Page: 1
/ 66
Total 330 questions
HOTSPOT -
You manage a Microsoft Azure RemoteApp deployment. The deployment consists of a cloud collection named CloudCollection1 and a hybrid collection named
HybridCollection1. Both collections reside in a subscription named Subscription1. Subscription1 contains two Active Directory instances named AzureAD1 and
AzureAD2. AzureAD1 is the associated directory of Subcsription1.
AzureAD1 is synchronized to an on-premises Active Directory forest named constoso.com. Passwords are synchronized between AzureAD1 and the on-premises
Active Directory.
You have the following user accounts:
You need to identify to which collections each user can be assigned access.
What should you identify? To answer, select the appropriate options in the answer area.
Hot Area:
Answer :
Explanation:
A Microsoft account can only access a cloud collection.
An Azure Active Directory (Azure AD) account can access a cloud collection and it can access a hybrid collection if directory synchronization with password sync is deployed.
An on-premise domain account that does not exist in any Azure Active Directory cannot access Azure cloud resources.
References:
https://azure.microsoft.com/en-gb/documentation/articles/remoteapp-collections/
Your Windows 10 Enterprise work computer is a member of an Active Directory domain. You use your domain account to log on to the computer. You use your
Microsoft account to log on to a home laptop.
You want to access Windows 10 Enterprise apps from your work computer by using your Microsoft account.
You need to ensure that you are able to access the Windows 10 Enterprise apps on your work computer by logging on only once.
What should you do?
- A. Add the Microsoft account as a user on your work computer.
- B. Enable Remote Assistance on your home laptop.
- C. Connect your Microsoft account to your domain account on your work computer.
- D. Install OneDrive for Windows on both your home laptop and your work computer.
Answer : C
Explanation:
You can connect your Microsoft account to your domain account on your work computer. This will enable you to sign in to your work computer with your Microsoft account and access the same resources that you would access if you were logged in with your domain account.
When you connect your Microsoft account to your domain account, you can sync your settings and preferences between them. For example, if you use a domain account in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other Microsoft account settings that you see on your home PC.
References:
http://windows.microsoft.com/en-gb/windows-8/connect-microsoft-domain-account
You are an IT consultant for small and mid-sized businesses.
One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards.
You need to verify that the client laptops and tablets support Virtual Smart Cards.
What should you do?
- A. Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
- B. Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
- C. Ensure that each laptop and tablet can read a physical smart card.
- D. Ensure that the laptops and tablets are running Windows 10 Enterprise edition.
Answer : A
Explanation:
A Trusted Platform Module (TPM) chip of version 1.2 or greater is required to support Virtual Smart Cards.
Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
References:
https://technet.microsoft.com/en-GB/library/dn593708.aspx
You administer Windows 10 Enterprise laptop and desktop computers. Your company uses Active Directory Domain Services (AD DS) and Active Directory
Certificate Services (AD CS).
Your company decides that access to the company network for all users must be controlled by two-factor authentication.
You need to configure the computers to meet this requirement.
What should you do?
- A. Install smart card readers on all computers. Issue smart cards to all users.
- B. Enable the Password must meet complexity requirements policy setting. Instruct users to logon by typing their user principal name (UPN) and their strong password.
- C. Create an Internet Protocol security (IPsec) policy on each Windows 10 Enterprise computer to encrypt traffic to and from the domain controller.
- D. Issue photo identification to all users. Instruct all users to create and use a picture password.
Answer : A
Explanation:
Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates.
A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources.
You administer computers that run Windows 8 Enterprise in an Active Directory domain in a single Active Directory Site. All user account objects in Active
Directory have the Manager attribute populated. The company has purchased a subscription to Windows Intune. The domain security groups are synchronized with the Microsoft Online directory.
You create a Windows Intune group that specifies a manager as a membership criterion. You notice that the group has no members.
You need to ensure that users that meet the membership criteria are added to the Windows Intune group. What should you do?
- A. Force Active Directory replication within the domain.
- B. Ensure that all user accounts are identified as synchronized users.
- C. Ensure that the user who is performing the search has been synchronized with the Microsoft Online directory.
- D. Synchronize the Active Directory Domain Service (AD DS) with the Microsoft Online directory.
Answer : B
Explanation:
For users and security groups to appear in the Windows Intune administrator console, you must sign in to the Windows Intune account portal and do one of the following:
Manually add users or security groups, or both, to the account portal.
Use Active Directory synchronization to populate the account portal with synchronized users and security groups.
The Windows Intune cloud service enables you to centrally manage and secure PCs through a single web-based console so you can keep your computers, IT staff, and users operating at peak performance from virtually anywhere without compromising the essentials: cost, control, security, and compliance.
References:
http://technet.microsoft.com/en-us/windows/intune.aspx
http://technet.microsoft.com/library/hh441723.aspx
31 days access 