by using the WiFi
GPO. You need to ensure that users cannot change the network location for the connection. Which
policy should you define?

A.
Wireless Network (IEEE 802.11)

B.
IP Security

C.
Network List Manager

D.
Windows Firewall with Advanced Security

Explanation:
Chapter 7 p 346 – 348

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Joseph

Joseph

I believe that the answer should be A. Wireless Network (IEEE 802.11)

There is no Group Policy called Network List Manager

There is a GPO called Wireless Network (IEEE 802.11)
http://i2.wp.com/www.grouppolicy.biz/wp-content/uploads/2010/03/image_thumb17.png?resize=461%2C469

Reply

Anjali Bingo

Anjali Bingo

Glad to say that I just passed the 70-685 exam few days ago, for my third try (the 70-685 exam is very difficult!!!)

I used a lot of syudy materials, including the Microsoft official 70-685 study guide, MS Press books, CBT Nuggets and Pluralsight videos…and so on. Before taking the exam, you should ensure that you really understand all topics listed in the Microsoft official 70-685 study guide, and when taking the exam, remember to read all questions carefully, misunderstanding the meaning of the questions, you will get the wrong answers. I also practiced the VCE dumps, which helped me knowing which part of the exam that I was weak on, I used the passleader 70-685 vce dumps (http://bit.ly/1wA2skl, pdf dumps also available there).

Knowing about BranchCache, DirectAccess and IKEv2 will help a lot!

At last, do labs and practice test as much as you can!!!

Good Luck!

Reply