2018 Updated Lead2pass Microsoft 70-697 Exam Questions:
You are an IT consultant for small and mid-sized business.
One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards.
What should you do?
A. Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
B. Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
C. Ensure that each laptop and tablet can read a physical smart card.
D. Ensure that the laptops and tablets are running Windows 10 Enterprise edition.
A Trusted Platform Module (TPM) chip of version 1.2 or greater is required to support Virtual Smart Cards.
Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
B: BitLocker Drive Encryption does not need to be enabled on a system drive of the laptops and tablets to support Virtual Smart Cards.
C: The ability to read a physical smart card does not ensure support for Virtual Smart Cards.
D: Windows 10 Enterprise edition is not a requirement for Virtual Smart Cards; other versions of Windows 10 (and Windows 8) can use Virtual Smart Cards.
Your network contains an Active Directory domain named contoso.com. Contoso.com is synchronized to a Microsoft Azure Active Directory.
You have a Microsoft Intune subscription.
Your company plans to implement a Bring Your Own Device (BYOD) policy.
You will provide users with access to corporate data from their personal iOS devices.
You need to ensure that you can manage the personal iOS devices.
What should you do first?
A. Install the Company Portal app from the Apple App Store.
B. Create a device enrollment manager account.
C. Set a DNS alias for the enrollment server address.
D. Configure the Intune Service to Service Connector for Hosted Exchange.
E. Enroll for an Apple Push Notification (APN) certificate.
An Apple Push Notification service (APNs) certificate must first be imported from Apple so that you can manage iOS devices. The certificate allows Intune to manage iOS devices and institutes an accredited and encrypted IP connection with the mobile device management authority services.
A: Users can only install the Company Portal app after they have been added as Intune users, which require the Apple Push Notification (APN) certificate to be in place.
B: The device enrollment manager account is a special Intune account that has permission to enroll more than five corporate-owned devices. It is not used for BYOD.
C: The Set a DNS alias for the enrollment server address setting is an optional setting for enrolling Windows devices.
D: The Configure Intune service to service connector for hosted Exchange setting is used to connect Microsoft Intune and hosted Exchange without an on-premises infrastructure.
You manage Microsoft Intune for a company named Contoso. Intune client computers run Windows 10 Enterprise.
You notice that there are 25 mandatory updates listed in the Intune administration console.
You need to prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Which policy template should you use?
A. Microsoft Intune Agent Settings
B. Windows Configuration Policy
C. Microsoft Intune Center Settings
D. Windows Custom Policy (Windows 10 and Windows 10 Mobile)
To configure the Prompt user to restart Windows during Intune client agent mandatory updates update policy setting you have to configure the Microsoft Intune Agent Settings policy. Setting the Prompt user to restart Windows during Intune client agent mandatory updates setting to No would prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
B: You make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices, but not the policy setting in question.
C: The Microsoft Intune Center allows users to get applications from the company portal, check for updates, manage Microsoft Intune Endpoint Protection, and request remote assistance. It does not allow users to configure settings to prevent users from receiving prompts to restart Windows following the installation of mandatory updates
D: You can make use of the Microsoft Intune custom configuration policy for Windows 10 and Windows 10 Mobile to deploy OMA-URI (Open Mobile Alliance Uniform Resource Identifier) settings.
Drag and Drop Question
You manage Microsoft Intune for a company named Contoso.
You have 200 computers that run Windows 10. The computers are Intune clients.
You need to configure software updates for the clients.
Which policy template should you use to configure each software updates setting? To answer, drag the appropriate policy templates to the correct settings. Each policy template may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You must make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices. The system settings that can be configured using this policy include the following:
– Require automatic updates.
– Require automatic updates – Minimum classification of updates to install automatically.
– User Account Control.
– Allow diagnostic data submission.
To configure the Allow immediate installation of updates that do not interrupt Windows update policy setting you have to configure and deploy a Microsoft Intune Agent Settings policy.
You can make use of the Microsoft Intune custom configuration policy for Windows 10 and Windows 10 Mobile to deploy OMA-URI (Open Mobile Alliance Uniform Resource Identifier) settings, which can be used to control features on Windows 10 and Windows 10 Mobile devices.
You have an Active Directory domain named contoso.com that contains a deployment of Microsoft System Center 2012 Configuration Manager Service Pack 1 (SP1).
You have a Microsoft Intune subscription that is synchronized to contoso.com by using the Microsoft Azure Active Directory Synchronization Tool (DirSync.)
You need to ensure that you can use Configuration Manager to manage the devices that are registered to your Microsoft Intune subscription.
Which two actions should you perform? Each correct answer presents a part of the solution.
A. In Microsoft Intune, create a new device enrollment manager account.
B. Install and configure Azure Active Directory Synchronization Services (AAD Sync.)
C. In Microsoft Intune, configure an Exchange Connector.
D. In Configuration Manager, configure the Microsoft Intune Connector role.
E. In Configuration Manager, create the Microsoft Intune subscription.
To allow Configuration Manager to manage mobile devices in the same context as other devices, it requires you to create a Windows Intune subscription and synchronize user accounts from Active Directory to Microsoft Online. to achieve that, you are required to complete the following tasks:
Sign up for a Windows Intune organizational account
Add a public company domain and CNAME DNS entry
Verify users have public domain User Principal Names (UPNs)
If you plan to use single sign-on, deploy and configure Active Directory Federated Services
Deploy and Configure Active Directory Synchronization
Reset users Microsoft Online password – If not using ADFS*
Configure Configuration Manager for mobile device management
Create the Windows Intune Subscription in the Configuration Manager console
Add the Windows Intune Connector Site System role
Verify that Configuration Manager successfully connects to Windows Intune
You purchase a new Windows 10 Enterprise desktop computer. You have four external USB hard drives.
You want to create a single volume by using the four USB drives.
You want the volume to be expandable, portable and resilient in the event of failure of an individual USB hard drive.
You need to create the required volume.
What should you do?
A. From Control Panel, create a new Storage Space across 4 USB hard drives.
Set resiliency type to Three-way mirror.
B. From Control Panel, create a new Storage Space across 4 USB hard drives.
Set resiliency type to Parity.
C. From Disk Management, create a new spanned volume.
D. From Disk Management, create a new striped volume.
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Parity resiliency type allows Windows to store parity information with the data, thereby protecting you from a single drive failure.
A: The Three-way mirror resiliency type allows Windows to store three copies of your data. Mirroring uses drive space less efficiently than parity.
C: Spanned volumes are not fault tolerant
D: Striped volumes are not fault tolerant
Drag and Drop Question
You have a Windows 10 Enterprise computer.
You have a 1-terabyte external hard drive.
You purchase a second 1-terabyte external hard drive.
You need to create a fault-tolerant volume that includes both external hard drives.
You also need to ensure that additional external hard drives can be added to the volume.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. When creating the pool, any existing data on the disks will be lost. It is therefore important to back up the data if you do not want to lose it. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Two-way mirror resiliency type allows Windows to store two copies of your data, so that you won’t lose your data if one of your drives fails.
You manage 50 computers that run Windows 10 Enterprise.
You have a Windows To Go workspace installed on a USB drive named USB1.
You need to configure USB1 to meet the following requirements:
– When you run Windows To Go from USB1, you can see the contents of the computer’s internal drives from File Explorer.
– When you connect USB1 to a computer that runs Windows 10, you can automatically view the content of USB1 from File Explorer.
In the table below, select the action that must be performed to achieve each requirement.
NOTE: Make only one selection in each column. Each correct selection is worth one point.
If you want to view the contents of the computer’s internal drives from File Explorer when you run Windows To Go from USB1, you have to launch an elevated command prompt, run diskpart and then execute the List disk command. You now have to select the internal disk using the sel disk command, and then enter the online disk command.
Configuring the attributes volume option from DiskPart allows you to display, set, or clear the attributes of a volume.
Configuring the attributes disk option from DiskPart allows you to display, set, or clear the attributes of a disk.
Fsutil volume is used to dismount a volume, query to see how much free space is available on a disk, or find a file that is using a specified cluster.
Fsutil behavior is used to query or set NTFS volume behaviour.
You support Windows 10 Enterprise computers that are members of an Active Directory domain. Recently, several domain user accounts have been configured with super-mandatory user profiles.
A user reports that she has lost all of her personal data after a computer restart.
You need to configure the user’s computer to prevent possible user data loss in the future.
What should you do?
A. Remove the .man extension from the user profile name.
B. Configure Folder Redirection by using the domain group policy.
C. Configure the user’s documents library to include folders from network shares.
D. Add the .dat extension to the user profile name.
Folder Redirection allows administrators to redirect the path of a folder to a new location, which can be a folder on the local computer or a directory on a network file share. Users can then work with documents on a server as if the documents were based on a local drive, but are available to the user from any computer on the network. Folder Redirection can be found under Windows Settings in the console tree by editing domain-based Group Policy via the Group Policy Management Console (GPMC).
A: A super mandatory profile is a roaming profile in which the profile path ends in .man. Removing the .man extension will create a roaming profile, which will not solve the problem.
C: A super mandatory profile prevents users from saving any changes to their profile, which includes the user’s documents library.
D: A super mandatory profile is a roaming profile in which the profile path ends in .man. Adding the .dat extension will result in an error.
You have a client Windows 10 Enterprise computer. The computer is joined to an Active Directory domain. The computer does not have a Trusted Platform Module (TPM) chip installed.
You need to configure BitLocker Drive Encryption (BitLocker) on the operating system drive.
Which Group Policy object (GPO) setting should you configure?
A. Allow access to BitLocker-protected fixed data drives from earlier version of Windows.
B. Require additional authentication at startup.
C. Allow network unlock at startup.
D. Configure use of hardware-based encryption for operating system drives.
To make use of BitLocker on a drive without TPM, you should run the gpedit.msc command.
You must then access the Require additional authentication at startup setting by navigating to Computer Configuration \Administrative Templates\Windows Components\Bit Locker Drive Encryption\Operating System Drives under Local Computer Policy. You can now enable the feature and tick the Allow BitLocker without a compatible TPM checkbox.
A: The Allow access to BitLocker-protected fixed data drives from earlier version of Windows policy setting is used to control whether access to drives is allowed via the BitLocker To Go Reader, and if the application is installed on the drive.
C: The Allow network unlock at startup policy allows clients running BitLocker to create the necessary network key protector during encryption.
D: The Configure use of hardware-based encryption for operating system drives policy controls how BitLocker reacts when encrypted drives are used as operating system drives http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/ https://technet.microsoft.com/en-us/library/jj679890.aspx#BKMK_depopt4
70-697 dumps full version (PDF&VCE): https://www.lead2pass.com/70-697.html
Large amount of free 70-697 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDX3RYMG04cEg5aEE
You may also need:
70-698 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDa2cwaDdKY1dLdHM