Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MD-100 > MD-100 > Flashcards

MD-100 Flashcards

1
Q

Your company has several mobile devices that run Windows 10.
You need configure the mobile devices to meet the following requirements:
Windows updates may only be download when mobile devices are connect to Wi-Fi.
Access to email and the Internet must be possible at all times.
What should you do?

A. Open the Setting app and select Update & Security. Then select and configure Change active hours.
B. Open the Setting app and select Network & Internet. Then select Change connection properties, and set the Metered connection option for cellular network connections to On.
C. Open the Setting app and select Network & Internet. Then select Data Usage and set a data limit.
D. Open the Setting app and select Update & Security. Then select and configure Delivery Optimization.

A

B. Open the Setting app and select Network & Internet. Then select Change connection properties, and set the Metered connection option for cellular

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have a computer named Computer1. Computer1 runs Windows 10 Pro.
You have a mobile device. You use Bluetooth to pair the mobile device to Computer1.
You want to enable dynamic lock on Computer1.
What should you do?
To complete this task, sign in to the required computer or computers.

A
  1. On Computer1, select the Start button > Settings > Accounts > Sign-in options.
  2. Under Dynamic lock, select the Allow Windows to automatically lock your device when you’re away check box.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SIMULATION -
You have a computer named Computer1. Computer1 runs Windows 10 Pro. Computer1 has a cellular connection and a Wi-Fi connection.
You want to prevent Computer1 from using the cellular connection unless a you manually connects to the cellular network.
What should you do?
To complete this task, sign in to the required computer or computers.

A
  1. Select the Network icon on the lower right corner of the taskbar, and then select the cellular network icon.
  2. Clear the Let Windows manage this connection check box.
    Reference:
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have a computer named Computer1. Computer1 runs Windows 10 Pro.Computer1 is experiencing connectivity issues.You need to view the IP addresses of any remote computer that Computer1 has an active TCP connection to.
Should you do?
A. In Windows Administrative Tools, open Performance Monitor.
B. In the Control Panel, open Network and Internet. Then select Network and Sharing Center.
C. In Windows Administrative Tools, open Resource Monitor.
D. In the Setting app, open Update and Security. Then open Windows Security and select Firewall and Network protection.

A

C. In Windows Administrative Tools, open Resource Monitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your company has an on-premises network that contains an Active Directory domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). All computers in the domain run Windows 10 Enterprise.
You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then encrypt the contents of Folder1.
Does this meet the goal?
A. Yes
B. No

A

Correct Answer: B NO
File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders. https://support.microsoft.com/en-us/help/17128/windows-8-file-history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HOTSPOT -
You have a computer named Computer1. Computer1 runs Windows 10 Pro. You want to use Computer1to test new Windows features.
You need to configure Computer1to receive preview builds of Windows 10 as soon as they are available.
You open the Update & Security section in the Settings app.
What should you configure? To answer, select the appropriate options in the answer area.
Hot Area:

A

Windows Inside program

https://insider.windows.com/en-us/getting-started/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your network contains an Active Directory domain. All users have been issued with new computers that run Windows 10 Enterprise. All users have Microsoft 365
E3 licenses.
A user named Mia Hamm has an Active Directory user account named MHamm and a computer named Computer1. Mia Hamm reports that Computer1 is not activated.
You need to ensure that Mia Hamm can activate Computer1.
What should you do?

A. Assign a Windows 10 Enterprise license to MHamm, and then activate Computer1.
B. From the Microsoft Deployment Toolkit (MDT), redeploy Computer1.
C. From System Properties on Computer1, enter a Volume License Key, and then activate Computer1.
D. Instruct Mia Hamm to perform a local AutoPilot Reset on Computer1, and then activate Computer1.

A

D. Instruct Mia Hamm to perform a local AutoPilot Reset on Computer1, and then activate Computer1.

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing https://docs.microsoft.com/en-us/intune-education/autopilot-reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.
The company plans to purchase computers preinstalled with Windows 10 Pro for all users.
The company the following requirements:
✑ The new computers must be upgraded to Windows 10 Enterprise automatically.
✑ The new computers must be joined to Azure AD automatically when the user starts the new computers for the first time.
✑ The users must not be required to accept the End User License Agreement (EULA).
You need to deploy the new computers.
What should you do?

A. Make use of the wipe and load refresh deployment method.
B. Perform in-place upgrade on the new computers.
C. Provide provisioning packages for the new computers.
D. Make use of Windows Autopilot.

A

D. Make use of Windows Autopilot.

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company is not connected to the internet. The company purchases several new computers with Windows 10 Pro for its users.
None of the new computers are activated.
You need to activate the computers without connecting the network to the Internet.
What should you do?

A. Make use of the Volume Activation Management Tool (VAMT).
B. Make use of the Key Management Service (KMS).
C. Make use of the Windows Process Activation Service.
D. Run the Get-WmiObject -query cmdlet.

A

B. Make use of the Key Management Service (KMS).

https://docs.microsoft.com/en-us/windows/deployment/volume-activation/activate-using-key-management-service-vamt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your network contains an Active Directory domain. All users have been issued with computers that run Windows 8.1.
A user named Mia Hamm has a computer named Computer1. You upgrade Computer1 to Windows 10 by performing a clean installation of Windows 10 without formatting the drives.
You need to migrate the settings for Mia Hamm from Windows 8.1 to Windows 10.
Which two actions should you perform?
NOTE: Each correct selection is worth one point.

A. Run scanstate.exe and specify the C:\Users folder
B. Run loadstate.exe and specify the C:\Windows.old folder
C. Run usmultils.exe and specify the C:\Users folder
D. Run scanstate.exe and specify the C:\Windows.old folder
E. Run loadstate.exe and specify the C:\Users folder
F. Run usmultils.exe and specify the C:\Windows.old folder

A

D. Run scanstate.exe and specify the C:\Windows.old folder
E. Run loadstate.exe and specify the C:\Users folder

https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-how-it-works https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-common-migration-scenarios#bkmk-fourpcrefresh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have a computer named Computer1 that runs Windows 10.
You deploy an application named Application1 to Computer1.
You need to assign credentials to Application1.
You need to meet the following requirements:
✑ Ensure that the credentials for Application1 cannot be used by any user to log on to Computer1.
✑ Ensure that the principle of least privilege is maintained.
What should you do?
A. Configure Application1 to sign in as the Local System account and select the Allow service to interact with desktop check box.
B. Create a user account for Application1 and assign that user account the Deny log on locally user right
C. Create a user account for Application1 and assign that user account the Deny log on as a service user right
D. Configure Application1 to sign in as the Local Service account and select the Allow service to interact with desktop check box.

A

Correct Answer: B
By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. All users have been issued with laptop computers as well as desktop computers that run Windows 10 Enterprise. All users have Microsoft 365 E3 licenses.
A user named Mia Hamm informs you that she must perform a BitLocker recovery on her laptop but she does not have her BitLocker recovery key.
You need to ensure that Mia Hamm can perform a BitLocker recovery on her laptop.
What should you do?

A. Instruct Mia Hamm to log on to her desktop computer and run the repair-bde.exe command.

B. Instruct Mia Hamm to use the BitLocker Recovery
Password Viewer to view the computer object of the laptop.

C. Instruct Mia Hamm to log on to her desktop computer and go to https://account.activedirectory.windowsazure.com and view the user account profile.

D. Instruct Mia Hamm to run the Enable-BitLocker cmdlet on her laptop.

A

Correct Answer: C
The BitLocker recovery key is stored in Azure Active Directory.

Reference:
https://celedonpartners.com/blog/storing-recovering-bitlocker-keys-azure-active-directory/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company has an on-premises network that contains an Active Directory domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). All computers in the domain run Windows 10 Enterprise.
You have a computer named Computer1 that has a folder named Folder1.
You must provide users in group named Group1 with the ability to view the list of files in Folder1. Your solution must ensure that the principle of least privilege is maintained.
What should you do?

A. Assign the Full control permissions for the Folder1 folder to Group1.
B. Assign the Read permissions for the Folder1 folder to Group1.
C. Assign the List folder permissions for the Folder1 folder to Group1.
D. Assign the Take ownership permissions for the Folder1 folder to Group1.

A

C. Assign the List folder permissions for the Folder1 folder to Group1.

https://www.online-tech-tips.com/computer-tips/set-file-folder-permissions-windows/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have a computer named Computer1 that runs Windows 10.
Computer1 has a folder named C:\Folder1.
You need to meet the following requirements:
✑ Log users that access C:\Folder1.
✑ Log users that modify and delete files in C:\Folder1.
Which two actions should you perform?

A. From the properties of C:\Folder1, configure the Auditing settings.
B. From the properties of C:\Folder1, select the Encryption contents to secure data option.
C. From the Audit Policy in the local Group Policy, configure Audit directory service access.
D. From the Audit Policy in the local Group Policy, you configure Audit object access.
E. From the Audit Policy in the local Group Policy, you configure Audit system events.

A

Correct Answer: AD
Files and folders are objects and are audited through object access.
Reference:
https://www.netwrix.com/how_to_detect_who_changed_file_or_folder_owner.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has a computer named Computer1 that runs Windows 10. Computer1 is used to provide guests with access to the Internet. Computer1 is a member of a workgroup.
You want to configure Computer1 to use a user account sign in automatically when the the computer is started. The user must not be prompted for a user name and password.
What should you do?

A. Configure Group Policy preferences.
B. Run the BCDBoot command.
C. Edit the Registry.
D. Run the MSConfig command.

A

Correct Answer: C
In the registry, add a default user name and a default password in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon sbukey.

Reference:
https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SIMULATION -
You have a computer named Computer1 that runs Windows 10.
Computer1 has a folder named C:\Folder1.
You need to meet the following requirements:
✑ Provide a user named Jon Ross with the ability to modify the permissions of C:\Folder1.
✑ Ensure that the principle of least privilege is maintained.
What should you do?
To complete this task, sign in to the required computer or computers.

A
  1. In Windows Explorer, right-click the C:\Folder1 folder, and then click Properties.
  2. Click on the Security tab, and then click Edit.
  3. In the Permissions dialog box, add Jon Ross.
  4. Specify the Allow Modify permissions for the Jon Ross.
  5. Click OK twice to close the Security dialog box.
  6. Click OK twice to close the Properties dialog box.

Reference:
https://docs.microsoft.com/en-us/iis/web-hosting/configuring-servers-in-the-windows-web-platform/configuring-share-and-ntfs-permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your network contains an Active Directory domain. The domain contains computers that run Windows 10.
You must ensure that Windows BitLocker Drive Encryption is enabled on all client computers, even though a Trusted Platform Module (TPM) chip is installed in only some of them.
You need to accomplish this goal by using one Group Policy object (GPO).
What should you do?

A. Enable the Allow enhanced PINs for startup policy setting, and select the Allow BitLocker without a compatible TPM check box.
B. Enable use of BitLocker authentication requiring preboot keyboard input on slates policy setting, and select the Allow BitLocker without a compatible TPM check box.
C. Enable the Require additional authentication at startup policy setting, and select the Allow BitLocker without a compatible TPM check box.
D. Enable the Control use of BitLocker on removable drives policy setting, and select the Allow BitLocker without a compatible TPM check box.

A

Correct Answer: C
We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The “Allow BitLocker without a compatible TPM” option is a checkbox in the “Require additional authentication at startup” group policy setting. To access the “Allow BitLocker without a compatible TPM” checkbox, you need to first select Enabled on the “Require additional authentication at startup” policy setting.

Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-unlockpol4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SIMULATION -
You have a computer named Computer1. Computer1 runs Windows 10 Pro.
You have a mobile device. You use Bluetooth to pair the mobile device to Computer1.
You want to enable dynamic lock on Computer1.
What should you do?
To complete this task, sign in to the required computer or computers.

A
  1. On Computer1, select the Start button > Settings > Accounts > Sign-in options.
  2. Under Dynamic lock, select the Allow Windows to automatically lock your device when you’re away check box.
    Reference:
    https://support.microsoft.com/en-za/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have a computer named Computer1. Computer1 runs Windows 10 Pro.
You attempt to start Computer1 but you receive the following error message:
Bootmgr is missing.
You need to be able to start Computer1.
What should you do?

A. Start the computer in recovery mode and run the bootrec /rebuildbcd command.
B. Start the computer in recovery mode and run the diskpart /repair command.
C. Start the computer in recovery mode and run the bcdboot /s command.
D. Start the computer in recovery mode and run the bootcfg /debug command.

A

Correct Answer: A
Reference:
https://neosmart.net/wiki/bootmgr-is-missing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Your company has an on-premises network that contains an Active Directory domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). All computers in the domain run Windows 10 Enterprise.
You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then encrypt the contents of Folder1.
Does this meet the goal?
A. Yes
B. No

A

Correct Answer: B
File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.
Reference:
https://support.microsoft.com/en-us/help/17128/windows-8-file-history

21
Q

Your company has an on-premises network that contains an Active Directory domain. The domain is synced to Microsoft Azure Active Directory (Azure AD). All computers in the domain run Windows 10 Enterprise.
You are logged on as the local administrator on a Computer named Computer1.
A user named Mia Hamm has a computer named Computer2. Mia Hamm reports that she is experiencing problems with Computer2.
You want to use Event Viewer on Computer1 to view the event logs on Computer2.
What should you do?

A. On Computer1, run the Connect-WSMan -ComputerName “Computer1” cmdlet.
B. On Computer1, run the Get-Eventlog -List -ComputerName “Computer1” cmdlet.
C. On Computer1, log on as a domain administrator, then open Event Viewer and select the Connect to another computer ג€¦ option.
D. On Computer1, open the Windows Defender Firewall and enable the Remote Event Log Management inbound rule.

A

Correct Answer: C
You are logged on as a local administrator. You need the required permissions to access Event Viewer logs on all remote Windows computers.
Reference:
https://docs.microsoft.com/en-us/windows/win32/winrm/about-windows-remote-management

22
Q

You plan to deploy Windows 10 to 100 secure computers.
You need to select a version of Windows 10 that meets the following requirements:
✑ Uses Microsoft Edge as the default browser
✑ Minimizes the attack surface of the computer
✑ Supports joining Microsoft Azure Active Directory (Azure AD)
✑ Only allows the installation of applications from the Microsoft Store
What is the best version to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. Windows 10 Pro in S mode
B. Windows 10 Home in S mode
C. Windows 10 Pro
D. Windows 10 Enterprise

A

Correct Answer: A
Windows 10 in S mode is a version of Windows 10 that’s streamlined for security and performance, while providing a familiar Windows experience. To increase security, it allows only apps from the Microsoft Store, and requires Microsoft Edge for safe browsing.
Azure AD Domain join is available for Windows 10 Pro in S mode and Windows 10 Enterprise in S mode. It’s not available in Windows 10 Home in S mode.
References:
https://support.microsoft.com/en-gb/help/4020089/windows-10-in-s-mode-faq

23
Q

DRAG DROP -
You have a computer named Computer1 that runs Windows 8.1. Computer1 has a local user named User1 who has a customized profile.
On Computer1, you perform a clean installation of Windows 10 without formatting the drives.
You need to migrate the settings of User1 from Windows 8.1 to Windows 10.
Which two actions should you perform? To answer, drag the appropriate actions to the correct targets. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

A

The User State Migration Tool (USMT) includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer. In this case the source and destination will be the same computer.
As we have performed a clean installation of Windows 10 without formatting the drives, User1ג€™s customized Windows 8.1 user profile will be located in the
\Windows.old folder. Therefore, we need to run scanstate.exe on the \Windows.old folder.
User1ג€™s Windows 10 profile will be in the C:\Users folder so we need to run loadstate.exe to apply the changes in the C:\Users folder.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/usmt/offline-migration-reference https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-how-it-works https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-common-migration-scenarios#bkmk-fourpcrefresh

24
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows10.
A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.
Does this meet the goal?
A. Yes
B. No

A

Correct Answer: B
Configuring Application1 to sign in as the LocalSystem account would ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop on Computer1. However, this does not use the principle of least privilege. The LocalSystem account has full access to the system. Therefore, this solution does not meet the goal.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally

25
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on locally user right.
Does this meet the goal?

A. Yes
B. No

A

Correct Answer: A
By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right.
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally

26
Q

You have a computer named Computer1 that runs Windows 10.
A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on as a service user right.
Does this meet the goal?
A. Yes
B. No

A

Correct Answer: B
A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function.
To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right.
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service

27
Q

You have a Microsoft Azure Active Directory (Azure AD) tenant.
Some users sign in to their computer by using Windows Hello for Business.
A user named User1 purchases a new computer and joins the computer to Azure AD.
User1 is not able to use Windows Hello for Business on his computer. User1 sign-in options are shown on the exhibit. (Click the Exhibit tab.)

You open Device Manager and confirm that all the hardware works correctly.
You need to ensure that User1 can use Windows Hello for Business facial recognition to sign in to the computer.
What should you do first?
A. Purchase an infrared (IR) camera.
B. Upgrade the computer to Windows 10 Enterprise.
C. Enable UEFI Secure Boot.
D. Install a virtual TPM driver.

A

Correct Answer: A
Windows Hello facial recognition requires an infrared (IR) camera. If your device does not have an infrared camera (or any other biometric device such as a fingerprint scanner), you will see the message shown in the exhibit. The question states that Device Manager shows all hardware is working properly. Therefore, it is not the case that the computer has an IR camera but it isnג€™t working properly. The problem must be that the computer does not have an IR camera.
Incorrect Answers:
B: Windows 10 Enterprise is not required for Windows Hello. Windows Hello also works on Windows 10 Pro.
C: UEFI Secure Boot is not required for Windows Hello.
D: A virtual TPM driver is not required for Windows Hello.
References:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide

28
Q

Your company uses Microsoft Deployment Toolkit (MDT) to deploy Windows 10 to new computers.
The company purchases 1,000 new computers.
You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Add a task sequence step that adds a provisioning package.
B. In a Group Policy object (GPO), from Computer Configuration, configure Application Control Policies.
C. Add a custom command to the Unattend.xml file.
D. Add a configuration setting to Windows Deployment Services (WDS).
E. Add a task sequence step that runs dism.exe.

A

Correct Answer: CE
A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question.
The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe.
To add Hyper-V using dism.exe, you would run the following dism command:
DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V
References:
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image https://mdtguy.wordpress.com/2016/09/14/mdt-fundamentals-adding-features-using-dism-from-within-the-task-sequence/ https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v

29
Q

Your network contains an Active Directory domain that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.
Your company purchases a Microsoft 365 subscription.
You need to migrate the Documents folder of users to Microsoft OneDrive for Business.
What should you configure?

A. One Drive Group Policy settings
B. roaming user profiles
C. Enterprise State Roaming
D. Folder Redirection Group Policy settings

A

Correct Answer: A
You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365.
Importing the OneDrive group policy template files into Group Policy adds OneDrive related settings that you can configure in your Group Policy.
One of the group policy settings enables you to redirect ג€Known Foldersג€ to OneDrive for business. Known folders are Desktop, Documents, Pictures,
Screenshots, and Camera Roll.
There are two primary advantages of moving or redirecting Windows known folders to OneDrive for the users in your domain:
✑ Your users can continue using the folders they’re familiar with. They don’t have to change their daily work habits to save files to OneDrive.
✑ Saving files to OneDrive backs up your users’ data in the cloud and gives them access to their files from any device.
References:
https://docs.microsoft.com/en-us/onedrive/redirect-known-folders?redirectSourcePath=%252fen-us%252farticle%252fredirect-windows-known-folders-to- onedrive-e1b3963c-7c6c-4694-9f2f-fb8005d9ef12

30
Q

Your network contains an Active Directory domain. The domain contains a user named User1.
User1 creates a Microsoft account.
User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.
Which settings should User1 configure?

A. User Accounts in Control Panel
B. Email & app accounts in the Settings app
C. Users in Computer Management
D. Users in Active Directory Users and Computers

A

Correct Answer: B
Open the Setting app, select Accounts then select Email and accounts. Here you can add accounts for the cloud resources and configure the login credentials for the accounts. If you configure the accounts with the login credentials of the Microsoft account, you wonג€™t be prompted for credentials when you open the apps.
References:
https://support.microsoft.com/en-za/help/4028195/microsoft-account-how-to-sign-in

31
Q

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a workgroup computer named Computer1 that runs Windows 10.
You need to add Computer1 to contoso.com.
What should you use?

A. Computer Management
B. dsregcmd.exe
C. the Settings app
D. netdom.exe

A

Correct Answer: C
You join a computer to a domain, including an Azure AD domain in the Settings panel in Windows 10, under System->About
References:
https://aadguide.azurewebsites.net/aadjoin/

32
Q

You have a computer that runs Windows 10.
You need to configure a picture password.
What should you do?

A. From Control Panel, configure the User Accounts settings.
B. From the Settings app, configure the Sign-in options.
C. From the Local Group Policy Editor, configure the Account Policies settings.
D. From Windows PowerShell, run the Set-LocalUser cmdlet and specify the InputObject parameter.

A

Correct Answer: B

33
Q

You have a workgroup computer named Computer1 that runs Windows 10.
You need to configure Windows Hello for sign-in to Computer1 by using a physical security key.
What should you use?

A. a USB 3.0 device that supports BitLocker Drive Encryption (BitLocker)
B. a USB device that supports FIDO2
C. a USB 3.0 device that has a certificate from a trusted certification authority (CA)
D. a USB device that supports RSA SecurID

A

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/user-help/security-info-setup-security-key

34
Q

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 10.
The domain contains the users shown in the following table.
Computer1 has the local users shown in the following table.

All users have Microsoft accounts.
Which two users can be configured to sign in by using their Microsoft account? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

**Important to note the solution**
A. User1
B. User2
C. User3
D. User4
E. User5
A 
correct answer (D,E)
Domain Users cannot use a Microsoft account to log on.
35
Q

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. From Windows 8.1 on Computer1, you run setup.exe from the network share.
Does this meet the goal?

A. Yes
B. No

A

Correct Answer: A

36
Q

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a Microsoft Deployment Toolkit (MDT) deployment share. You create a task sequence, and then you run the MDT deployment wizard on Computer1.
Does this meet the goal?

A. Yes
B. No

A

Correct Answer: A
Reference:
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit

37
Q

Your network contains an Active Directory domain. The domain contains a computer named Computer1 that runs Windows 8.1.
Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You add Windows 10 startup and install images to a Windows Deployment Services (WDS) server. You start Computer1 by using WDS and PXE, and then you initiate the Windows 10 installation.
Does this meet the goal?

A. Yes
B. No

A

Correct Answer: B

Use Microsoft Deployment Toolkit (MDT) instead.

38
Q

our company deploys Windows 10 Enterprise to all computers. All the computers are joined to Microsoft Azure Active Directory (Azure AD).
The company purchases a new computer for a new user and creates an Azure AD account for the user.
The user signs in to the computer by using the Azure AD account. The user discovers the activation error shown in the following exhibit.

You need to activate Windows 10 Enterprise on the computer.
What should you do?

A. In Azure AD, assign a Windows 10 Enterprise license to the user.
B. At the command prompt, run slmgr /ltc.
C. Reinstall Windows as Windows 10 Enterprise.
D. At the command prompt, run slmgr /ato.

A

A is the correct answer

A. In Azure AD, assign a Windows 10 Enterprise license to the user. ( YES,Correct anwser. Need to upgrade from Win 10 Pro to Ent)
B. At the command prompt, run slmgr /ltc. ( NO. List valid token-based activation certificates that can activate installed software.)
C. Reinstall Windows as Windows 10 Enterprise. ( NO. Reinstall wont assign any licesne)
D. At the command prompt, run slmgr /ato. ( NO. ato will activate the same license and it won’t upgrade to Ent)

https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation

39
Q

You have a computer named Computer1 that runs Windows 10.
Several users have signed in to Computer1 and have a profile.
You create a taskbar modification file named LayoutModification.xml.
You need to ensure that LayoutModification.xml will apply to all users who sign in to Computer1.
To which folder should you copy LayoutModification.xml?

A. C:\Users\Public\Public Desktop
B. C:\Windows\ShellExperiences
C. C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\
D. C:\Windows\System32\Configuration

A

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/windows/configuration/start-layout-xml-desktop

40
Q

HOTSPOT -
Your company uses a Key Management Service (KMS) to activate computers that run Windows 10.
A user works remotely and establishes a VPN connection once a month.
The computer of the user fails to be activated.
Which command should you run on the computer to initiate activation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

A

To activate online, type slmgr.vbs /ato.
Reference:

https://docs.microsoft.com/en-us/windows/deployment/volume-activation/activate-using-key-management-service-vamt https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502540(v=ws.11)

41
Q

HOTSPOT -
You have a server named Server1 and computers that run Windows 8.1. Server1 has the Microsoft Deployment Toolkit (MDT) installed.
You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard.
You need to create a deployment share on Server1.
What should you do on Server1, and what are the minimum components you should add to the MDT deployment share? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

A

Box 1: Install the Windows ADK -

Box 2: Add Windows 10 image and create a task sequence to upgrade to Windows 10.

42
Q

You are preparing to deploy Windows 10.
You download and install the Windows Assessment and Deployment Kit (Windows ADK).
You need to create a bootable WinPE USB drive.
What should you do first?

A. Run the MakeWinPEMedia command.
B. Download and install Windows Configuration Designer.
C. Run the WPEUtil command.
D. Download and install the WinPE add-on.

A

Correct Answer: D
WinPE used to be included in the Windows ADK. However, it is now provided as an add-on so the first step is to download and install the add-on.
References:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install

43
Q

HOTSPOT -
You have the computers shown in the following table.

You need to identify which computers support the features.
✑ BitLocker Drive Encryption (BitLocker)
✑ Microsoft Application Virtualization (App-V)
Which computers support the features? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

A

BitLocker Drive Encryption (BitLocker). W10 pro, Enterprise and pro wks support bitlocks

Microsoft Application Virtualization (App-V) - only W10 Enterprise supports

44
Q 
On which computers can you perform an in-place upgrade to Windows 10 Enterprise?
A. Computer3 only
B. Computer2 and Computer3 only
C. Computer2 only
D. Computer1, Computer2, and Computer3
A

Answer is D

In place upgrades to W10 Enterprise support by Windows 8.1, W10 pro and W10 pro for WKS

45
Q

You have a workgroup computer named Computer1 that runs You have a workgroup computer named Computer1 that runs Windows 10. Computer1 contains five local user accounts.

You need to ensure that all users who sign in to Computer1 see a picture named Image1.jpg as the desktop background.

What should you do?
a From the Settings app, modify the Background settings.
b From the Local Group Policy Editor, modify the Desktop settings.
c Rename Image1.jpg as Desktop.jpg and copy the picture to the C:\Windows\system32\ folder.
d Rename Image1.jpg as Desktop.jpg and copy the picture to the C:\Users\Default\Desktop folder.

A

Correct Answer: B From the Local Group Policy Editor, modify the Desktop settings.
References:
https://www.top-password.com/blog/set-a-default-background-wallpaper-for-windows-10-desktop/

46
Q

You install Windows 10 Enterprise on a new computer.
You need to force activation on the computer.
Which command should you run?

A. slmgr /upk
B. Set-RDLicenseConfiguration -Force
C. Set-MsolLicense -AddLicense
D. slmgr /ato

A

Correct Answer: D
References:
https://docs.microsoft.com/en-us/windows/deployment/volume-activation/activate-using-key-management-service-vamt

47
Q

You install Windows 10 Pro on a computer named CLIENT1.
You need to ensure that all per-user services are disabled on CLIENT1. The solution must minimize administrative effort.
What should you use?
A. a Group Policy administrative template
B. Device Manager
C. Task Manager
D. Group Policy preferences

A

Correct Answer: D
References:
https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows

48
Q

You plan to install Windows 10 Pro by using an answer file.
You open Windows System Image Manager.
You need to create an answer file.
What should you do first?

A. Open the Install.wim file from the Windows 10 installation media.
B. Open the Boot.wim file from the Windows 10 installation media.
C. Install the WinPE add-on for the Windows Assessment and Deployment Kit (Windows ADK).
D. Install the Windows Assessment and Deployment Kit (Windows ADK).

A

Correct Answer: C

MD-100 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions