Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft 70-697

Microsoft 70-697 Exam Practice Questions (P. 2)

  • Full Access (369 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
You are the desktop administrator for a small company.
Your workgroup environment consists of Windows 10 Enterprise computers. You want to prevent 10 help desk computers from sleeping. However, you want the screens to shut off after a certain period of time if the computers are not being used.
You need to configure and apply a standard power configuration scheme for the 10 help desk computers on your network.
Which two actions should you perform? Each correct answer presents part of the solution.
  1. A
    Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk computers. Set the power scheme to Active by using POWERCFG /S.
  2. B
    Use POWERCFG /X on one help desk computer to modify the power scheme to meet the requirements. Export the power scheme by using POWERCFG / EXPORT.
  3. C
    Use POWERCFG /S on one help desk computer to modify the power scheme to meet the requirements. Export the power scheme by using POWERCFG / EXPORT.
  4. D
    Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk computers. Set the power scheme to Active by using POWERCFG /X.

Correct Answer:
AB
You can use the Powercfg.exe tool to control power settings and configure computers to default to Hibernate or Standby modes.
In this question, we use POWERCFG /X on one help desk computer to modify the power scheme to meet our requirements. After configuring the required settings, we can export the power scheme settings to a file by using POWERCFG /EXPORT.
We can then import the power scheme from the file on each of the remaining help desk computers by using POWERCFG /IMPORT. After importing the power scheme on the remaining computers, we need to set the new power scheme to be the active power scheme by using POWERCFG /S.
References: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/powercfg-command-line-options

Question #12
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform
Module (TPM) chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.
  1. A
    Enable the Require additional authentication at startup policy setting.
  2. B
    Enable the Enforce drive encryption type on operating system drives policy setting.
  3. C
    Enable the option to allow BitLocker without a compatible TPM.
  4. D
    Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4, and 11.

Correct Answer:
AC
We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The Allow BitLocker without a compatible TPM option is a checkbox in the Require additional authentication at startup group policy setting. To access the Allow BitLocker without a compatible TPM checkbox, you need to first select Enabled on the Require additional authentication at startup policy setting.
References:
http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

Question #13
Employees are permitted to bring personally owned portable Windows 10 Enterprise computers to the office. They are permitted to install corporate applications by using the management infrastructure agent and access corporate email by using the Mail app.
An employees personally owned portable computer is stolen.
You need to protect the corporate applications and email messages on the computer.
Which two actions should you perform? Each correct answer presents part of the solution.
  1. A
    Prevent the computer from connecting to the corporate wireless network.
  2. B
    Change the user’s password.
  3. C
    Disconnect the computer from the management infrastructure.
  4. D
    Initiate a remote wipe.

Correct Answer:
BD
The personally owned portable Windows 10 Enterprise computers being managed by the management infrastructure agent enables the use of remote wipe. By initiating a remote wipe, we can erase all company data including email from the stolen device.
Microsoft Intune provides selective wipe, full wipe, remote lock, and passcode reset capabilities. Because mobile devices can store sensitive corporate data and provide access to many corporate resources, you can issue a remote device wipe command from the Microsoft Intune administrator console to wipe a lost or stolen device.
Changing the users password should be the first step. If the stolen computer is accessed before the remote wipe happens, the malicious user could be able to access company resources if the laptop has saved passwords.
References:
https://technet.microsoft.com/en-gb/library/jj676679.aspx

Question #14
You are an IT consultant for small and mid-sized business.
One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards.
What should you do?
  1. A
    Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
  2. B
    Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
  3. C
    Ensure that each laptop and tablet can read a physical smart card.
  4. D
    Ensure that the laptops and tablets are running Windows 10 Enterprise edition.

Correct Answer:
A
A Trusted Platform Module (TPM) chip of version 1.2 or greater is required to support Virtual Smart Cards.
Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
References:
https://technet.microsoft.com/en-GB/library/dn593708.aspx

Question #15
Your network contains an Active Directory domain named contoso.com. Contoso.com is synchronized to a Microsoft Azure Active Directory. You have a Microsoft
Intune subscription.
Your company plans to implement a Bring Your Own Device (BYOD) policy. You will provide users with access to corporate data from their personal iOS devices.
You need to ensure that you can manage the personal iOS devices.
What should you do first?
  1. A
    Install the Company Portal app from the Apple App Store.
  2. B
    Create a device enrollment manager account.
  3. C
    Set a DNS alias for the enrollment server address.
  4. D
    Configure the Intune Service to Service Connector for Hosted Exchange.
  5. E
    Enroll for an Apple Push Notification (APN) certificate.

Correct Answer:
E
An Apple Push Notification service (APNs) certificate must first be imported from Apple so that you can manage iOS devices. The certificate allows Intune to manage iOS devices and institutes an accredited and encrypted IP connection with the mobile device management authority services.
References:
https://technet.microsoft.com/library/dn408185.aspx
https://technet.microsoft.com/en-us/library/dn764961.aspx
https://technet.microsoft.com/en-us/library/mt346003.aspx
https://technet.microsoft.com/en-us/library/dn646988.aspx

Question #16
You manage Microsoft Intune for a company named Contoso. Intune client computers run Windows 10 Enterprise.
You notice that there are 25 mandatory updates listed in the Intune administration console.
You need to prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Which policy template should you use?
  1. A
    Microsoft Intune Agent Settings
  2. B
    Windows Configuration Policy
  3. C
    Microsoft Intune Center Settings
  4. D
    Windows Custom Policy (Windows 10 and Windows 10 Mobile)

Correct Answer:
A
update policy setting you have to configure the Microsoft Intune setting to No would prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
References:
http://blogs.technet.com/b/windowsintune/archive/2013/01/09/policy-settings-for-mandatory-updates.aspx https://technet.microsoft.com/en-us/library/dn646989.aspx

Question #17
17 DRAG DROP
You manage Microsoft Intune for a company named Contoso. You have 200 computers that run Windows 10. The computers are Intune clients.
You need to configure software updates for the clients.
Which policy template should you use to configure each software updates setting? To answer, drag the appropriate policy templates to the correct settings. Each policy template may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Correct Answer:

 You must make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices. The system settings that can be configured using this policy include the following:
✑ Require automatic updates.
Require automatic updates Minimum classification of updates to install automatically.

✑ User Account Control.
✑ Allow diagnostic data submission.
update policy setting you have to configure and deploy a Microsoft Intune
Agent Settings policy.
References:
https://technet.microsoft.com/en-us/library/dn646968.aspx
https://technet.microsoft.com/en-us/library/mt147409.aspx

Question #18
You have an Active Directory domain named contoso.com that contains a deployment of Microsoft System Center 2012 Configuration Manager Service Pack 1
(SP1). You have a Microsoft Intune subscription that is synchronized to contoso.com by using the Microsoft Azure Active Directory Synchronization Tool (DirSync.)
You need to ensure that you can use Configuration Manager to manage the devices that are registered to your Microsoft Intune subscription.
Which two actions should you perform? Each correct answer presents a part of the solution.
  1. A
    In Microsoft Intune, create a new device enrollment manager account.
  2. B
    Install and configure Azure Active Directory Synchronization Services (AAD Sync.)
  3. C
    In Microsoft Intune, configure an Exchange Connector.
  4. D
    In Configuration Manager, configure the Microsoft Intune Connector role.
  5. E
    In Configuration Manager, create the Microsoft Intune subscription.

Correct Answer:
DE
To allow Configuration Manager to manage mobile devices in the same context as other devices, it requires you to create a Windows Intune subscription and synchronize user accounts from Active Directory to Microsoft Online. to achieve that, you are required to complete the following tasks:
✑ Sign up for a Windows Intune organizational account
✑ Add a public company domain and CNAME DNS entry
✑ Verify users have public domain User Principal Names (UPNs)
✑ If you plan to use single sign-on, deploy and configure Active Directory Federated Services (ADFS)
✑ Deploy and Configure Active Directory Synchronization
✑ Reset users Microsoft Online password If not using ADFS*
✑ Configure Configuration Manager for mobile device management
Create the Windows Intune Subscription in the Configuration Manager console

✑ Add the Windows Intune Connector Site System role
✑ Verify that Configuration Manager successfully connects to Windows Intune
References:
http://blogs.technet.com/b/configmgrteam/archive/2013/03/20/configuring-configuration-manager-sp1-to-manage-mobile-devices-using-windows-intune.aspx

Question #19
You have a Microsoft Intune subscription.
You have three security groups named Security1, Security2 and Security3. Security1 is the parent group of Security2. Security2 has 100 users.
You need to change the parent group of Security2 to be Security3.
What should you do first?
  1. A
    Edit the properties of Security1.
  2. B
    Edit the properties of Security2.
  3. C
    Delete security2.
  4. D
    Remove all users from Security2.

Correct Answer:
C
You cannot change the parent group of a security group in Microsoft Intune. You can only delete the group and recreate another group with the correct parent.
Deleting a group does not delete the users that belong to that group. Therefore, you do not need to remove the users from the group; you can just delete the group and recreate it.
References:
https://technet.microsoft.com/en-gb/library/dn646990.aspx

Question #20
HOTSPOT -
You have a network that contains Window 10 Enterprise computers.
The network configuration of one of the computers is shown in the following output.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the output.
NOTE: Each correct selection is worth one point.
Hot Area:


Correct Answer:

 The exhibit below shows that the computer obtained its IPv4 address from a DHCP server. It also shows when the DHCP lease was obtained and when it will expire.

The IPv6 address shown below starts with fe80. This is an auto-configuration address, not an address obtained from a DHCP server.

The IP address of the Default Gateway is 10.1.1.1

Previous Questions Next Questions

All Pages