Microsoft 70-697
Configuring Windows Devices
Microsoft 70-697 Dumps Available Here at:
http://blog.giftovus.com/?tell=microsoft-exam/70-697-dumps.html
Enrolling now you will get access to 164 questions in a unique set of 70- 697 dumps
Question 1
You support Windows 10 Enterprise computers that are members of an Active Directory domain. Your company policy defines the list of approved Windows Store apps that are allowed for download and installation.
You have created a new AppLocker Packaged Apps policy to help enforce the company policy.
You need to test the new AppLocker Packaged Apps policy before you implement it for the entire company.
What should you do?
Options:
A. From Group Policy, enforce the new AppLocker policy in Audit Only mode.
B. From Group Policy, run the Group Policy Results Wizard.
C. From Group Policy, run the Group Policy Modeling Wizard.
D. From PowerShell, run the Get-AppLockerPolicy -Effective command to retrieve the AppLocker
effective policy.
Answer: A
Explanation:
You can test an AppLocker Packaged Apps policy by running it in audit mode.
After AppLocker rules are created within the rule collection, you can configure the enforcement setting to Enforce rules or Audit only.
When AppLocker policy enforcement is set to Enforce rules, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to Audit only, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
Incorrect Answers:
B: The Group Policy Results Wizard is used to determine which group policy settings are applied to a user or computer object and the net results when multiple group policies are applied. The Group Policy Results Wizard is not used to test an AppLocker Packaged Apps policy.
C: The Group Policy Modeling Wizard calculates the simulated net effect of group policies. Group Policy
 https://www.certification-questions.com

Microsoft 70-697
Modeling can also simulate such things as security group membership, WMI filter evaluation, and the effects of moving user or computer objects to a different Active Directory container. The Group Policy Modeling Wizard is not used to test an AppLocker Packaged Apps policy.
D: The Get-AppLockerPolicy -Effective command returns the effective AppLocker policy on the local computer. The effective policy is the merge of the local AppLocker policy and any applied domain policies on the local computer. The Get-AppLockerPolicy -Effective command is not used to test an AppLocker Packaged Apps policy.
References: https://technet.microsoft.com/en-us/library/ee791796(v=ws.10).aspx
Question 2
You support Windows 10 Enterprise computers.
Your company has started testing Application Virtualization (App-V) applications on several laptops. You discover that the App-V applications are available to users even when the laptops are offline.
You need to ensure that the App-V applications are available to users only when they are connected to the company network.
What should you do?
Options:
A. Change user permissions to the App-V applications. B. Disable the Disconnected operation mode.
C. Configure mandatory profiles for laptop users.
D. Reset the App-V client FileSystem cache.
Answer: B
Explanation:
Disconnected operation mode is enabled by default and allows App-V applications to be available to users even when the laptops are offline. We need to disable Disconnected operation mode to prevent offline access.
The disconnected operation mode settings " accessible by right-clicking the Application Virtualization node, selecting Properties, and clicking the Connectivity tab"enables the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) to run applications that are stored in the file system cache of the client when the client is unable to connect to the Application Virtualization Management Server.
Incorrect Answers:
A: The ability to run an App-V application while the computer is offline is not determined by user permissions.
C: Mandatory profiles prevent users from making changes to their user profile. They do not prevent offline access to App-V applications.
D: When an App-V application is downloaded, it is stored in the App-V client FileSystem cache. Resetting the App-V client FileSystem cache will clear the contents of the cache and prevent the users from running
 https://www.certification-questions.com

Microsoft 70-697
the App-V application while their computers are offline. However, next time they connect to the network, they will download the App-V application again and will be able to run it offline again.
References:
https://technet.microsoft.com/en-gb/library/cc843712.aspx
Question 3
Your network contains an Active Directory domain named contoso.com. The domain contains Windows 10 Enterprise client computers.
Your company has a subscription to Microsoft Office 365. Each user has a mailbox that is stored in Office 365 and a user account in the contoso.com domain. Each mailbox has two email addresses.
You need to add a third email address for each user. What should you do?
Options:
A. From Active Directory Users and Computers, modify the E-mail attribute for each user.
B. From Microsoft Azure Active Directory Module for Windows PowerShell, run the Set-Mailbox cmdlet.
C. From Active Directory Domains and Trust, add a UPN suffix for each user. D. From the Office 365 portal, modify the Users settings of each user. Answer: B
Explanation:
We can use the Set-Mailbox cmdlet to modify the settings of existing mailboxes.
The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy addresses are typically set by email address policies. However, you can use this parameter to configure other proxy addresses for the recipient.
To add or remove specify proxy addresses without affecting other existing values, use the following syntax: @{Add="[]:","[]:"...; Remove="[]:","[]:"...}.
Incorrect Answers:
A: You cannot use the E-mail attribute in Active Directory Users and Computers to add email addresses. C: A UPN (User Principal Name) is used for authentication when you enter your credentials as username@domainname.com instead of: domainname\username. A UPN suffix is not an email address. D: Users' email addresses are not configured in the User settings in the Office 365 portal.
References:
https://technet.microsoft.com/en-us/library/bb123981(v=exchg.160).aspx
Question 4
Your Windows 10 Enterprise work computer is a member of an Active Directory domain. You use your
 https://www.certification-questions.com

Microsoft 70-697
domain account to log on to the computer. You use your Microsoft account to log on to a home laptop. You want to access Windows 10 Enterprise apps from your work computer by using your Microsoft account.
You need to ensure that you are able to access the Windows 10 Enterprise apps on your work computer by logging on only once.
What should you do?
Options:
A. Add the Microsoft account as a user on your work computer.
B. Enable Remote Assistance on your home laptop.
C. Connect your Microsoft account to your domain account on your work computer. D. Install SkyDrive for Windows on both your home laptop and your work computer. Answer: C
Explanation:
You can connect your Microsoft account to your domain account on your work computer. This will enable you to sign in to your work computer with your Microsoft account and access the same resources that you would access if you were logged in with your domain account.
When you connect your Microsoft account to your domain account, you can sync your settings and preferences between them. For example, if you use a domain account in the workplace, you can connect your Microsoft account to it and see the same desktop background, app settings, browser history and favorites, and other Microsoft account settings that you see on your home PC.
Incorrect Answers:
A: If you add the Microsoft account as a user on your work computer, this would be a separate account with no domain access. The account would not have access to the resources that you access with your domain account.
B: Enabling Remote Assistance on your home laptop would just enable you to send remote assistance invitations from your home laptop. It would have no effect on your work computer or your ability to log on to it.
D: SkyDrive is a cloud storage solution. You can save your files on SkyDrive and access them from any device. Installing SkyDrive will not enable you to log on to your work computer with your Microsoft account. References:
http://windows.microsoft.com/en-gb/windows-8/connect-microsoft-domain-account
Question 5
You administer a Windows 10 Enterprise computer that runs Hyper-V. The computer hosts a virtual machine with multiple snapshots. The virtual machine uses one virtual CPU and 512 MB of RAM. You discover that the virtual machine pauses automatically and displays the state as paused-critical. You need to identify the component that is causing the error.
Which component should you identify?
 https://www.certification-questions.com

Microsoft 70-697
Options:
A. no virtual switch defined
B. insufficient memory
C. insufficient hard disk space
D. insufficient number of virtual processors Answer: C
Explanation:
In this question, the VM has "multiple snapshots"? which would use up a lot of disk space. Virtual machines will go into the "Paused-Critical"? state in Hyper-V if the free space on the drive that contains the snapshots goes below 200MB.
One thing that often trips people up is if they have their virtual hard disks configured on one drive - but have left their snapshot files stored on the system drive. Once a virtual machine snapshot has been taken
- the base virtual hard disk stops expanding and the snapshot file stores new data that is written to the disk - so it is critical that there is enough space in the snapshot storage location.
Incorrect Answers:
A: No virtual switch being defined would not cause the Pause-Critical state.
B: Insufficient memory would not cause the Pause-Critical state.
D: An insufficient number of virtual processors would not cause the Pause-Critical state.
References: http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/04/22/why-is-my-virtual-machine-paused-critical- hyper-v.aspx
Question 6
You have a Windows 10 Enterprise computer named Computer1 that has the Hyper-V feature installed. Computer1 hosts a virtual machine named VM1. VM1 runs Windows 10 Enterprise. VM1 connects to a private virtual network switch.
From Computer1, you need to remotely execute Windows PowerShell cmdlets on VM1.
What should you do?
Options:
A. Run the winrm.exe command and specify the -s parameter.
B. Run the Powershell.exe command and specify the -Command parameter.
C. Run the Receive-PSSession cmdlet and specify the -Name parameter.
D. Run the Invoke-Command cmdlet and specify the -VMName parameter.
Answer: D
Explanation:
We can use Windows PowerShell Direct to run PowerShell cmdlets on a virtual machine from the Hyper-V
 https://www.certification-questions.com

Microsoft 70-697
host. Because Windows PowerShell Direct runs between the host and virtual machine, there is no need for a network connection or to enable remote management.
There are no network or firewall requirements or special configuration. It works regardless of your remote management configuration. To use it, you must run Windows 10 or Windows Server Technical Preview on the host and the virtual machine guest operating system.
To create a PowerShell Direct session, use one of the following commands: - Enter-PSSession -VMName VMName
- Invoke-Command -VMName VMName -ScriptBlock { commands } Incorrect Answers:
A: WinRM is Windows Remote Management. This is not required when using Windows PowerShell Direct. B: Running PowerShell.exe with a PowerShell cmdlet will execute the PowerShell cmdlet on the local machine. It will not remotely execute the PowerShell cmdlet on the VM.
C: You could run the Enter-PSSession cmdlet with the -VMName parameter but the Receive-PSSession cmdlet with the -Name parameter will not work.
References: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/about/whats_new
Question 7
You deploy several tablet PCs that run Windows 10 Enterprise.
You need to minimize power usage when the user presses the sleep button. What should you do?
Options:
A. In Power Options, configure the sleep button setting to Sleep.
B. In Power Options, configure the sleep button setting to Hibernate.
C. Configure the active power plan to set the system cooling policy to passive. D. Disable the C-State control in the computer's BIOS.
Answer: B
Explanation:
We can minimize power usage on the tablet PCs by configuring them to use Hibernation mode. A computer in hibernation mode uses no power at all.
Hibernation is a power-saving state designed primarily for laptops. While sleep puts your work and settings in memory and draws a small amount of power, hibernation puts your open documents and programs on your hard disk, and then turns off your computer. Of all the power-saving states in Windows, hibernation uses the least amount of power. On a laptop, use hibernation when you know that you won't use your laptop for an extended period and won't have an opportunity to charge the battery during that time. Incorrect Answers:
A: Sleep is a power-saving state that allows a computer to quickly resume full-power operation. A sleeping computer draws a small amount of power whereas a hibernating computer uses no power.
C: A passive cooling policy slows down the processor before speeding up the processor's cooling fan to
 https://www.certification-questions.com

Microsoft 70-697
conserve power. However, this will still use more power than a hibernating tablet.
D: C-States are different modes of CPU clock speed used to conserve power when processors are idle. Disabling C-State control disables the ability to reduce the power consumption of the computer. References: http://windows.microsoft.com/en-gb/windows7/sleep-and-hibernation-frequently-asked-questions
Question 8
You are the desktop administrator for a small company.
Your workgroup environment consists of Windows 10 Enterprise computers. You want to prevent 10 help desk computers from sleeping. However, you want the screens to shut off after a certain period of time if the computers are not being used.
You need to configure and apply a standard power configuration scheme for the 10 help desk computers on your network.
Which two actions should you perform? Each correct answer presents part of the solution.
Options:
A. Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk
computers. Set the power scheme to Active by using POWERCFG /S.
B. Use POWERCFG /X on one help desk computer to modify the power scheme to meet the
requirements. Export the power scheme by using POWERCFG /EXPORT.
C. Use POWERCFG /S on one help desk computer to modify the power scheme to meet the
requirements. Export the power scheme by using POWERCFG /EXPORT.
D. Import the power scheme by using POWERCFG /IMPORT on each of the remaining help desk
computers. Set the power scheme to Active by using POWERCFG /X.
Answer: A, B
Explanation:
You can use the Powercfg.exe tool to control power settings and configure computers to default to Hibernate or Standby modes.
In this question, we use POWERCFG /X on one help desk computer to modify the power scheme to meet our requirements. After configuring the required settings, we can export the power scheme settings to a file by using POWERCFG /EXPORT.
We can then import the power scheme from the file on each of the remaining help desk computers by using POWERCFG /IMPORT. After importing the power scheme on the remaining computers, we need to set the new power scheme to be the active power scheme by using POWERCFG /S.
Incorrect Answers:
 https://www.certification-questions.com

Microsoft 70-697
C: You need to use the /X switch to modify the power scheme, not the /S switch.
D: You need to use the /S switch to set the power scheme as active, not the /X switch. References:
https://technet.microsoft.com/en-us/library/cc748940(v=ws.10).aspx
Question 9
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 10 Enterprise. Some computers have a Trusted Platform Module (TPM) chip.
You need to configure a single Group Policy object (GPO) that will allow Windows BitLocker Drive Encryption on all client computers.
Which two actions should you perform? Each correct answer presents part of the solution.
Options:
A. Enable the Require additional authentication at startup policy setting.
B. Enable the Enforce drive encryption type on operating system drives policy setting.
C. Enable the option to allow BitLocker without a compatible TPM.
D. Configure the TPM validation profile to enable Platform Configuration Register indices (PCRs) 0, 2, 4,
and 11.
Answer: A, C
Explanation:
We need to allow Windows BitLocker Drive Encryption on all client computers (including client computers that do not have Trusted Platform Module (TPM) chip).
We can do this by enabling the option to allow BitLocker without a compatible TPM in the group policy. The 'Allow BitLocker without a compatible TPM' option is a checkbox in the 'Require additional authentication at startup' group policy setting. To access the 'Allow BitLocker without a compatible TPM' checkbox, you need to first select Enabled on the 'Require additional authentication at startup' policy setting.
Incorrect Answers:
B: Enabling the 'Enforce drive encryption type on operating system drives' policy setting allows you to configure whether the entire drive or used space only is encrypted when BitLocker is enabled. However, it does not enable the use of BitLocker on computers without a TPM chip.
D: The Platform Configuration Register indices (PCRs) 0, 2, 4, and 11 are enabled by default for computers that use an Extensible Firmware Interface (EFI). Configuring the TPM validation profile does not enable the use of BitLocker on computers without a TPM chip.
References:
http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
Question 10
 https://www.certification-questions.com

Microsoft 70-697
Employees are permitted to bring personally owned portable Windows 10 Enterprise computers to the office. They are permitted to install corporate applications by using the management infrastructure agent and access corporate email by using the Mail app.
An employee's personally owned portable computer is stolen.
You need to protect the corporate applications and email messages on the computer. Which two actions should you perform? Each correct answer presents part of the solution.
Options:
A. Prevent the computer from connecting to the corporate wireless network. B. Change the user's password.
C. Disconnect the computer from the management infrastructure.
D. Initiate a remote wipe.
Answer: B, D
Explanation:
The personally owned portable Windows 10 Enterprise computers being managed by the management infrastructure agent enables the use of remote wipe. By initiating a remote wipe, we can erase all company data including email from the stolen device.
Microsoft Intune provides selective wipe, full wipe, remote lock, and passcode reset capabilities. Because mobile devices can store sensitive corporate data and provide access to many corporate resources, you can issue a remote device wipe command from the Microsoft Intune administrator console to wipe a lost or stolen device.
Changing the user's password should be the first step. If the stolen computer is accessed before the remote wipe happens, the malicious user could be able to access company resources if the laptop has saved passwords.
Incorrect Answers:
A: Preventing the computer from connecting to the corporate wireless network will not offer much protection. The person in possession of the laptop would still be able to access all the data on the laptop and download emails. Furthermore, it is likely that the corporate applications can access corporate servers over any Internet connection.
C: Disconnecting the computer from the management infrastructure will not help. The person in possession of the laptop would still be able to access all the data on the laptop and download emails. This step would also remove the ability to perform a remote wipe. The computer will be disconnected from the management infrastructure when the remote wipe happens.
References:
https://technet.microsoft.com/en-gb/library/jj676679.aspx
Would you like to see more? Don't miss our 70-697 PDF file at:
http://blog.giftovus.com/?tell=microsoft-pdf/70-697-pdf.html
 https://www.certification-questions.com