MD100 Test Questions Flashcards
PC is not activated.
You need to ensure that the user can activate Computer1.
D - Use local Autopilot to RESET on C1 then activate C1
The company the following requirements:
✑ The new computers must be upgraded to Windows 10 Enterprise automatically.
✑ The new computers must be joined to Azure AD automatically when the user starts the new computers for the first time.
✑ The users must not be required to accept the End User License Agreement (EULA).
D - Use Windows Autopilot
None of the new computers are activated.
You need to activate the computers without connecting the network to the Internet.
What should you do?
B - KMS - Key Management Service
Clean upgrade - migrate users’ settings 2 actions.
DE - scanstate.exe c:\Windows.old - loadstate.exe c:\Windows
You deploy an application named Application1 to Computer1.
You need to assign credentials to Application1.
You need to meet the following requirements:
✑ Ensure that the credentials for Application1 cannot be used by any user to log on to Computer1.
✑ Ensure that the principle of least privilege is maintained.
What should you do?
B - Create a user account for Application1 and assign that user account the Deny log on locally user right
BitLocker - User needs Recovery Key
C - Go to https://account.activedirectory.windowsazure.com and view the user account profile.
C1 F1 view list of files on F1 - Provide users in Group 1 view F1 w/least privilege is maintained.
C - Assign the List folder permissions for the Folder1 folder to Group1.
✑ Log users that access C:\Folder1.
✑ Log users that modify and delete files in C:\Folder1.
A - From the properties of C:\Folder1, configure the Auditing settings.
D - From the Audit Policy in the local Group Policy, you configure Audit object access
NOTE: Files and folders are objects and are audited through object access.
Configure Computer1 to use a user account sign in automatically when the computer is started. The user must not be prompted for a username and password.
C - Edit Registry
NOTE: In the registry, add a default user name and a default password in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon sbukey.
BitLocker - Enabled on client PC’s even though TPM chip is only installed a some of them - By GPO
C -
1. Enable the Require additional authentication at startup policy setting.
2. Select the Allow BitLocker without a compatible TPM check box.
You need to view the IP addresses of any remote computer that Computer1 has an active TCP connection to. Should you do?
C - In Windows Administrative Tools, open Resource Monitor.
Bootmgr is missing.
You need to be able to start Computer1.
A - Start the computer in recovery mode and run the bootrec /rebuildbcd command.
Mobile Devices - Windows updates may only be download when mobile devices are connected to Wi-Fi. ✑ Access to email and the Internet must be possible at all times.
B - Open the Setting app and select Network & Internet.
Then select Change connection properties and set the Metered connection option for cellular network connections to On.
You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then enable archiving for Folder1.
B - No
NOTES: File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.
You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then encrypt the contents of Folder1
B - No
NOTES: File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.
You need to configure Computer1to receive preview builds of Windows 10 as soon as they are available.
You open the Update & Security section in the Settings app.
Windows Insider Program
You want to use Event Viewer on Computer1 to view the event logs on Computer2.
C -
1. On Computer1
2. Log on as a domain administrator.
3. Open Event Viewer
4. Select the Connect to another computer option.
You need to apply the custom Start layout to the domain-joined computers. The solution must minimize administrative effort.
Which three actions should you perform in sequence?
- Export layout to a PPKG file
- Copy to the layout file to a network share
- Create GPO and configure the Start Layout settings
- Uses Microsoft Edge as the default browser
- Minimizes the attack surface of the computer
- Supports joining Microsoft Azure Active Directory (Azure AD)
- Only allows the installation of applications from the Microsoft Store
A - Windows 10 Pro in S mode
NOTES: Windows 10 in S mode is a version of Windows 10 that’s streamlined for security and performance, while providing a familiar Windows experience. To increase security, it allows only apps from the Microsoft Store, and requires Microsoft Edge for safe browsing.
Azure AD Domain join is available for Windows 10 Pro in S mode and Windows 10 Enterprise in S mode. It’s not available in Windows 10 Home in S mode.
On Computer1, you perform a clean installation of Windows 10 without formatting the drives.
You need to migrate the settings of User1 from Windows 8.1 to Windows 10.
ScanState.exe c:\Windows.old subfolders
LoadState.exe c:\Windows subfolders
NOTE: USMT includes these two tools
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.
B - No
NOTES: Configuring Application1 to sign in as the LocalSystem account would ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop on Computer1. However, this does not use the principle of least privilege. The LocalSystem account has full access to the system. Therefore, this solution does not meet the goal.
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on locally user right.
A - Yes
NOTES: By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right.
You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on as a service user right.
B - No
NOTES: A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function.
To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right.
A user named User1 purchases a new computer and joins the computer to Azure AD.
User1 is not able to use Windows Hello for Business on his computer. User1 sign-in options are shown on the exhibit. (Click the Exhibit tab.)
A - Purchase an infrared (IR) camera.
MDT - Microsoft Deployment Kit - You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.
What are two possible ways to achieve this goal?
C - Add a custom command to the Unattend.xml file
E - Add a task sequence step that runs dism.exe.
NOTES: A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question.
The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe.
To add Hyper-V using dism.exe, you would run the following dism command:
DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V
Your company purchases a Microsoft 365 subscription.
You need to migrate the Documents folder of users to Microsoft OneDrive for Business.
What should you configure?
A - One Drive Group Policy settings
NOTES: You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365.
User1 creates a Microsoft account.
User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.
Which settings should User1 configure?
B - Email & app accounts in the Settings app
NOTES: Open the Setting app, select Accounts then select Email and accounts. Here you can add accounts for the cloud resources and configure the login credentials for the accounts. If you configure the accounts with the login credentials of the Microsoft account, you wonג€™t be prompted for credentials when you open the apps.
The computer fails to activate.
You suspect that the activation server has an issue.
You need to identify which server hosts KMS.
How should you complete the command?
Type: NSLookup.exe
_vlmcs._tcp.Adatum.com - SRV
You sign in to Computer1 and create a user named User1.
You create a file named LayoutModification.xml in the C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\folder. LayoutModification.xml contains the following markup.
You sign in to Computer1 - taskbar contains - Defaults apps only
User1 to Computer1 - Default apps and MS Paint