Which two actions should you perform?

A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform Module (TPM)
chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive
Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.

A company has an Active Directory Domain Services (AD DS) domain.
All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform Module (TPM)
chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive
Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.

A.
Enable the Require additional authentication at startup policy setting.

B.
Enable the Enforce drive encryption type on operating system drives policy setting.

C.
Enable the option to allow BitLocker without a compatible TPM.

D.
Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, and
11.



Leave a Reply 6

Your email address will not be published. Required fields are marked *


Andrea Lamb

Andrea Lamb

[Update]

New 70-697 Exam Questions and Answers Updated Recently (29/Dec/2016):

NEW QUESTION 152
Drag and Drop Question
You administer Windows 10 Enterprise tablets and virtual desktop computers that are joined to an Active Directory domain. Your company provides virtual desktop computers to all users. Employees in the sales department also use tablets, sometimes connected to the company network and sometimes disconnected from the company network. You want sales department employees to have the same personal data, whether they are using their virtual desktop or their tablets. You need to configure the network environment to meet the requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the lust of actions to the answer area and arrange them in the correct order. More than one order to answer choices may be correct. You will receive credit for any of the correct orders you select.
Iamge URL: examgod.com/plimages/8d6c6b27c91b_F536/passleader-70-697-dumps-1521.jpg

Answer:
Iamge URL: examgod.com/plimages/8d6c6b27c91b_F536/passleader-70-697-dumps-1522.jpg
Explanation:
technet.microsoft.com/en-us/library/cc732275(v=ws.11).aspx

NEW QUESTION 153
You have a laptop that is a member of a workgroup. The laptop does not have a Trusted Platform Module (TPM) chip. You plan to enable BitLocker Drive Encryption (BitLocker) for the operating system drive. What are two methods that you can use to unlock the drive when the laptop restarts? Each correct answer presents a complete solution.

A. a password
B. a Near Field Communication (NFC)-enabled portable device
C. a USB drive
D. a user account
E. Network Unlock

Answer: C
Explanation:
howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

NEW QUESTION 154
You administer Windows 10 Enterprise client computers that are members of an Active Directory domain that includes Active Directory Certificate Services (AD CS). You restored a computer from a backup that was taken 45 days ago. Users are no longer able to log on to that computer by using their domain accounts. An error message states that the trust relationship between the computer and the primary domain has failed. What should you do?

A. Renew the certificates issued to the client computer.
B. Reset the passwords of all affected domain users.
C. Logon as a local administrator and issue the netdom resetpwd command.
Log off and restart the computer.
D. Restore the client computer from a knows good backup that was taken two weeks earlier than the backup you previously restored.

Answer: C
Explanation:
theitbros.com/fix-trust-relationship-failed-without-domain-rejoining/

NEW QUESTION 155
Drag and Drop Question
You have a computer named Client1 that runs Windows 10 Enterprise. Client1 is a member of an Active Directory domain. A domain administrator provisions a certificate template for a virtual smart card logon. In the BIOS of Client1, you enable the Trusted Platform Module (TPM). You need to enable the virtual smartcard logon on Client1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Iamge URL: examgod.com/plimages/8d6c6b27c91b_F536/passleader-70-697-dumps-1551.jpg

Answer:
Iamge URL: examgod.com/plimages/8d6c6b27c91b_F536/passleader-70-697-dumps-1552.jpg
Explanation:
technet.microsoft.com/en-us/library/cc753140(v=ws.11).aspx
ss64.com/nt/run.html
technet.microsoft.com/en-us/library/cc730689(v=ws.11).aspx

NEW QUESTION 156
You have an unsecured wireless network for users to connect to from their personal Windows 10 devices. You need to prevent Wi-Fi Sense from sharing information about the unsecured wireless network. What should you do?

A. Configure the SSIF of the unsecured wireless to contain_optout.
B. Instruct the users to disable Internet Protocol Version 6 (TCP/IPv6) on their wireless network adapters.
C. Configure the SSID of the guest wireless to be hidden.
D. Instruct the users to turn off Network Discovery on their devices.

Answer: A
Explanation:
pcworld.com/article/2951824/windows/how-to-disable-windows-10s-wi-fi-sense-password-sharing.html

NEW QUESTION 157
You have a computer that runs Windows 10. You need to block all outbound and inbound communications that occur over TCP 9997, TCP 9999, and TCP 4000. What is the minimum number of rules that you must create?

A. 1
B. 2
C. 3
D. 6

Answer: D
Explanation:
technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx

NEW QUESTION 158
You have a laptop that has connections for three Wi-Fi network named WiFi1, WiFi2, and Wi-Fi 3. You need to ensure that the laptop connects to WiFi1 when multiple WiFi1 networks are available. What should you do?

A. From Netsh, configure the WLAN context.
B. From NetworkConnections in Control Panel, modify the bindings for the WiFi.
C. From the Windows Settings app, configure the Wi-Fi Sense settings.
D. From Network Connections in Control Panel, modify the network provider order.

Answer: D
Explanation:
quepublishing.com/articles/article.aspx?p=2455390&seqNum=3

NEW QUESTION 159
You administer Windows 10 Enterprise client computers in your company network. A guest at your company is connected to the Internet as shown in the following exhibit. (Click the exhibit button.)
Iamge URL: examgod.com/plimages/8d6c6b27c91b_F536/passleader-70-697-dumps-1591.jpg
You need to ensure that the guest user is able to share network resources over Wi-Fi without lowering the overall security of the computer. What should you do?

A. ConfigureFile and printer sharing settings for Public networks.
B. Change the network location type to Private.
C. Change the network location type to Work.
D. ConfigureFile sharing connections settings for All networks.

Answer: D
Explanation:
isunshare.com/windows-10/turn-off-or-on-password-protected-sharing-in-windows-10.html#_blank

NEW QUESTION 160
……

NEW QUESTION 173
You plan to deploy a customized Windows To Go workspace that uses an Unattend.xml file. You need to prevent a local fixed disk from appearing in File Explorer when a computer starts from Windows To Go. Which setting should you modify in Unattend.xml?

A. Start Menu
B. Storage
C. Deviceaccess
D. SanPolicy

Answer: D
Explanation:
technet.microsoft.com/en-us/library/jj592680(v=ws.11).aspx

NEW QUESTION 174
Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details in a question apply only to that question. On the corporate network, you have an Active Directory user account. The domain contains a sync share named Share1. You have a personal computer that runs Windows 10. The computer is a member of a workgroup. You need to access the files in Share1. Which Control Panel application should you use?

A. Phone and Modem
B. Network and Sharing Center
C. RemoteApp and Desktop Connections
D. Power Options
E. System
F. Sync Center
G. Credential Manager
H. Work Folders

Answer: F
Explanation:
thewindowsclub.com/windows-10-sync-center

NEW QUESTION 175
……

P.S. These New 70-697 Exam Questions Were Just Updated From The Real 70-697 Exam, You Can Get The Newest 70-697 Dumps In PDF And VCE From — http://www.passleader.com/70-697.html (176q VCE and PDF)

Good Luck! Happy New Year!!!

Pedro Perez

Pedro Perez

New 70-697 Exam Questions Updated Recently (19/May/2017):

NEW QUESTION 1
You administer Windows 10 Enterprise client computers in your company network. A computer that is used by non-administrator users has a directory named C:\Folder1. A shared collection of Microsoft Excel files is stored in the C:\Folder1 directory, with non-administrator users being granted modify permissions to the directory. You discover that some files have been incorrectly modified by a user. You need to determine which users are making changes to the files in the directory. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Set local policy: ComputerConfiguration\WindowsSettings\SecuritySettings\LocalPolicies\AuditPolicy\Audit object access to Failure.
B. From the Auditing Entry for Folder1, set the Principal to Everyone, and then set the Type to Failure for the Modify permission.
C. From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to Success for the Modify permission.
D. Set local policy: ComputerConfiguration\WindowsSettings\SecuritySettings\LocalPolicies\AuditPolicy\Audit object access to Success.
E. From the Auditing Entry for Folder1, set the Principal to Guests, and then set the Type to Failure for the Modify permission.
F. From the Auditing Entry for Folder, set the Principal to Everyone, and then set the Type to Success for the Modify permission.

Answer: DF

NEW QUESTION 2
You provide IT support for a small startup company. The company wants users to have Read and Write permissions to the company’s shared folder. The network consists of a workgroup that uses Windows 10 Enterprise computers. You add each user to a group named NetworkUsers. You need to grant permissions to the share. You have the following requirements:
– All users must have Read and Write access to existing files.
– Any new files must allow the creator to modify the new file’s permissions.
Which two actions should you take? Each correct answer presents part of the solution.

A. Grant Modify permissions to the NetworkUsers group on the shared folder.
B. Grant Full Control permissions to the Domain Admins group on the shared folder.
C. Grant List and Execute permissions to the NetworkUsers group on the shared folder.
D. Grant Full Control permissions to the Creator Owner group on the shared folder.

Answer: AD

NEW QUESTION 3
You are the desktop administrator for a small company. The company modifies its policy for retaining company financial documents from six months to three years. You currently use File History, retaining files for six months and saving copies of files every 20 minutes. You need to adjust your current backup solution to accommodate the policy change. What should you do?

A. Set the KeepSaved Versions option in File History to Forever.
B. Set the backup solution to Recovery model.
C. Set the Save Copies of Files frequency to Daily.
D. Set the File History log file setting to Archive the log when full, do not overwrite events.

Answer: A

NEW QUESTION 4
You have a computer that runs Windows 10 and has BitLocker Drive Encryption (BitLocker) configured. You need to change the BitLocker PIN for the drive. What should you run?

A. the bitsadmin.exe command
B. the Enable-BitLocker cmdlet
C. the Add-BitLockerKeyProtector cmdlet
D. the Set-PcsvDeviceUserPassword cmdlet

Answer: C

NEW QUESTION 5
You have a Microsoft Intune subscription. You create two compliance policies named Comp1 and Comp2. You create a configuration policy named ConfigPol1. The settings in each policy do not conflict with other policies. Comp1 has low security settings. Comp2 has medium security settings. ConfigPol1 has high security settings. You have a device named Device1. Device1 is a member of groups that have Comp1, Comp2 and ConfigPol1 applied. You need to identify which policies with be enforced on Device1. What should you identify?

A. Comp1 only
B. Comp2 only
C. Comp1, Comp2 and ConfigPol1
D. Comp1 and Comp2 only
E. Comp1 and ConfigPol1 only
F. ConfigPol1 only
G. Comp2 andConfigPol1 only

Answer: C

NEW QUESTION 6
Your network contains an Active Directory domain named contoso.com. All client computers run Windows 10 Enterprise and Microsoft Office 2013. All of the computers are joined to the domain. Your company purchases a subscription to Office 365. An administrator creates an Office 365 account for each user and deploys a federated solution for Office 365. You need to prevent the users from being prompted for a user account and a password each time they access services from Office 365. Which account should you instruct the users to use when they sign in to their computer?

A. a Microsoft account
B. a local user account
C. an Office 365 account
D. a contoso.com account

Answer: D

NEW QUESTION 7
You have a computer named Client1. Client 1 is joined to an Active Directory domain. You need to join Client1 to an Azure Active Directory (Azure AD) tenant. What should you do first?
……

NEW QUESTION 8
You administer Windows 10 Enterprise. Your network includes an Active Directory domain and a standalone server in a perimeter network that runs Windows Server 2008 R2. Your company purchases five new tablets that run Windows 8. The tablets will be used to access domain resources and shared folders located on the standalone server. You need to implement single sign-on (SSO) authentication for tablet users. You also need to ensure that you can audit personnel access to the shared folder. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Create a new Microsoft account for each user.
B. Ensure that the local account for each user on the stand-alone server uses the same password as the corresponding Microsoft account.
C. Join the tablets to a domain.
D. Join the tablets to the same workgroup as the stand-alone server.
E. Enable a guest account on the stand-alone server.
F. On the stand-alone server, create user accounts that have the same logon names and passwords as the user domain accounts.

Answer: CF

NEW QUESTION 9
You support Windows 10 Enterprise computers. Your company protects all laptops by using the BitLocker Network Unlock feature. Some employees work from home. You need to ensure that employees can log on to their laptops when they work from home. What should you do?

A. Have users run theManage-bde.exe -unlock command before they disconnect from the company network.
B. Ensure that the Trusted Platform Module (TPM) chips in the laptops are version 1.2 or greater.
C. Enable BitLocker To Go.
D. Provide employees with their BitLocker PINs.

Answer: D

NEW QUESTION 10
You administer Windows 10 Enterprise tablets that are members of an Active Directory domain. You want to create an archived copy of My Documents folders that are stored on the tablets. You create a standard domain user account to run a backup task. You need to grant the backup task user account access to the folders. What should you do?

A. Add the backup task account to the Remote Management Users group on a domain controller.
B. Add the backup task account to the Backup Operators group on every tablet.
C. Add the backup task account to the Backup Operators group on a domain controller.
D. Set the backup task account as NTFS owner on all the folders.

Answer: B

NEW QUESTION 11
You are an IT professional for a bank. All of the user’s files on the external drives are encrypted by using EFS. You replace a user’s computer with a new Windows 10 Enterprise computer. The user needs to connect her external hard drive to the new computer. You have the original computer’s certificate and key. You need to import the certificate and key onto the new computer. Into which certificate store should you import the certificate and key?

A. Untrusted Certificates
B. Trusted Root Certification Authorities
C. Personal
D. Trusted Publishers

Answer: C

NEW QUESTION 12
……

P.S. These New 70-697 Exam Questions Were Just Updated From The Real 70-697 Exam, You Can Get The Newest 70-697 Dumps In PDF And VCE From — http://www.passleader.com/70-697.html (199q VCE and PDF)

Good Luck!

Pino

Pino

Why not post complete pdf

Roger D'Agostin

Roger D'Agostin

GREAT!!! Luckily Completed The Configuring Windows Devices 70-697 Exam Recently!!! Scored 883/1000.

I studied 7 weeks before taking the 70-697 test. The 70-697 exam a little difficult, the actual 70-697 questions were pretty straight forward.

Working experience about SYS Admin will help a lot for passing the 70-697 test!

I had 51 questions in total, mainly on App-V, Remote Apps, Intune reports and Azure, Networks (profiles), Workfolders…etc.

Got many new questions on Understanding the Application Compatibility in Your Environment, AppLocker, Setting Disk Quotas, Fsutil quota and so on.

And, I do recommend you to learn the PassLeader 70-697 dumps for preparing for the test, most of all new questions are available in PL!

Here, you can get part of PassLeader 70-697 dumps here FYI:

https://drive.google.com/open?id=0B-ob6L_QjGLpd0pjaGx0bzVXVG8

Good Luck!!!