Valid 70-685 Dumps shared by PassLeader for Helping Passing 70-685 Exam! PassLeader now offer the newest 70-685 VCE dumps and 70-685 PDF dumps, the PassLeader 70-685 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader 70-685 dumps with VCE and PDF here: http://www.passleader.com/70-685.html (196 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader 70-685 dumps from Cloud Storage: https://drive.google.com/open?id=0B-ob6L_QjGLpfk40ZWRBaERtMW04RHdwYTZ5bkVaRnpyV2hHeXU5bUpNYTU1aUtpaEo3TUk
Users in branch office 2 map drives to shared folders on SRV1. The users report that they cannot access files in the shared folders when the WAN link between branch office 2 and the main office is unavailable. When they attempt to access the files, they are prompted to enter their credentials but are denied access. You need to ensure that the users can access the shared folders if the WAN link fails. What should you do?
A. Instruct a desktop support technician to configure Offline Files on the Windows 7 computers.
B. Instruct a desktop support technician to configure BranchCache on the Windows 7 computers.
C. Request that a domain administrator deploy a domain controller in branch office 2.
D. Request that a domain administrator enable Universal Group Membership Caching for branch office 2.
You should use BranchCache in distributed mode and not offline files. Offline files are for single-user files and this question specifies it’s a shared folder.
Case Study 9 – Wingtip Toys (QUESTION 82 – QUESTION 86)
You are an enterprise desktop support technician for Wingtip Toys. Wingtip Toys has two offices.
Active Directory Configuration
The network contains a single Active Directory domain. An Active Directory site exists for each office. The network contains the organizational units (OUs) that are shown in the following table:
The network contains an enterprise root certification authority (CA). Certificate autoenrollement is enabled for all users.
Each office has a wireless network. You control access to the wireless network in office 1 by using Network Access Protection (NAP). A Group Policy object (GPO) named GPO1 configures the NAP settings for the computers in office 1.
The Documents folders of all users are encrypted by using Encrypting File System (EFS). The Documents folders of all users are backed up daily. A Web server named Web1 hosts an internal Web site named WebSite1. Users connect to WebSite1 from the Internet by using the URL http://website1.wingtiptoys.com. The domain name website1.wingtiptoys.com is resolved by using the hosts file that is located on each client computer. Users frequently work from home. Home users connect to the internal network by using SSTP- based VPN connections.
Line of Business Applications
Your company has a line-of-business application named App1. App1 is installed only on computers that run Windows XP. You test App1 by using the Microsoft Application Compatibility Toolkit (ACT). ACT reports that App1 can be made compatible to run on Windows 7.
You deploy App1 on a test Windows 7 computer and notice that it fails to run. You need to ensure that App1 runs on Windows 7 computers. What should you do?
A. Digitally sign App1.
B. Develop and deploy a shim for App1.
C. Configure an AppLocker policy.
D. Configure a Software Restriction Policy.
The help desk reports that they receive many calls from remote users who cannot access Internet Web sites while they are connected to the VPN. The help desk instructs the users to manually configure the VPN connection so that the users can access Internet Web sites while connected to the VPN. You need to provide a recommendation to reduce the number of calls to the help desk regarding this issue. What should you recommend?
A. Deploy a Network Policy Server (NPS).
B. Replace the SSTP-based VPN with a PPTP-based VPN.
C. Issue computer certificates from a trusted root certification authority (CA) to all remote users.
D. Create and distribute Connection Manager Administration Kit (CMAK) profiles to all remote users.
A group of users from office 2 travels to office 1 to work on a project. The users from office 2 report that they are unable to connect to the wireless network in office 1 from their portable computers. A help desk administrator manually provides the users with access to the wireless network. You need to ensure that the next time users from office 2 travel to office 1 they can connect to the wireless network in office 1. What should you request?
A. Link GPO1 to Office2-Users-OU.
B. Link GPO1 to Office2-Computers-OU.
C. Change the office attribute for the user accounts.
D. Change the location attribute for the computer accounts.
A user’s computer fails. The help desk provides the user with a new computer. The user’s Documents folder is restored from the backup. The user reports that he can no longer access his encrypted files. The help desk recovers the files by using a data recovery agent (DRA). You need to ensure that when users receive new computers, they can access their encrypted files without administrative intervention. What should you request?
A. credential roaming be enabled
B. BitLocker be enabled on all computers
C. user accounts be trusted for delegation
D. the CA be configured for key archival and recovery
A. credential roaming be enabled.
Credential roaming allows organizations to store certificates and private keys in Active Directory Domain Services (AD DS) separately from application state or configuration information. Credential roaming uses existing logon and autoenrollment mechanisms to securely download certificates and keys to a local computer whenever a user logs on and, if desired, remove them when the user logs off. In addition, the integrity of these credentials is maintained under any conditions, such as when certificates are updated and when users log on to more than one computer at a time.
C. user accounts be trusted for delegation.
This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set.
An administrator modifies the external IP address of Web1 and creates a Hosts (A) record for website1.wingtiptoys.com on the external DNS servers. Your users report that they can no longer connect to website1.wingtiptoys.com from the Internet. You need to ensure that users can connect to website1.wingtiptoys.com from the Internet. What should you do?
A. Instruct the users to modify the DNS client settings on their computers.
B. Instruct the users to remove an entry from the Hosts file that is located on their computers.
C. Request that an administrator create a Pointer (PTR) resource record for the new IP address of Web1.
D. Request that an administrator create an alias (CNAME) resource record for website1.wingtiptoys.com.
Case Study 10 – Humongous Insurance (QUESTION 87 – QUESTION 89)
You are an enterprise desktop support technician for Humongous Insurance.
Active Directory Configuration
The company has two offices named Office1 and Office2. The network contains an Active Directory forest named humongousinsurance.com. An Active Directory site exists for each office. The sites are named Site1 and Site2.
All servers run Windows Server 2008 R2 and are joined to the domain. The relevant servers are configured as shown in the following table:
The corporate security policy states that all domain controllers must have only the following roles:
– AD DS
– DNS server
– DHCP server
Site1 and Site2 connect to each other by using a WAN link.
Client Computer Configuration
All client computers run Windows 7 Enterprise and are members of the domain. Some client computers are portable computers and some are desktop computers. The computers do not support hardware virtualization. All computers are configured to receive Windows Updates from WSUS1.
Remote Access Configuration
Users can connect to NPAS1 from the Internet by using all of the VPN protocols that are supported by Windows Server 2008 R2. Fabrikam, Inc. is a customer of Humongous Insurance. Several Humongous Insurance users work at the Fabrikam office and access resources on the Humongous Insurance network by using direct VPN connections to NPAS1. Fabrikam contains several wireless access points.
All computers in the finance department run a custom application suite named App1. Several users in the sales department install an application named App2. App2 runs as a service and logs on by using the credentials of the user who installed the application.
Several users in the sales department report that their user accounts are locked out shortly after they change their user passwords. You need to minimize the number of account lockouts that occur after the users change their passwords. What should you instruct the users to do?
A. Delete all entries from the Credential Manager vault.
B. Change their passwords and then create a password reset disk.
C. Change their passwords and then configure App2 to log on by using a service account.
D. Change their passwords and then log off and log back on to their computers.
Each day, 100 users in Office2 download a 5-MB product catalog file from a share on Server1. The network administrator reports that the downloads cause an excessive load on the WAN link between Office1 and Office2. You need to recommend a solution to minimize WAN utilization. The solution must not require that additional servers be deployed. What should you recommend?
A. BranchCache in distributed cache mode
B. BranchCache in hosted cache mode
C. Distributed File System Replication (DFSR)
D. File Server Resource Management (FSRM)
Humongous Insurance users who work at Fabrikam report that when they move between different wireless networks, they are prompted to manually reconnect to the VPN. You need to ensure that the users can automatically reconnect to the VPN when they move between wireless networks. What should you request?
A. that a network administrator create a CNAME record named AUTODISCOVER in the humongousinsurance.com DNS zone
B. that a network administrator enable Network Load Balancing on NPAS1
C. that users use only IKEv2-based VPN connections
D. that users use only SSTP-based VPN connections
Case Study 11 – Baldwin Museum of Science (QUESTION 90 – QUESTION 94)
You are an enterprise desktop support technician for the Baldwin Museum of Science. The Baldwin Museum of Science is located in Dublin. The museum has 2,000 employees. All employees have laptop computers that have cellular connections. The museum has a main office and three satellite offices.
Active Directory Configuration
The network contains an Active Directory forest. The forest contains a domain named Baldwinmuseumofscience.com. The relevant group policy information is shown in the following table:
All servers are located in the main office and run Windows Server 2008 R2. The relevant servers are configured as shown in the following table:
Users access the network remotely by using a DirectAccess connection.
Client Computer Information
All client computers run Windows 7 Enterprise (x86). The client computers are configured to receive Windows Updates from http://WSUS.
All users run Microsoft Office Outlook 2010 and use Outlook Anywhere. Users access the intranet Web site by using the URL http://intranet. The museum hosts several Web sites that use the domain suffix fineartschool.net.
Corporate Security Policy
The corporate security policy states that all updates on client computers must be installed from the internal WSUS server.
Users report that they can only access the fineartschool.net Web servers by entering the full URL to the servers. You need to recommend a solution that allows users to access the Web servers by using single label names. Your solution must ensure that users can access the intranet Web server by using the URL http://intranet. What should you recommend?
A. the DHCP server option for the DNS domain name be removed
B. fineartschool.net be added as the primary DNS suffix in the Default Domain Policy
C. fineartschool.net be added to the DNS Search Suffix list in the Default Domain Policy
D. the Allow DNS Suffix Appending to unqualified Multi-Label Name Queries setting be enabled in the Default Domain Policy
Twenty new laptop computers are joined to the domain. Users of the new laptops report that they can access the Exchange server, but they cannot access file shares or internal Web sites when they are outside of the office. Other remote users can access file shares and internal Web sites when they are outside of the office. You need to ensure that users of the new laptops can access file shares and Web sites on the internal network when they are outside of the office. What should you request?
A. new user certificates for the laptop users
B. new computer certificates for the laptops
C. the user accounts for the laptop users be added to the Baldwin\Direct Access group
D. the computer accounts for the laptops be added to the Baldwin\Direct Access group
The help desk technicians discover that Windows Defender definitions are not up-to-date on client computers. The help desk technicians report that other critical updates are applied to the client computers. You need to ensure that all client computers have the latest Windows Defender definitions. Your solution must comply with the corporate security policy. What should you request?
A. a firewall exception be added for msascui.exe
B. the WSUS server be configured to download and automatically approve Windows Defender definition updates
C. the Remove access to use all Windows update features setting in the WSUS Policy GPO be set to disabled
D. the Windows Defender\Turn on definition updates through both WSUS and Windows Update setting in the WSUS Policy GPO be set to enabled
The help desk technicians discover that some computers have not installed the latest updates for Windows. The Windows Update log files on the computers show that to complete the installation of several updates the computers must be restarted. You need to ensure that future updates are successfully installed on all computers. What should you request?
A. the logon hours for all user accounts be set from 06:00 to 22:00
B. the Delay Restart for scheduled installations setting in the WSUS Policy GPO be set to disabled
C. the Allow Automatic Updates immediate installation setting in the WSUS Policy GPO be set to enabled
D. the No auto-restart with logged on users for scheduled automatic updates installations setting in the WSUS Policy GPO be set to disabled
A new printer is installed on FP1 and is shared as Printer1. Users report that they receive an error when they try to connect to \\FP1\Printer1, and that after they click OK they are prompted for a printer driver. The server administrator confirms that the printer is functioning correctly and that he can print a test page. You need to ensure that users are able to connect to the new printer successfully. Your solution must minimize administrative effort. What should you request?
A. an x86 printer driver be installed on FP1
B. the permissions be changed on the shared printer
C. a new Group Policy object (GPO) be created that includes a printer mapping for \\FP1\Printer1
D. the Devices: Prevent users from installing printer drivers setting in the Default Domain Policy be set to disabled
Case Study 12 – Tailspin Toys (QUESTION 95 – QUESTION 105)
You are the desktop support technician for Tailspin Toys. Tailspin Toys manufacturers and distributes children’s toys. The network environment includes a server infrastructure running on Windows Server 2003 Service Pack (SP) 2 and Windows Server 2008 R2, Active Directory with the forest and domain levels set at Windows Server 2003, and Active Directory Certificate Services (AD CS) running on Windows Server 2008 R2. The company has a Microsoft Enterprise Agreement (EA) with Software Assurance (SA). The company sites, network connectivity, and site technologies are shown in the following table:
The company’s domain controller layout and details are shown in the following table:
The company’s client computer configuration details are shown in the following table:
The company uses Microsoft SharePoint 2010 as the company intranet and as a document repository for company-related Microsoft Office documents. The URL for the intranet is intranet.tailspintoys.com . There is a Group Policy object (GPO) that applies to all client computers that allows employees who are connected to the corporate network to go to the intranet site without having to enter authentication information. All users are using Microsoft Internet Explorer 8. All users have enabled the Internet Explorer SmartScreen Filter and the Internet Explorer phishing filter. All of the desktop support technicians are members of a security group named Desktop Admins. The Desktop Admins group is a member of the local Administrators group on all client computers. The desktop support technicians use the Microsoft Diagnostics and Recovery Toolset to perform various troubleshooting and repairs. All Windows 7 client computers have a directory named tailspintoys\scripts in the root of the operating system drive. The directory contains four unique .vbs files named scriptl.vbs, script2.vbs, script3.vbs, and script4.vbs.
– An existing GPO named AppLockdown applies to Windows 7 machines and uses AppLocker to ensure that: No .bat files are allowed to be run by users and rules are enforced.
– An existing GPO named RestrictApps applies to Windows XP client computers and uses a Software Restriction Policy to ensure that: No .bat files are allowed to be run by users and rules are enforced.
Data Protection Environment
– Some users at the Manufacturing site use EFS to encrypt data.
– A user account named EFSAdmin has been designated as the Data Recovery Agent (DRA).
– The DRA certificate and private key are stored on a portable USB hard drive.
As part of the yearly security compliance audits, a vendor is due to arrive at Tailspin Toys in a month to perform the yearly audit. To prepare for the audit, management has asked you to participate in an internal review of the company’s existing security configurations related to network security and data security. The management team has issued the following requirements:
New software requirements
– All installation programs must be digitally signed.
– Minimum permissions must be granted for installation of programs.
Internet Explorer requirements
– Users must not be able to bypass certificate warnings.
– Users must not be able to add Internet Explorer add-ons unless the add-ons are approved by IT.
Data protection requirements
All portable storage devices must use a data encryption technology. The solution must meet the following requirements:
– Allow all users a minimum of read access to the encrypted data while working from their company client computers.
– Encrypt entire contents of portable storage devices.
– Minimize administrative overhead for users as files and folders are added to the portable storage devices.
– Recovery information for client computer hard drives must be centrally stored and protected with data encryption.
Users at the Manufacturing site must have a secondary method of decrypting their existing files if they lose access to their certificate and private key or if the EFS Admin’s certificate is not available. You need to recommend a solution to ensure that a secondary method is available to users. The solution must not require accessing or altering the existing encrypted files before decrypting them. What should you recommend that the users do?
A. From the command line, run the cipher.exe /e command.
B. From the command line, run the certutil.exe /backupKey command.
C. Enroll for a secondary EFS certificate.
D. Export their EFS certificates with private keys to an external location.
You need to recommend a solution to back up BitLocker recovery information based on the company’s existing data protection requirements. The solution must include the backup destination and the solution prerequisites. What should you recommend? (Choose all that apply.)
A. Upgrade all Windows XP client computers to Windows 7.
B. Store the BitLocker recovery information in Active Directory.
C. Create a GPO to enroll users for a Basic EFS certificate automatically.
D. Raise the forest functional level to Windows Server 2008 R2.
E. Store each user’s BitLocker recovery information on USB keychain drives.
F. Import the BitLockerTPMSchemaExtension.ldf file to Active Directory.
Get the newest PassLeader 70-685 VCE dumps here: http://www.passleader.com/70-685.html (196 Q&As Dumps)
And, DOWNLOAD the newest PassLeader 70-685 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=0B-ob6L_QjGLpfk40ZWRBaERtMW04RHdwYTZ5bkVaRnpyV2hHeXU5bUpNYTU1aUtpaEo3TUk