MD100 Test Questions

Question 1

PC is not activated.
You need to ensure that the user can activate Computer1.

Answer 1

D - Use local Autopilot to RESET on C1 then activate C1

Question 2

The company the following requirements:
✑ The new computers must be upgraded to Windows 10 Enterprise automatically.
✑ The new computers must be joined to Azure AD automatically when the user starts the new computers for the first time.
✑ The users must not be required to accept the End User License Agreement (EULA).

Answer 2

D - Use Windows Autopilot

Question 3

None of the new computers are activated.
You need to activate the computers without connecting the network to the Internet.
What should you do?

Answer 3

B - KMS - Key Management Service

Question 4

Clean upgrade - migrate users’ settings 2 actions.

Answer 4

DE - scanstate.exe c:\Windows.old - loadstate.exe c:\Windows

Question 5

You deploy an application named Application1 to Computer1.
You need to assign credentials to Application1.
You need to meet the following requirements:
✑ Ensure that the credentials for Application1 cannot be used by any user to log on to Computer1.
✑ Ensure that the principle of least privilege is maintained.
What should you do?

Answer 5

B - Create a user account for Application1 and assign that user account the Deny log on locally user right

Question 6

BitLocker - User needs Recovery Key

Answer 6

C - Go to https://account.activedirectory.windowsazure.com and view the user account profile.

Question 7

C1 F1 view list of files on F1 - Provide users in Group 1 view F1 w/least privilege is maintained.

Answer 7

C - Assign the List folder permissions for the Folder1 folder to Group1.

Question 8

✑ Log users that access C:\Folder1.
✑ Log users that modify and delete files in C:\Folder1.

Answer 8

A - From the properties of C:\Folder1, configure the Auditing settings.
D - From the Audit Policy in the local Group Policy, you configure Audit object access
NOTE: Files and folders are objects and are audited through object access.

Question 9

Configure Computer1 to use a user account sign in automatically when the computer is started. The user must not be prompted for a username and password.

Answer 9

C - Edit Registry
NOTE: In the registry, add a default user name and a default password in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon sbukey.

Question 10

BitLocker - Enabled on client PC’s even though TPM chip is only installed a some of them - By GPO

Answer 10

C -
1. Enable the Require additional authentication at startup policy setting.
2. Select the Allow BitLocker without a compatible TPM check box.

Question 11

You need to view the IP addresses of any remote computer that Computer1 has an active TCP connection to. Should you do?

Answer 11

C - In Windows Administrative Tools, open Resource Monitor.

Question 12

Bootmgr is missing.
You need to be able to start Computer1.

Answer 12

A - Start the computer in recovery mode and run the bootrec /rebuildbcd command.

Question 13

Mobile Devices - Windows updates may only be download when mobile devices are connected to Wi-Fi. ✑ Access to email and the Internet must be possible at all times.

Answer 13

B - Open the Setting app and select Network & Internet.
Then select Change connection properties and set the Metered connection option for cellular network connections to On.

Question 14

You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then enable archiving for Folder1.

Answer 14

B - No
NOTES: File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.

Question 15

You have a computer named Computer1 that has a folder named C:\Folder1.
You want to use File History to protect C:\Folder1.
Solution: You enable File History on Computer1. You then encrypt the contents of Folder1

Answer 15

B - No
NOTES: File History only backs up copies of files that are in Libraries, and Desktop folders and the OneDrive files available offline on your PC. If you have files or folders elsewhere that you want backed up, you can add them to one of these folders.

Question 16

You need to configure Computer1to receive preview builds of Windows 10 as soon as they are available.
You open the Update & Security section in the Settings app.

Answer 16

Windows Insider Program

Question 17

You want to use Event Viewer on Computer1 to view the event logs on Computer2.

Answer 17

C -
1. On Computer1
2. Log on as a domain administrator.
3. Open Event Viewer
4. Select the Connect to another computer option.

Question 18

You need to apply the custom Start layout to the domain-joined computers. The solution must minimize administrative effort.
Which three actions should you perform in sequence?

Answer 18

1. Export layout to a PPKG file
2. Copy to the layout file to a network share
3. Create GPO and configure the Start Layout settings

Question 19

• Uses Microsoft Edge as the default browser
• Minimizes the attack surface of the computer
• Supports joining Microsoft Azure Active Directory (Azure AD)
• Only allows the installation of applications from the Microsoft Store

Answer 19

A - Windows 10 Pro in S mode
NOTES: Windows 10 in S mode is a version of Windows 10 that’s streamlined for security and performance, while providing a familiar Windows experience. To increase security, it allows only apps from the Microsoft Store, and requires Microsoft Edge for safe browsing.
Azure AD Domain join is available for Windows 10 Pro in S mode and Windows 10 Enterprise in S mode. It’s not available in Windows 10 Home in S mode.

Question 20

On Computer1, you perform a clean installation of Windows 10 without formatting the drives.
You need to migrate the settings of User1 from Windows 8.1 to Windows 10.

Answer 20

ScanState.exe c:\Windows.old subfolders
LoadState.exe c:\Windows subfolders
NOTE: USMT includes these two tools

Question 21

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files. You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.

Answer 21

B - No
NOTES: Configuring Application1 to sign in as the LocalSystem account would ensure that the identity used by Application1 cannot be used by a user to sign in to the desktop on Computer1. However, this does not use the principle of least privilege. The LocalSystem account has full access to the system. Therefore, this solution does not meet the goal.

Question 22

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on locally user right.

Answer 22

A - Yes
NOTES: By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right.

Question 23

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on as a service user right.

Answer 23

B - No
NOTES: A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function.
To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right.

Question 24

A user named User1 purchases a new computer and joins the computer to Azure AD.
User1 is not able to use Windows Hello for Business on his computer. User1 sign-in options are shown on the exhibit. (Click the Exhibit tab.)

Answer 24

A - Purchase an infrared (IR) camera.

Question 25

MDT - Microsoft Deployment Kit - You need to ensure that the Hyper-V feature is enabled on the computers during the deployment.
What are two possible ways to achieve this goal?

Answer 25

C - Add a custom command to the Unattend.xml file
E - Add a task sequence step that runs dism.exe.
NOTES: A common way to add a feature such as Hyper-V in MDT is to use the Install Roles and Features task sequence action. However, that is not an option in this question.
The two valid options are to a command to the Unattend.xml file or to add a task sequence step that runs dism.exe.
To add Hyper-V using dism.exe, you would run the following dism command:
DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V

Question 26

Your company purchases a Microsoft 365 subscription.
You need to migrate the Documents folder of users to Microsoft OneDrive for Business.
What should you configure?

Answer 26

A - One Drive Group Policy settings
NOTES: You need to configure a Group Policy Object (GPO) with the OneDrive settings required to redirect the Documents folder of each user to Microsoft 365.

Question 27

User1 creates a Microsoft account.
User1 needs to sign in to cloud resources by using the Microsoft account without being prompted for credentials.
Which settings should User1 configure?

Answer 27

B - Email & app accounts in the Settings app
NOTES: Open the Setting app, select Accounts then select Email and accounts. Here you can add accounts for the cloud resources and configure the login credentials for the accounts. If you configure the accounts with the login credentials of the Microsoft account, you wonג€™t be prompted for credentials when you open the apps.

Question 28

The computer fails to activate.
You suspect that the activation server has an issue.
You need to identify which server hosts KMS.
How should you complete the command?

Answer 28

Type: NSLookup.exe
_vlmcs._tcp.Adatum.com - SRV

Question 29

You sign in to Computer1 and create a user named User1.
You create a file named LayoutModification.xml in the C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\folder. LayoutModification.xml contains the following markup.

Answer 29

You sign in to Computer1 - taskbar contains - Defaults apps only
User1 to Computer1 - Default apps and MS Paint

Question 30

You have a workgroup computer named Computer1 that runs Windows 10.
You need to add Computer1 to contoso.com.
What should you use?

Answer 30

C - The Settings app
NOTES: You join a computer to a domain, including an Azure AD domain in the Settings panel in Windows 10, under System->About

Question 31

You need to configure a picture password.
What should you do?

Answer 31

B - From the Settings app, configure the Sign-in options.

Question 32

You need to configure Windows Hello for sign-in to Computer1 by using a physical security key.
What should you use?

Answer 32

B - USB device that supports FIDO2

Question 33

Which two users can be configured to sign in by using their Microsoft account?

Answer 33

D - User4 (Member of Users)
E - User5 (Member of Admin)

Question 34

You mount an image from Image1.wim to a folder named C:\Mount.
You need to add the French language pack to the mounted image.
How should you complete the command?

Answer 34

Dism.exe
C:\Mount

Question 35

You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a network share. From Windows 8.1 on Computer1, you run setup.exe from the network share.
Does this meet the goal?

Answer 35

B - No

Question 36

Computer1 has apps that are compatible with Windows 10.
You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You copy the Windows 10 installation media to a Microsoft Deployment Toolkit (MDT) deployment share. You create a task sequence, and then you run the MDT deployment wizard on Computer1.
Does this meet the goal?

Answer 36

A - Yes

Question 37

You need to perform a Windows 10 in-place upgrade on Computer1.
Solution: You add Windows 10 startup and install images to a Windows Deployment Services (WDS) server. You start Computer1 by using WDS and PXE, and then you initiate the Windows 10 installation.
Does this meet the goal?

Answer 37

B - No
NOTES: Use Microsoft Deployment Toolkit (MDT) instead.

Question 38

The user signs in to the computer by using the Azure AD account. The user discovers the activation error shown in the following exhibit.

Answer 38

A - In Azure AD, assign a Windows 10 Enterprise license to the user.

Question 39

You create a taskbar modification file named LayoutModification.xml.
You need to ensure that LayoutModification.xml will apply to all users who sign in to Computer1.
To which folder should you copy LayoutModification.xml?

Answer 39

C - C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\

Question 40

The computer of the user fails to be activated.
Which command should you run on the computer to initiate activation?

Answer 40

Slmgr.vbs /alto
NOTES: To activate online, type slmgr.vbs /ato.

Question 41

You plan to upgrade the Windows 8.1 computers to Windows 10 by using the MDT deployment wizard.
You need to create a deployment share on Server1.
What should you do on Server1, and what are the minimum components you should add to the MDT deployment share?

Answer 41

1. On Server1 - Install the Windows Assessment and Deployment Kit (Windows ADK)
2. Add to the MDT Deployment Share - Win10 image and task sequence only
   NOTES:
   Box 1: Install the Windows ADK -
   Box 2: Add Windows 10 image and create a task sequence to upgrade to Windows 10.

Question 42

You download and install the Windows Assessment and Deployment Kit (Windows ADK).
You need to create a bootable WinPE USB drive.
What should you do first?

Answer 42

D - Download and install the WinPE add-on.
NOTES: WinPE used to be included in the Windows ADK. However, it is now provided as an add-on so the first step is to download and install the add-on.

Question 43

PC1 - Win10 Pro
PC2 - Win10 Pro Workstation
PC3 - Win10 Enterprise
You need to identify which computers support the features.
✑ BitLocker Drive Encryption (BitLocker)
✑ Microsoft Application Virtualization (App-V)

Answer 43

BitLocker - Computers123
App-V - Computer 3

Question 44

PC1 Win8 Enterprise
PC2 Win Pro
PC3 Win Pro for Workstation
On which computers can you perform an in-place upgrade to Windows 10 Enterprise?

Answer 44

D - Computers 123

Question 45

You have a workgroup computer named Computer1 that runs Windows 10. Computer1 contains five local user accounts.

Answer 45

B - From the Local Group Policy Editor, modify the Desktop settings. [1] [1]

Question 46

You need to force activation on the computer.
Which command should you run?

Answer 46

D - slmgr /ato

Question 47

You install Windows 10 Pro on a computer named CLIENT1 and join the device to an Active Directory domain.
You need to ensure that all per-user services are disabled on CLIENT1. The solution must minimize administrative effort.
What should you use?

Answer 47

D- Group Policy preferences

Question 48

You plan to install Windows 10 Pro by using an answer file.
You open Windows System Image Manager.
You need to create an answer file.
What should you do first?

Answer 48

C -
1. Install the WinPE add-on for the Windows Assessment and Deployment Kit (Windows ADK).

Question 49

You need to create a Start menu layout file. The solution must meet the following requirements:
✑ Contain an app group named Contoso Apps that has several pinned items. Contoso Apps must be locked from user modification.
✑ Ensure that users can customize other parts of the Start screen.
✑ Minimize administrative effort.
Which four actions should you perform in sequence?

Answer 49

1. Deploy the start layout
2. On a reference computer, customize the Start Menu
3. Export the start layout to a file
4. Modify the defaultlayoutoveride. xml element

Question 50

You need to create Windows 10 unattended answer file.
What should you do first?

Answer 50

A - From File Explorer, copy Install.wim from drive E to drive D.

Question 51

C1 - Semi-Annual Check (SAC)
C2 - Long Term Service Channel - LTSC 2016

Both computers have applications installed and contain user data.
You plan to configure both computers to run Windows 10 Enterprise LTSC 2019 and to retain all the existing applications and data.
You need to recommend a method to deploy Windows 10 Enterprise LTSC 2019 to the computers. The solution must minimize effort to install and configure the applications.
What should you include in the recommendation for each computer?

Answer 51

C1 - Clean installation
C2 - In place upgrade

Question 52

You have a computer that runs Windows 10 Home.
You need to upgrade the computer to Windows 10 Enterprise as quickly as possible. The solution must retain the user settings.

Answer 52

B - Perform an in-place upgrade to Windows Pro.

Question 53

You capture a Windows 10 image file from a reference device.
You need to generate catalog files and answer files for the deployment.
What should you use for each file?

Answer 53

Catalog File - Windows SIM - Windows System Image Manager
Answer File - Windows SIM - Windows System Image Manager

Question 54

The relevant services on Computer1 are shown in the following table.

Answer 54

C - Service 156

Question 55

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.
You discover that none of the computers are activated.
You need to recommend a solution to activate the computers without connecting the network to the Internet.

Answer 55

B - KMS Key Managment Service

Question 56

You have 10 new Windows 10 devices.
You plan to deploy a provisioning package that will configure a wireless network profile.
You need to ensure that a support technician can install the provisioning package on the devices. The solution must use the principle of least privilege.
To which group should you add the support technician?

Answer 56

D - Administrators

Question 57

You have a computer that runs Windows 10 and has the Windows Assessment and Deployment Kit (Windows ADK) installed.
You need to perform the following tasks:
✑ Prepare a Windows PE (WinPE) working directory.
✑ Add scripting support to a WinPE image.
✑ Mount and unmount a WinPE image.
Which command should you use for each task?

Answer 57

Copype.cmd
Dism.exe
Dism.exe

Question 58

You have a computer that runs Windows 10 Home.
You need to upgrade the computer to Windows 10 Enterprise as quickly as possible. The solution must retain the user settings.
What should you do first?

Answer 58

B - Perform an in-place upgrade to Windows Pro.

Question 59

You plan to deploy Windows 10 Enterprise to company-owned devices.
You capture a Windows 10 image file from a reference device.
You need to generate catalog files and answer files for the deployment.
What should you use for each file? To answer, select the appropriate options in the answer area.

Answer 59

Catalog File - Windows Sims (Windows System Image Manager)
Answer File - Windows Sims (Windows System Image Manager)

Question 60

Your company has an isolated network used for testing. The network contains 20 computers that run Windows 10. The computers are in a workgroup. During testing, the computers must remain in the workgroup.
You discover that none of the computers are activated.
You need to recommend a solution to activate the computers without connecting the network to the Internet.
What should you include in the recommendation?

Answer 60

B - Key Management Service (KMS)
NOTES: You can configure one of the computers as a Key Management Service (KMS) host and activate the KMS host by phone. The other computers in the isolated network can then activate using the KMS host.

Question 61

You have 10 new Windows 10 devices.
You plan to deploy a provisioning package that will configure a wireless network profile.
You need to ensure that a support technician can install the provisioning package on the devices. The solution must use the principle of least privilege.
To which group should you add the support technician?

Answer 61

D - Administrators

Question 62

You have a Windows 10 device.
You need to enable an experimental feature in Microsoft Edge.
What should you enter in the address bar?

Answer 62

A - edge://flags

Question 63

You have a computer that runs Windows 10 and hosts four Hyper-V virtual machines that run Windows 10.
You upgrade the computer to Windows 11.
You need to ensure that the virtual machines support hibernation.

Answer 63

D - Update the configuration version of the virtual machines.

Question 64

A feature update is installed on Computer1.
You need to use the Go back recovery option to revert to the previous version.
For how many days will the Go back option be available?

Answer 64

A - 10 days

Question 65

You install Windows 10 Pro on a computer named CLIENT1 and join the device to an Active Directory domain.
You need to ensure that all per-user services are disabled on CLIENT1. The solution must minimize administrative effort.

Answer 65

A - SC command

Question 66

You have a computer named Client1 that runs Windows 10.
Client1 was upgraded from Windows 8.1.
You need to delete the Windows.old folder from the C drive.

What should you use?

Answer 66

D - Temporary files in the Storage settings of the Settings app

Question 67

You have a computer named Computer1 that has the following configurations:

• RAM: 4 GB
• CPU: 1.6 GHz
• Hard drive: 128 GB
• Operating system: Windows 10 Pro in S mode

You need to upgrade Computer1 to Windows 11.

Answer 67

C - Switch out of S mode

Question 68

You have a computer named Computer1 that runs Windows 10.
You need to configure User Account Control (UAC) to prompt administrators for their credentials.
Which settings should you modify?

Answer 68

C - Security Options in Local Group Policy Editor

Question 69

You have several computers that run Windows 10. The computers are in a workgroup.
You need to prevent users from using Microsoft Store apps on their computer.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

Answer 69

B - From Administrative Templates in the local Group Policy, configure the Store settings.
D - From Security Settings in the local Group Policy, configure Application Control Policies.

Question 70

You have a computer named Computer1 that runs Windows 10.
You need to prevent standard users from changing the wireless network settings on Computer1. The solution must allow administrators to modify the wireless network settings.

Answer 70

C - Local Group Policy Editor

Question 71

You have a computer named Computer1 that runs Windows 10. Computer1 contains a folder named Folder1.
You need to log any users who take ownership of the files in Folder1.
Which two actions should you perform?

A. Modify the folder attributes of Folder1.
B. Modify the Advanced Security Settings for Folder1.
C. From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.
D. From a Group Policy object (GPO), configure the Audit File System setting.
E. Install the Remote Server Administration Tools (RSAT).

Answer 71

B - Modify the Advanced Security Settings for Folder1.
C - From a Group Policy object (GPO), configure the Audit Sensitive Privilege Use setting.

Question 72

You are a network administrator at your company.
The company uses an application that checks for network connectivity to a server by sending a ping request to the IPv6 address of the server. If the server replies, the application loads.
A user cannot open the application.
You manually send the ping request from the computer of the user and the server does not reply. You send the ping request from your computer and the server replies.
You need to ensure that the ping request works from the user’s computer.
Which Windows Defender firewall rule is a possible cause of the issue?

Answer 72

D - File and Printer Sharing (Echo Request ICMPv6-In)