59 terms

Mobile Computing

STUDY
PLAY

Terms in this set (...)

-
your organization
provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. you manage these devices by enrolling them in your cloud-base windows intune account. one of your sales reps left her tablet at an airport. the device contains sensitive information and you need to remove it in case the device is compromised. which intune portal should you use to perform a remote wipe?
admin portal
-
an end user in your organization has been issued a windows 8.1 notebook t use while traveling and working from home. because of the way the notebook system will be used, security settings cant be easily applied using domain-base group policies. to enforce security settings, you decide to manage the notebook by enrolling it with your cloud-based windows intune account. however, the user has already taken the notebook home. what should you do?
instruct the user to enroll it using the company portal
-
your organization provides its sales force with windows 8.1 notebooks to use while visiting customer sites. you manage these devices by enrolling them in a cloud-based windows intune account. one of your sales reps left his notebook at a customer's site. the device contains sensitive information and you want to change the password to prevent the data from being compromised. which intune portal should you use to remote change the password.
admin portal
-
many of the end users in your organization are bringing their own personal mobile devices to work and are storing sensitive data on them. to prevent the data from being compromised, you create a cloud-based windows intune account and configure mobile device security policies. you now need to apply those security policies to the end users' mobile devices. what should you do? SELECT TWO!
enroll the devices with the intune service.
create a user account for each user who has a managed mobile device.
-
you need to deploy a new cloud-based windows intune deployment to manage mobile devices in your organization. drag and drop the deployment configuration tasks on the left into the correct order in which they should be completed on the right. not all tasks will be used.
step 1: sign up for an intune account
step 2: create intune user accounts
step 3: define intune policies
step 4: enroll mobile devices
step 5: link mobile devices to users.
-
you have a windows desktop system that is a member of a domain. your domain contains a DHCP server that runs windows server 2008 R2. the server is configured as a Network Access Protection (NAP) enforcement point. you need to configure the computer as a NAP client.
what should you do? SELECT TWO!
on the client, enable the enforcement client for DHCP.
on the client, start the NAP Agent service. Configure the service to auto-start.
-
you manage several windows notebook systems that are members of a domain. several employees in your company use the notebook computers to connect to the company network. because they use these notebooks while traveling or to help them do their jobs, you cant prevent them from connecting to the network. however, you are concerned that many of these systems wont always have the latest security patches installed. you want to implement a solution so that notebooks are checked for the latest security updates as they connect to the network. if the required updates are missing,, you ant to prevent these computers from having full access to the private network. what should you do?
implement Network Access Protection (NAP) with a quarantine network.
-
which component in a Network access Protection (NAP) solution generates a Statement of Health (SoH) that reports compliance with network health requirements?
NAP client
-
the security admin in your organization recently implemented NAP in your organization. all client systems now must go through the NAP process before being granted access to the network to make this happen, the windows client systems you manage must be configured to connect to the NAP server and provide a Statement of Health (SoH). click the service in the Services Console that connects he client to the NAP server.
network access protection agent
-
you have a windows system that is a member of a domain.
your domain contains a VPN server that runs windows server 2008 R2. you will use a smart card for authentication to the VPN server. what should you do?
use EAP as the authentication protocol.
-
you use a VPN connection on your windows desktop system to access resources on a corporate intranet. in addition to accessing the intranet resources, you need to access the internet while the VPN connection is active: however, you do not want to send internet traffic through the VPN connection. what should you do?
configure the advanced TCP/IP settings of the VPN connection.
-
you manage several windows notebook systems that are members of a domain. you have been put in charge of providing a VPN solution for all members of the Sales team. sales reps complain that with the previous VPN solution, there were many times that they were unable to establish the VPN solution because the hotel or airport firewalls blocked the necessary VPN ports. you need to come up with a solution that will work in most instances. what should you do?
use secure socket tunneling protocol (SSTP) as the VPN protocol.
-
you manage several windows notebook systems that are members of a domain with a server running windows server 2008 R2. you have been put in charge of providing a VPN solution for your company. you want the VPN connection to automatically reconnect if the VPN connection is lost or disconnected. you decide to use VPN Reconnect, but you need to ensure each laptop will make the correct VPN connection to the server. what should you do?
use internet key exchange version 2 (IKEv2) as the VPN protocol.
-
you use a windows notebook system that is a member of a domain with a server running windows server 2008 R2. you need to use a VPN connection to acces company resources from your home office. you configure a new vpn connection using the ikev2 security protocol, and then test the connection while at work. the connection is successful. when you test the vpn connection from your home, you find that the connection cannot be made. what should you do?
open UDP ports 500 and 4500 and protocol 50 on your home router.
-
you have a laptop running windows 7 ultimate. you need to configure the laptop to use a vpn connection to the company vpn server. select the link you would use to begin setting up a vpn connection
"set up a new connection or network"
-
the sales reps in your organization use a vpn connection on their windows 8 notebook systems to access the corporate network while traveling. you are concerned that a sales rep has configured her vpn connection to automatically remember her credentials for accessing the vpn server. this violates your organization's security policy. click the option in the vpn connection properties dialog you would use to disable this functionality.
"options"
-
you want to use your windows notebook to connect to your corporate while you are at home or traveling. your solution should meet the following requirements:
the computer should connect automatically to the intranet without user initiation.
all communications between your laptop and the intranet should be encrypted.
the connection should allow for remote management of the computer from the corporate intranet.
internet traffic should be directed to internet servers without going through servers at the corporate network.
the solution should work through firewalls where only HTTP and HTTPS are permitted.

which feature should you implement?
DirectAccess
-
you have purchased a new laptop that runs windows 7 pro. you want to use directaccess to connect the computer to your corporate intranet. you will use group policy to enforce directaccess settings on the client. what should you do to configure the laptop for the directaccess connection? SELECT TWO!
upgrade the computer to windows 7 ultimate or enterprise.
join the computer to a domain.
-
you have purchased a new laptop that runs windows 7 ultimate. you want to use directaccess to connect the computer to your corporate intranet from home. your home network is connected to the internet with a single public IP address and NAT. firewalls between your network and the intranet allow only HTTP and HTTPS traffic. what should you do to configure the laptop for the directaccess connection?
obtain a computer certificate for the laptop.
-
you would like to implement directaccess on your corporate network. which of the following is NOT an infrastructure requirement for using directaccess
network access for files server role
-
you manage windows 7 computers connected to the MYDOMAIN.COM active directory domain. you have decided to implement directaccess on your network. you run the setup for directaccess on the DA1 server with the following choices:

end-to-end authentication with a smart card required for authentication
root certificate from ca1.mydomain.com
security group name of directaccessgroup
the network location service runs on the directaccess server

you need to configure the client computers for the directaccess connection. what should you do?
add the computer account for each client computer to the directaccessgroup security group.
-
you have a laptop computer that runs windows 7. the computer is a member of a domain. you want to use directaccess to access application servers on your corporate intranet. application servers run windows server 2003 and windows server 2008. you want to configure a single access method for all servers and clients. which connection method should you use?
full enterprise network access (end-to-edge)
-
you have a laptop computer that runs windows 7 ultimate. the computer is a member of a domain. you want to use directaccess to access application servers on your corporate intranet. application servers run windows server 2003. you need to implement a solution that does the following:

all communications sent to the private network over the internet are encrypted.
client computers authenticate with application servers on the intranet.
following authentication, traffic on the intranet is not encrypted.

what should you do? SELECT TWO!
upgrade application servers to windows server 2008 R2.
configure selected server access (modified end-to-edge).
-
you want to protect all of the files on the hard drive of your windows notebook system to prevent unauthorized access. you want to prevent access to any file on the hard drive, even if the hard drive is moved to another computer. which feature should you implement?
BitLocker
-
you have a windows notebook system that is a member of a domain. you would like to protect the data on your notebook to meet the following requirements.

all operating system and user data should be encrypted
all user data should be inaccessible (unreadable) if the hard disk is removed and connected to a different computer.
the computer should not boot unless a special key is found on a USB drive.
the computer should not boot if a change is detected in the boot files.

you need to implement a solution to meet the stated requirements. what should you do?
implement bitlocker with a tpm
-
you have a new notebook that you want to install windows on. you would like to use bitlocker on the notebook to protect he volume used for the operating system and all user data. your notebook does NOT have a trusted platform module (TPM). you need to configure the computer to use bitlocker. what should you do?
configure bitlocker to use a startup key on a usb drive.
-
you are getting ready to install windows on a new laptop. you would like to configure the laptop to use bitlocker. the laptop should start up without requiring a pin or a usb device during startup. what should you do? SELECT TWO!
enable the TPM
create two partitions on the hard disk. put boot files on the first partition, and operating system files and data on the second partition.
-
you have two windows systems named computer 1 and computer 2. both computers are configured with bitlocker. both computers have a tpm installed. because of a hardware failure, computer 1 will not boot. you need to access the data on the drive where bitlocker was enabled as quickly as possible. what should you do?
move the hard disk from computer 1 to computer 2. use the recovery key from computer 1 to gain access to the encrypted volume.
-
you have previously installed windows on two new computers and configured both computers with bitlocker. both compuers have a tpm installed. because of a hardware failure, one of the computers will not boot. you replace the failed hardware, but now bitlocker is preventing the system starting because it has failed the startup system integrity checks. which of the following would you use to reconfigure bitlocker so the system will start?
recovery key
-
you have a windows system that is a member of a domain. you want to use bitlocker on the laptop. your implementation should meet the following requirements:

the computer should start up automatically without user intervention.
to meet security requirements, usb support must be disabled on the laptop.
you want to automatically generate recovery keys and store those keys in a central location.

you need to implement a solution to meet the stated requirements. what should you do? SELECT TWO!
configure group policy to store recovery keys in active directory.
implement bitlocker with a tpm.
-
you have a laptop that runs windows 7 pro. you want to protect the hard drive using bitlocker and a startup key saved to a usb device. what should you do first?
upgrade the computer to windows 7 ultimate or enterprise.
-
the hard drive in your windows notebook has been encrypted using bitlocker. bitlocker uses a tpm with a pin and a startup key. you have lost the usb devce containing the startup key. you also find that you are unable to locate the recovery key. you need to be able to boot the computer. what should you do?
reformat the hard drive and reinstall windows
-
you need to use command line tools to prepare the default drive on a windows system for use by bitlocker. the new system partition should be 500 MB in size and should not be assigned a drive letter. which command should you use?
bdehdcfg -target default -size 500
-
match the manage-bde.exe command option on the right with the appropriate description on the left.
-lock = prevents access to bitlocker data
-wipefreespace = removes unused data fragments from the free space on a drive.
-forcerecovery = enables bitlocker recovery mode
-status = displays bitlocker information for all drives on the computer.
-on = encrypts the drive and enables bitlocker.
-unlock = enables access to bitlocker protected data with a recovery password or a recovery key.
-
you have a compuer running windows 7. you have configured a usb thumb drive with bitlocker to go that has been formatted with fat32. you use a password to protect the drive. you want to be able t read and write files to the drive from a computer that is running windows xp pro. you need to implement a solution with the least amount of effort as possible. what should you do?
upgrade the windows xp computer to windows 7 ultimate or enterprise.
-
you want to configure your windows system such that write access to removable storage devices is only allowed on drives protected with bitlocker to go. what should you do?
configure the local security policy.
-
the hard drive in your windows system has been protected using bitlocker. you need to update the BIOS on the computer. what should you do first?
run manage-bde -pause
-
you have a computer running windows 7. you want to save some files on a usb thumb drive and protect the drive using bitlocker to go. you want to be able to read these files on a computer that is running windows xp pro. you need to implement a solution with least amount of effort as possible. what should you do first? SELECT TWO!
include the bitlockertogo.exe file on the usb drive.
format the drive using fat32.
-
your organization is formulating a Bring Your Own Device (BYOD) security policy for mobile devices. which of the following statements should be considered as you formulate your policy?
you cant use domain-based group policies to enforce security settings on mobile devices.
-
your organization is formulating a BYOD security policy for mobile devices running windows RT. which statements should be considered as you formulate your policy? SELECT TWO!
Apps will only run on windows RT if you leave UAC enabled.
Windows RT will refuse to run apps not digitally signed by Microsoft.
-
your organization is formulating a BYOD security policy for mobile devices running windows RT. you want to ensure that the storage devices in all windows RT mobile devices are encrypted to prevent them from being removed and read in a different system. which statements should be considered as you formulate your policy? SELECT TWO!
to enable device encryption, you must log into windows RT using a Microsoft account.
windows RT devices rely on the TPM in the system firmware for drive encryption.
-
you want to manually back up the key used for drive encryption on your windows RT tablet. click on the option you would use in control panel to do this.
"manage bitlocker"
-
your organization's security policy dictates that apps must be denied access to location information from the windows location platform. click on the option in pc settings you would use to deny apps permission to use location data.
"privacy"
-
your organization's security policy specifies that any mobile device, regardless of ownership, that connects to your internal network must have remote wipe enabled. if the device is lost or stolen, then it must be wiped to remove any sensitive data from it. your organization recently purchased several windows RT tablets. what should you do?
sign up for a windows intune account to manage the tablets.
-
you need to manually synchronize the offline files on your windows system with the versions of the same files stored on a network share.
what should you do? SELECT TWO!
edit the mapped drive properties
open the sync center
-
you manage windows notebook systems that are members of a domain. you have ten regional sales people who travel extensively and use these notebooks to access company resources. the users have complained that although they can take copies of important files with them into the field, occasionally they have been caught with out-of-date documents because no one told them the files had been updated. additionally, some files they modify need to be distributed to all the other sales staff. you need to address this problem and easily provide the appropriate access to these shared files. what should you do?
configure offline files for the folder that contains these files.
-
you use a windows notebook system named m400, which is a member of a domain and is located in a branch office. a windows 2012 server named server1 contains a shared folder named Data. the server is located in the main office. you need to configure m400 to cache the files from the Data share so they can be used when m400 is not connected to the network. you want the files in the Data share to automatically synchronize each time m4000 connects to the network. the files must be protected by encryption; other files on m400 do not need encryption. what should you do?
on m400, make the Data share available offline and enable encryption of offline files.
-
you manage several windows notebook systems that are members of a domain. the notebook computers are located at a branch office and access files across a WAN link stored on a server in the main office. all files are in a network shared named Data on the server. you want the laptops to save copies of the files locally, and use their local copies if the files on the server have not been modified. files should not e available on the client computers when the WAN link is down. what should you do?
enable transparent caching.
-
you use a desktop system named comp1 that is located in a branch office. a server running windows server 2008 R2 named Srv1 is located in the main office. you share a folder named Data using the default caching settings. on comp1, you access files on the Data share across a WAN link. you want to use transparent caching to reduce WAN traffic. what should you do?
on comp1, edit the local security policy.
-
you use a windows notebook named comp1 that connects to the company network in a branch office. a server running windows server 2008 R2 named Srv1 is located in the main office. you share a folder named Data using the default caching settings. you use offline files to automatically access files when the WAN link connecting the two offices is slow. you want to encrypt the offline files cache on comp1. what should you do? SELECT TWO!
on comp1, edit the local security policy.
on comp1, edit the offline files settings in the sync center.
-
you use a windows system named comp1 that is located in a branch office. a server running windows server 2008 R2 named Srv1 is located in the main office. you share a folder named Data using the default caching settings. you use offline files in the branch office to make the files in the Data share available when the WAN link is down. you want to prevent all files with the .iso and .mp3 extensions from being cached. what should you do?
on Srv1, edit the local security policy.
-
you have a windows system named comp1 that is located in a branch office. a server running windows server 2012 named Srv1 is located in the main office. you share a folder named Data using the default caching settings. you use offline files in the branch office to make the files in the Data share available when the WAN link is down. on comp1, you want to see your synchronization partners, see the results of the latest synchronization, and view and resolve any conflicts. what should you do?
open the sync center in the control panel.
-
you have ten regional sales people who travel extensively and use windows notebook systems to access company resources. a windows 2008 R2 server named Server1 contains a shared folder named Data. the server is located in the main office. you want the files in the Data share to be cached automatically when opened by one of the laptops. you also want the laptop to cache any executable files that it uses from the Data share. select the setting(s) you would choose to meet these requirements.
"all files and programs that users open from the shared folder are automatically available offline."
"optimize for performance"
-
you have a windows 7 laptop that has offline files enabled you regularly access a file in a share called Data on the company server where manual caching is configured. select the option you should choose to make a cache version of the info.txt file available when you are disconnected from the office network.
"always available offline"
-
you are about to give a presentation and have connected you laptop to a multimedia projector. you are concerned about interruption to your presentation such as notification balloons and the screen turning black. what should you do?
in the windows mobility center, enable the presentation settings option.
-
you have a laptop running windows 7 ultimate. you are about to give a presentation and would like to minimize interruptions to your presentation. select the option you should choose.
under Not Presenting click
"turn on"
-
you are about to give a presentation. you connect your laptop to an external display device. you want to make sure that our desktop icons and the start menu does not show up on the external display while you are presenting. what should you do? SELECT TWO!
use the mobility center to extend your desktop on the external display.
in display properties, select extend these displays.
-
you are using your windows 8 pro notebook system as you travel to client sites. you're about to board an airliner. you decide to switch your notebook to airplane mode prior to boarding so that you can easily use it after the pilot allows passengers to use electronic devices as long as all radio functionality is turned off. what should you do? SELECT TWO!
open the setting charm and select the network icon.
use the airplane mode switch at the top of the networks panel to turn wireless communications off.
-
you windows 8.1 notebook system is configured to use its mobile broadband connection when it is out of range of a configured Wi-Fi network connection. however, your mobile broadband provider has implemented a data cap. you need to configure the system such that personalization settings, language settings, app settings, favorites, ad so on are not synchronized while connected to the mobile broadband connection. click the option you would use in the pc settings panel to do this.
"onedrive"