Most up-to-date 70-680: Exambible real testing bible from 211 to 225

Question No. 211

- (Topic 3) 

You have two computers named Computer1 and Computer2 that run Windows 7. Computer2 is configured for remote management. 

From Computer1, you need to remotely execute a third-party command line tool named disk.exe on Computer2. 

Which command should you run? 

A. Start disk.exe /d \computer2 

B. Tscon disk.exe /DEST:computer2 

C. Winrm e disk.exe Cr:computer2 

D. Winrs r:computer2 disk.exe 



WinrsYou can use WinRS to execute command-line utilities or scripts on a remote computer. To use WinRS, open a command prompt and prefix the command that you want to run on the remote computer with the WinRS –r: RemoteComputerName command. For example, to execute the Ipconfig command on a computer named Aberdeen, issue the command: WinRS –r:Aberdeen ipconfig. 

The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt. 

Question No. 212

HOTSPOT - (Topic 5) 

You use a computer that has Windows 7 installed. The computer uses a quad-core CPU. 

Your computer experiences CPU performance issues while encoding video files. 

You need to configure the wmplayer.exe process to use only the first two CPU cores. 

What should you do? (To answer, select the appropriate option or options in the answer area.) 


Question No. 213

- (Topic 1) 

You have a computer that runs Windows Vista. The computer contains a custom application. 

You need to export the user state and the settings of the custom application. 

What should you do? 

A. Run Loadstate.exe and specify the /config parameter. 

B. Run Scanstate.exe and specify the /genconfig parameter. 

C. Modify the miguser.xml file. Run Loadstate.exe and specify the /ui parameter. 

D. Modify the migapp.xml file. Run Scanstate.exe and specify the /i parameter. 



MigApp.xml This file contains rules about migrating application settings. These include Accessibility settings, dial-up connections, favorites, folder options, fonts, group membership, Open Database Connectivity (ODBC) settings, Microsoft Office Outlook Express mailbox files, mouse and keyboard settings, phone and modem options, Remote Access Service (RAS) connection phone book files, regional options, remote access, screensaver settings, taskbar settings, and wallpaper settings.(Include) /i:[Path]FileName Specifies an .xml file that contains rules that define what user, application or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigUser.xml and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.NOT MigUser.xmlMigUser.xml This file contains rules about user profiles and user data. The default settings for this file migrate all data in My Documents, My Video, My Music, My Pictures, desktop files, Start Menu, Quick Launch settings, favorites, Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures, Shared Start menu, and Shared Favorites. This file also contains rules that ensure that all the following file types are migrated from fixed volumes: .qdf, .qsd, .qel, .qph, .doc, .dot, .rtf, .mcw, .wps, .scd, .wri, .wpd, .xl*, .csv, .iqy, . dqy, .oqy, .rqy, .wk*, .wq1, .slk, .dif, .ppt*, .pps*, .pot*, .sh3, .ch3, .pre, .ppa, .txt, .pst, .one*, .mpp, .vsd, .vl*, .or6, .accdb, .mdb, .pub, .xla, .xlb and .xls. The asterisk ( *) represents zero or more characters. 

Question No. 214

- (Topic 3) 

You have a computer named Computer1 that runs Windows 7. Computer1 has Remote Desktop enabled. Computer1 has a shared printer named Printer1. 

A group named HRUsers is a member of the Remote Desktop Users group. Only HRUsers has access to Printer1. A user named User1 is a member of HRUsers. 

You need to configure the computer to meet the following requirements: 

Allow User1 to print to Printer1 Prevent User1 from establishing Remote Desktop sessions to Computer1 Allow other members of HRUsers to connect to Computer1 by using Remote Desktop 

What should you do? 

A. Remove User1 from the HRUsers group. 

B. Remove HRUsers from the Remote Desktop Users group. 

C. Assign User1 the Deny log on through Remote Desktop Services user right. 

D. Assign User1 the Deny access to this computer from the network user right. Assign HRUsers the Allow log on locally user right. 


Question No. 215

DRAG DROP - (Topic 6) 

You have a computer that runs WindowsXP. The computer has one partition. You install Windows 7 on the computer. 

You need to migrate a user profile from the Windows XP installation to Windows 7 installation. 

What should you do first? (To answer, drag the appropriate command from the list of command to the correct location or locations in the work area.) 


Question No. 216

- (Topic 1) 

You have a standalone computer that runs Windows 7. Multiple users share the computer. 

You need to ensure that you can read the content of all encrypted files on the computer. 

What should you do? 

A. Run the Certificates Enrollment wizard and then run Certutil.exe -importpfx. 

B. Run the Certificates Enrollment wizard and then run Certutil.exe -installcert. 

C. Run Cipher.exe /r and then add a data recovery agent from the local security policy. 

D. Run Cipher.exe /rekey and then import a security template from the local security policy. 



Cipher Displays or alters the encryption of folders and files on NTFS volumes. Used without parameters, cipher displays the encryption state of the current folder and any files it contains. Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The updated version adds another security option. This new option is the ability to overwrite data that you have deleted so that it cannot be recovered and accessed.When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a low-level disk editor or data-recovery software. 

If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes a backup copy of the file so that, if an error occurs during the encryption process, the data is not lost. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The new version of the Cipher utility is designed to prevent unauthorized recovery of such data. 

/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. By default, /k creates a certificate and key that conform to current group plicy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is genereated. By default, /R creates an 2048-bit RSA recovery key and certificate. If EECC is specified, it must be followed by a key size of 356, 384, or 521. 

Question No. 217

- (Topic 3) 

You have a Windows image (WIM) file that contains an image of Windows 7. The WIM file is 2 GB. 

You need to ensure that you can copy the image to CD. 

What should you do? 

A. Run Imagex.exe and specify the /split parameter. 

B. From the properties of the WIM file, enable compression. 

C. Run Dism.exe and specify the /cleanup-wim parameter. 

D. Right-click the WIM file, point to Send To and then click Compressed (zipped) Folder. 



Imagex ImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack. 

/split image_filedest_filesize 

Splits an existing .wim file into multiple read-only split .wim files (.swm). 


Specifies the name and location of the .wim file to split. 


Specifies the file path of the split files. 

SizeSpecifies the maximum size in megabytes (MB) for each created file. This option generates the .swm files into the specified directory, naming each file the same as the specified image_file, but with an appended number and the .swm file-name extension. For example, if you choose to split a file named Data.wim, this option creates a Data.swm file, a Data2.swm file, a Data3.swm file, and so on, defining each portion of the split .wim file. 

Question No. 218

- (Topic 4) 

You administer client computers that have Windows 7 Enterprise installed. 

A server named Server1 has an IP address of The server accepts Remote Desktop connections at a custom port 10876. 

You need to connect to the server from a client computer by using Remote Desktop. 

What should you do? 

A. From the General tab of your Remote Desktop connection, type port: 10876 in the Computer field. 

B. From the Advanced tab of your Remote Desktop connection, configure the port of Server1 in the Connect from anywhere option. 

C. From the General tab of your Remote Desktop connection, type in the Computer field. 

D. From an elevated command prompt, run mstsc.exe port: 10876. 


Question No. 219

HOTSPOT - (Topic 6) 

A law firm's wireless network does not use IPv6 and provides IP addresses automatically to connected clients. 

A visiting attorney arrives to perform a deposition. The attorney's computer has never connected to the firm's wireless network. The attorney needs general access to several websites but is unable to connect to the Internet. 

You collect information from the computer's Device Manager, Network Connections, and Wireless Network Connections. 

Device information is shown in the Device Manager exhibit. (Click the Exhibit button.) 

Network information is shown in the Network Connections exhibit. (Click the Exhibit button.) 

Wireless network information is shown in the Wireless Network Connections exhibit. (Click the Exhibit button.) 

You need to configure this attorney's laptop so it can access the Internet through the firm's wireless network. 

Consider each of the following statements. Does the information in the three screenshots support the inference as stated? (This question is worth three points.) 


Question No. 220

HOTSPOT - (Topic 6) 

You work with Windows 7 computers. 

Your company has a policy of not allowing software to be upgraded without proper authorization from the managers. 

You set a Software Restriction Policy to allow only a certain version of Microsoft Word 2010 to run. The policy of the Local Group Policy Editor is shown in the Policy Editor exhibit. (Click the Exhibit button.) 

Additionally, the hash policy for WmWord. exe is shown in the Hash Policy exhibit. (Click the Exhibit button. ) 

Any upgrades or change to the WinWord.exe will result in the program not operating. 

When you attempt to run MS Word, the program does not execute. The error is shown in the Hashblock exhibit. (Click the Exhibit button.) 

Consider each of the following statements. Does the information in the three statements support the inference as stated? (This question is worth three points. ) 


Question No. 221

- (Topic 4) 

Your company office network includes a file server that has Windows Server 2008 R2 installed and client computers that have Windows 7 Enterprise installed. The computers are members of an Active Directory domain. The file server has the BrachCache features installed. 

All sales user in the office must download a daily updated 5-GB file that is stored on a file server located in a remote office. 

You configure the client computers to run BranchCache in Distributed Host mode. You discover that all users still access the file directly from the file server. 

You need to reduce the utilization of a WAN link between the offices because of downloading the file to the client computers. 

What should you do? 

A. Run the Netsh branchcache set service mode=HOSTEDSERVER client authentication=NONE command 

B. Configure firewall exception rules for multicast traffic, inbound and outbound traffic for local UDP port 3702, and inbound and outbound traffic for local TCP port 80. 

C. Create a Group Policy that sets Hash Publication for BranchCache as disabled. 

D. Run the netsh branchcache set service mode=DISTRIBUTED command. 

E. Create a Group Policy object and configure the Set percentage of disk space used for client computer cache option. 

F. Check permisions. 

G. Run the netsh branchcache set service mode=HOSTEDCLIENT command. 

H. Create a Group Policy object and enable the Set BranchCache Hosted Cache mode policy. 

I. Configure firewall exception rules for inbound and outbound traffic for local TCP port 80 and for inbound and outbound traffic for local TCP port 8443. 



Original wording: You configure the client computers to run BranchCache in 'Distributed Host Mode'. Changed to 'Distributed Cache mode". 

Question No. 222

- (Topic 2) 

You have a computer that runs windows 7. 

You have a third-party application. 

You need to ensure that only a specific version of the application runs on the computer. 

You have the application vendor's digital signature. 

What should you do? 

A. From Application Control Policies, configure a path rule. 

B. From Application Control Policies, configure a publisher rule. 

C. From Software Restriction policies, configure a path rule. 

D. From Software Restriction policies, configure a certificate rule. 



AppLocker Application Control Policies AppLocker is a feature new to Windows 7 that is available only in the Enterprise and Ultimate editions of the product. AppLocker policies are conceptually similar to Software Restriction Policies, though AppLocker policies have several advantages, such as the ability to be applied to specific user or group accounts and the ability to apply to all future versions of a product. As you learned earlier in this chapter, hash rules apply only to a specific version of an application and must be recalculated whenever you apply software updates to that application. AppLocker policies are located in the Computer ConfigurationWindows Settings Security Settings Application Control Policies node of a standard Windows 7 or Windows Server 2008 R2 GPO. AppLocker relies upon the Application Identity Service being active. When you install Windows 7, the startup type of this service is set to Manual. When testing AppLocker, you should keep the startup type as Manual in case you configure rules incorrectly. In that event, you can just reboot the computer and the AppLocker rules will no longer be in effect. Only when you are sure that your policies are applied correctly should you set the startup type of the Application Identity Service to Automatic. You should take great care in testing AppLocker rules because it is possible to lock down a computer running Windows 7 to such an extent that the computer becomes unusable. AppLocker policies are sometimes called application control policies. AppLocker Application Control Policies - Publisher Rules Publisher rules in AppLocker work on the basis of the code-signing certificate used by the file's publisher. Unlike a Software Restriction Policy certificate rule, it is not necessary to obtain a certificate to use a publisher rule because the details of the digital signature are extracted from a reference application file. If a file has no digital signature, you cannot restrict or allow it using AppLocker publisher rules. Publisher rules allow you more flexibility than hash rules because you can specify not only a specific version of a file but also all future versions of that file. This means that you do not have to re-create publisher rules each time you apply a software update because the existing rule remains valid. You can also allow only a specific version of a file by setting the Exactly option.AppLocker Application Control Policies - Path RulesAppLocker path rules work in a similar way to Software Restriction Policy path rules. Path rules let you specify a folder, in which case the path rule applies to the entire contents of the folder, including subfolders, and the path to a specific file. The advantage of path rules is that they are easy to create. The disadvantage of path rules is that they are the least secure form of AppLocker rules. An attacker can subvert a path rule if they copy an executable file into a folder covered by a path rule or overwrite a file that is specified by a path rule. Path rules are only as effective as the file and folder permissions applied on the computer. 

Software Restriction Policies Software Restriction Policies is a technology available to clients running Windows 7 that is available in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. You manage Software Restriction Policies through Group Policy. You can find Software Restriction Policies in the Computer Configuration Windows SettingsSecurity SettingsSoftware Restriction Policies node of a group policy. When you use Software Restriction Policies, you use the Unrestricted setting to allow an application to execute and the Disallowed setting to block an application from executing. You can achieve many of the same application restriction objectives with Software Restriction Policies that you can with AppLocker policies. The advantage of Software Restriction Policies over AppLocker policies is that Software Restriction Policies can apply to computers running Windows XP and Windows Vista, as well as to computers running Windows 7 editions that do not support AppLocker. The disadvantage of Software Restriction Policies is that all rules must be created manually because there are no built-in wizards to simplify the process of rule creation.Software Restriction Policies - Path Rules Path rules, allow you to specify a file, folder, or registry key as the target of a Software Restriction Policy. The more specific a path rule is, the higher its precedence. For example, if you have a path rule that sets the file C: Program filesApplicationApp.exe to Unrestricted and one that sets the folder C:Program filesApplication to Disallowed, the more specific rule takes precedence and the application can execute. Wildcards can be used in path rules, so it is possible to have a path rule that specifies C:Program filesApplication*.exe. Wildcard rules are less specific than rules that use a file's full path. The drawback of path rules is that they rely on files and folders remaining in place. For example, if you created a path rule to block the application C:AppsFilesharing.exe, an attacker could execute the same application by moving it to another directory or renaming it something other than Filesharing.exe. Path rules work only when the file and folder permissions of the underlying operating system do not allow files to be moved and renamed. Software Restriction Policies - Certificate Rules Certificate rules use a code-signed software publisher's certificate to identify applications signed by that publisher. Certificate rules allow multiple applications to be the target of a single rule that is as secure as a hash rule. It is not necessary to modify a certificate rule in the event that a software update is released by the vendor because the updated application will still be signed using the vendor's signing certificate. To configure a certificate rule, you need to obtain a certificate from the vendor. Certificate rules impose a performance burden on computers on which they are applied because the certificate's validity must be checked before the application can execute. Another disadvantage of certificate rules is that they apply to all applications from a vendor. If you want to allow only 1 application from a vendor to execute but the vendor has 20 applications available, you are better off using a different type of Software Restriction Policy because otherwise users can execute any of those other 20 applications. 

Question No. 223

- (Topic 4) 

You need to identify the hardware failures have occurred on your computer in the past six months. 

What should you do? 

A. Open Device Manager. 

B. Open Reliability Monitor. 

C. Create a User Defined Data Collector Set. 

D. Create a new Event Trace Sessions Data Collector Set. 



Reliability Monitor is an advanced tool that measures hardware and software problems and other changes to your computer. It provides a stability index that ranges from 1 (the least stable) to 10 (the most stable). You can use the index to help evaluate the reliability of your computer. Any change you make to your computer or problem that occurs on your computer affects the stability index. 

The Reliability Monitor is intended for advanced computer users, such as software developers and network administrators. 

Click to open Action Center. 

Click Maintenance. Then, under Check for solutions to problem reports, click View reliability history. 

In Reliability Monitor, you can: 

Click any event on the graph to view its details. 

Click Days or Weeks to view the stability index over a specific period of time. 

Click items in the Action column to view more information about each event. 

Click View all problem reports to view only the problems that have occurred on your 

computer. This view doesn't include the other computer events that show up in Reliability 

Monitor, such as events about software installation. 

Question No. 224

- (Topic 3) 

You deploy a Windows 7 Enterprise image to a computer on the network. 

You need to display the detailed activation and license status of the computer. 

What should you run? 

A. Msconfig.exe 

B. Slui.exe 

C. Slmgr.vbs and specify the dli parameter 

D. Winrm.vbs and specify the id parameter 



Slmgr.vbs /dli [Activation ID | All]Display license information. By default, /dli displays the license information for the installed active Windows edition. Specifying the [Activation ID] parameter displays the license information for the specified edition associated with that Activation ID. Specifying the [All] as the parameter will display all applicable installed products' license information. This operation does not require elevated privileges. 

Question No. 225

HOTSPOT - (Topic 5) 

You install Windows 7 Enterprise from an image file to a newly purchased portable computer. The image is configured with Windows Firewall disabled for all network locations. 

The company security policy requires all computers be protected with Windows Firewall. 

You need to comply with the company policy. You also need to ensure that computer users are notified if applications are blocked when the computer is connected to networks that are not trusted. 

What should you do? (To answer, configure the appropriate option or options in the dialog box in the answer area.)