New 70-697 Exam Dumps Collection from PassLeader in VCE and PDF Files (Question 31 – Question 45)

Valid 70-697 Dumps shared by PassLeader for Helping Passing 70-697 Exam! PassLeader now offer the newest 70-697 VCE dumps and 70-697 PDF dumps, the PassLeader 70-697 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader 70-697 dumps with VCE and PDF here: http://www.passleader.com/70-697.html (201 Q&As Dumps –> 308 Q&As Dumps –> 350 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader 70-697 dumps from Cloud Storage: https://drive.google.com/open?id=0B-ob6L_QjGLpd0pjaGx0bzVXVG8

QUESTION 31
You are an IT consultant for small and mid-sized business. One of your clients wants to start using Virtual Smart Cards on its Windows 10 Enterprise laptops and tablets. Before implementing any changes, the client wants to ensure that the laptops and tablets support Virtual Smart Cards. You need to verify that the client laptops and tablets support Virtual Smart Cards. What should you do?

A.    Ensure that each laptop and tablet has a Trusted Platform Module (TPM) chip of version 1.2 or greater.
B.    Ensure that BitLocker Drive Encryption is enabled on a system drive of the laptops and tablets.
C.    Ensure that each laptop and tablet can read a physical smart card.
D.    Ensure that the laptops and tablets are running Windows 10 Enterprise edition.

Answer: A
Explanation:
A Trusted Platform Module (TPM) chip of version 1.2 or greater is required to support Virtual Smart Cards. Virtual smart card technology from Microsoft offers comparable security benefits to physical smart cards by using two-factor authentication. Virtual smart cards emulate the functionality of physical smart cards, but they use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. Virtual smart cards are created in the TPM, where the keys that are used for authentication are stored in cryptographically secured hardware.
Incorrect Answers:
B: BitLocker Drive Encryption does not need to be enabled on a system drive of the laptops and tablets to support Virtual Smart Cards.
C: The ability to read a physical smart card does not ensure support for Virtual Smart Cards.
D: Windows 10 Enterprise edition is not a requirement for Virtual Smart Cards; other versions of Windows 10 (and Windows 8) can use Virtual Smart Cards.
https://technet.microsoft.com/en-GB/library/dn593708.aspx

QUESTION 32
Your network contains an Active Directory domain named contoso.com. Contoso.com is synchronized to a Microsoft Azure Active Directory. You have a Microsoft Intune subscription. Your company plans to implement a Bring Your Own Device (BYOD) policy. You will provide users with access to corporate data from their personal iOS devices. You need to ensure that you can manage the personal iOS devices. What should you do first?

A.    Install the Company Portal app from the Apple App Store.
B.    Create a device enrollment manager account.
C.    Set a DNS alias for the enrollment server address.
D.    Configure the Intune Service to Service Connector for Hosted Exchange.
E.    Enroll for an Apple Push Notification (APN) certificate.

Answer: E
Explanation:
An Apple Push Notification service (APNs) certificate must first be imported from Apple so that you can manage iOS devices. The certificate allows Intune to manage iOS devices and institutes an accredited and encrypted IP connection with the mobile device management authority services.
Incorrect Answers:
A: Users can only install the Company Portal app after they have been added as Intune users, which require the Apple Push Notification (APN) certificate to be in place.
B: The device enrollment manager account is a special Intune account that has permission to enroll more than five corporate-owned devices. It is not used for BYOD.
C: The Set a DNS alias for the enrollment server address setting is an optional setting for enrolling Windows devices.
D: The Configure Intune service to service connector for hosted Exchange setting is used to connect Microsoft Intune and hosted Exchange without an on-premises infrastructure.
https://technet.microsoft.com/library/dn408185.aspx
https://technet.microsoft.com/en-us/library/dn764961.aspx
https://technet.microsoft.com/en-us/library/mt346003.aspx
https://technet.microsoft.com/en-us/library/dn646988.aspx

QUESTION 33
You manage Microsoft Intune for a company named Contoso. Intune client computers run Windows 10 Enterprise. You notice that there are 25 mandatory updates listed in the Intune administration console. You need to prevent users from receiving prompts to restart Windows following the installation of mandatory updates. Which policy template should you use?

A.    Microsoft Intune Agent Settings
B.    Windows Configuration Policy
C.    Microsoft Intune Center Settings
D.    Windows Custom Policy (Windows 10 and Windows 10 Mobile)

Answer: A
Explanation:
To configure the Prompt user to restart Windows during Intune client agent mandatory updates update policy setting you have to configure the Microsoft Intune Agent Settings policy. Setting the Prompt user to restart Windows during Intune client agent mandatory updates setting to No would prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
Incorrect Answers:
B: You make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices, but not the policy setting in question.
C: The Microsoft Intune Center allows users to get applications from the company portal, check for updates, manage Microsoft Intune Endpoint Protection, and request remote assistance. It does not allow users to configure settings to prevent users from receiving prompts to restart Windows following the installation of mandatory updates.
D: You can make use of the Microsoft Intune custom configuration policy for Windows 10 and Windows 10 Mobile to deploy OMA-URI (Open Mobile Alliance Uniform Resource Identifier) settings.
http://blogs.technet.com/b/windowsintune/archive/2013/01/09/policy-settings-for-mandatory-updates.aspx
https://technet.microsoft.com/en-us/library/dn646989.aspx

QUESTION 34
Drag and Drop Question
You manage Microsoft Intune for a company named Contoso. You have 200 computers that run Windows 10. The computers are Intune clients. You need to configure software updates for the clients. Which policy template should you use to configure each software updates setting? To answer, drag the appropriate policy templates to the correct settings. Each policy template may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
passleader-70-697-dumps-341

Answer:
passleader-70-697-dumps-342
Explanation:
You must make use of the Microsoft Intune Windows general configuration policy to configure settings for enrolled devices. The system settings that can be configured using this policy include the following:
– Require automatic updates.
– Require automatic updates – Minimum classification of updates to install automatically.
– User Account Control.
– Allow diagnostic data submission.
To configure the Allow immediate installation of updates that do not interrupt Windows update policy setting you have to configure and deploy a Microsoft Intune Agent Settings policy.
Incorrect Answers:
You can make use of the Microsoft Intune custom configuration policy for Windows 10 and Windows 10 Mobile to deploy OMA-URI (Open Mobile Alliance Uniform Resource Identifier) settings, which can be used to control features on Windows 10 and Windows 10 Mobile devices.
https://technet.microsoft.com/en-us/library/dn646968.aspx
https://technet.microsoft.com/en-us/library/mt147409.aspx

QUESTION 35
You have an Active Directory domain named contoso.com that contains a deployment of Microsoft System Center 2012 Configuration Manager Service Pack 1 (SP1). You have a Microsoft Intune subscription that is synchronized to contoso.com by using the Microsoft Azure Active Directory Synchronization Tool (DirSync.). You need to ensure that you can use Configuration Manager to manage the devices that are registered to your Microsoft Intune subscription. Which two actions should you perform? Each correct answer presents a part of the solution.

A.    In Microsoft Intune, create a new device enrollment manager account.
B.    Install and configure Azure Active Directory Synchronization Services (AAD Sync).
C.    In Microsoft Intune, configure an Exchange Connector.
D.    In Configuration Manager, configure the Microsoft Intune Connector role.
E.    In Configuration Manager, create the Microsoft Intune subscription.

Answer: DE
Explanation:
To allow Configuration Manager to manage mobile devices in the same context as other devices, it requires you to create a Windows Intune subscription and synchronize user accounts from Active Directory to Microsoft Online. to achieve that, you are required to complete the following tasks:
– Sign up for a Windows Intune organizational account
– Add a public company domain and CNAME DNS entry
– Verify users have public domain User Principal Names (UPNs)
– If you plan to use single sign-on, deploy and configure Active Directory Federated Services (ADFS)
– Deploy and Configure Active Directory Synchronization
– Reset users Microsoft Online password – If not using ADFS
– Configure Configuration Manager for mobile device management
– Create the Windows Intune Subscription in the Configuration Manager console
– Add the Windows Intune Connector Site System role
– Verify that Configuration Manager successfully connects to Windows Intune
http://blogs.technet.com/b/configmgrteam/archive/2013/03/20/configuring-configuration-manager-sp1-to-manage-mobile-devices-using-windows-intune.aspx

QUESTION 36
You purchase a new Windows 10 Enterprise desktop computer. You have four external USB hard drives. You want to create a single volume by using the four USB drives. You want the volume to be expandable, portable and resilient in the event of failure of an individual USB hard drive. You need to create the required volume. What should you do?

A.    From Control Panel, create a new Storage Space across 4 USB hard drives.
Set resiliency type to Three-way mirror.
B.    From Control Panel, create a new Storage Space across 4 USB hard drives.
Set resiliency type to Parity.
C.    From Disk Management, create a new spanned volume.
D.    From Disk Management, create a new striped volume.

Answer: B
Explanation:
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Parity resiliency type allows Windows to store parity information with the data, thereby protecting you from a single drive failure.
Incorrect Answers:
A: The Three-way mirror resiliency type allows Windows to store three copies of your data. Mirroring uses drive space less efficiently than parity.
C: Spanned volumes are not fault tolerant
D: Striped volumes are not fault tolerant
http://www.howtogeek.com/109380/how-to-use-windows-8s-storage-spaces-to-mirror-combine-drives/
https://technet.microsoft.com/en-us/library/cc772180.aspx
https://technet.microsoft.com/en-us/library/cc732422.aspx

QUESTION 37
Drag and Drop Question
You have a Windows 10 Enterprise computer. You have a 1-terabyte external hard drive. You purchase a second 1-terabyte external hard drive. You need to create a fault-tolerant volume that includes both external hard drives. You also need to ensure that additional external hard drives can be added to the volume. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
passleader-70-697-dumps-371

Answer:
passleader-70-697-dumps-372
Explanation:
Storage Spaces can combine multiple hard drives into a single virtual drive. To create a storage space, you’ll have to connect two or more additional internal or external drives to your computer to create a storage pool. When creating the pool, any existing data on the disks will be lost. It is therefore important to back up the data if you do not want to lose it. You can also specify an arbitrarily large logical size. When your existing drive begins to fill up and nears the physical limit, Windows will display a notification in the Action Center, prompting you to add additional physical storage space. Selecting the Two-way mirror resiliency type allows Windows to store two copies of your data, so that you won’t lose your data if one of your drives fails.
http://www.howtogeek.com/109380/how-to-use-windows-8s-storage-spaces-to-mirror-combine-drives/

QUESTION 38
Hotspot Question
You manage 50 computers that run Windows 10 Enterprise. You have a Windows To Go workspace installed on a USB drive named USB1. You need to configure USB1 to meet the following requirements:
– When you run Windows To Go from USB1, you can see the contents of the computer’s internal drives from File Explorer.
– When you connect USB1 to a computer that runs Windows 10, you can automatically view the content of USB1 from File Explorer.
In the table below, select the action that must be performed to achieve each requirement. NOTE: Make only one selection in each column. Each correct selection is worth one point.
passleader-70-697-dumps-381

Answer:
passleader-70-697-dumps-382
Explanation:
If you want to view the contents of the computer’s internal drives from File Explorer when you run Windows To Go from USB1, you have to launch an elevated command prompt, run diskpart and then execute the List disk command. You now have to select the internal disk using the sel disk command, and then enter the online disk command. Configuring the attributes volume option from DiskPart allows you to display, set, or clear the attributes of a volume.
Incorrect Answers:
– Configuring the attributes disk option from DiskPart allows you to display, set, or clear the attributes of a disk.
– Fsutil volume is used to dismount a volume, query to see how much free space is available on a disk, or find a file that is using a specified cluster.
– Fsutil behavior is used to query or set NTFS volume behaviour.
http://www.verboon.info/2012/12/how-to-access-data-from-the-local-disk-when-running-a-windows-to-go-workspace/
https://technet.microsoft.com/en-us/library/cc732970.aspx
https://technet.microsoft.com/en-us/library/cc753059.aspx

QUESTION 39
You support Windows 10 Enterprise computers that are members of an Active Directory domain. Recently, several domain user accounts have been configured with super-mandatory user profiles. A user reports that she has lost all of her personal data after a computer restart. You need to configure the user’s computer to prevent possible user data loss in the future. What should you do?

A.    Remove the .man extension from the user profile name.
B.    Configure Folder Redirection by using the domain group policy.
C.    Configure the user’s documents library to include folders from network shares.
D.    Add the .dat extension to the user profile name.

Answer: B
Explanation:
Folder Redirection allows administrators to redirect the path of a folder to a new location, which can be a folder on the local computer or a directory on a network file share. Users can then work with documents on a server as if the documents were based on a local drive, but are available to the user from any computer on the network. Folder Redirection can be found under Windows Settings in the console tree by editing domain-based Group Policy via the Group Policy Management Console (GPMC).
Incorrect Answers:
A: A super mandatory profile is a roaming profile in which the profile path ends in .man. Removing the .man extension will create a roaming profile, which will not solve the problem.
C: A super mandatory profile prevents users from saving any changes to their profile, which includes the user’s documents library.
D: A super mandatory profile is a roaming profile in which the profile path ends in .man. Adding the .dat extension will result in an error.
https://technet.microsoft.com/en-gb/library/cc732275.aspx
http://windowsitpro.com/systems-management/inside-user-profiles

QUESTION 40
You have a client Windows 10 Enterprise computer. The computer is joined to an Active Directory domain. The computer does not have a Trusted Platform Module (TPM) chip installed. You need to configure BitLocker Drive Encryption (BitLocker) on the operating system drive. Which Group Policy object (GPO) setting should you configure?

A.    Allow access to BitLocker-protected fixed data drives from earlier version of Windows.
B.    Require additional authentication at startup.
C.    Allow network unlock at startup.
D.    Configure use of hardware-based encryption for operating system drives.

Answer: B
Explanation:
To make use of BitLocker on a drive without TPM, you should run the gpedit.msc command. You must then access the Require additional authentication at startup setting by navigating to Computer Configuration \Administrative Templates\Windows Components\Bit Locker Drive Encryption\Operating System Drives under Local Computer Policy. You can now enable the feature and tick the Allow BitLocker without a compatible TPM checkbox.
Incorrect Answers:
A: The Allow access to BitLocker-protected fixed data drives from earlier version of Windows policy setting is used to control whether access to drives is allowed via the BitLocker To Go Reader, and if the application is installed on the drive.
C: The Allow network unlock at startup policy allows clients running BitLocker to create the necessary network key protector during encryption.
D: The Configure use of hardware-based encryption for operating system drives policy controls how BitLocker reacts when encrypted drives are used as operating system drives.
http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/
https://technet.microsoft.com/en-us/library/jj679890.aspx#BKMK_depopt4

QUESTION 41
You administer Windows 10 Enterprise desktop computers that are members of an Active Directory domain. You want to create an archived copy of user profiles that are stored on the desktops. You create a standard domain user account to run a backup task. You need to grant the backup task user account access to the user profiles. What should you do?

A.    Add the backup task account to the Remote Management Users group on a domain controller.
B.    Add the backup task account to the Backup Operators group on every computer.
C.    Add the backup task account to the Backup Operators group on a domain controller.
D.    Set the backup task account as NTFS owner on all the profiles.

Answer: B
Explanation:
The Local Backup Operators group can back up and restore files on a computer, regardless of any permission that protect those files.
Incorrect Answers:
A: The Remote Management Users group is normally used to allow users to manage servers via the Server Manager console.
C: Members of the Domain Backup Operators group will be able to back up all files and folders on all computers in the domain, not just the Windows 10 Enterprise desktop computers.
D: Setting the backup task account as NTFS owner on all the profiles will allow the backup task account to control how permissions are set on the NTFS volumes for those user profiles and to whom permissions are granted. You only need to grant the backup task user account access to the user profiles, not control over its permissions.
https://technet.microsoft.com/en-us/library/cc771990.aspx
https://technet.microsoft.com/en-us/library/dn579255.aspx
https://technet.microsoft.com/en-us/library/cc779180(v=ws.10).aspx

QUESTION 42
Hotspot Question
You administer Windows 10 Enterprise computers in your company network, including a computer named Wst1. Wst1 is configured with multiple shared printer queues. Wst1 indicates hardware errors. You decide to migrate the printer queues from Wst1 to a new computer named Client1. You export the printers on Wst1 to a file. You need to import printers from the file to Client1. From the Print Management console, which Print Management node should you select? To answer, select the appropriate node in the answer area.
passleader-70-697-dumps-421

Answer:
passleader-70-697-dumps-422

QUESTION 43
You are a system administrator for a department that has Windows 10 Enterprise computers in a domain configuration. You deploy an application to all computers in the domain. You need to use group policy to restrict certain groups from running the application. What should you do?

A.    Set up DirectAccess.
B.    Configure AppLocker.
C.    Disable BitLocker.
D.    Run the User State Management Tool.

Answer: B
Explanation:
AppLocker is a feature in Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 that advances the functionality of the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs. AppLocker rules can be applied to security groups. We can use a group policy to apply AppLocker rules to the security groups to prevent them from running the application.
Incorrect Answers:
A: DirectAccess is a remote access solution that enables remote access to company resources. It cannot be used to prevent members of security groups from running an application.
C: BitLocker is used to encrypt data. It cannot be used to prevent members of security groups from running an application.
D: The User State Management Tool is used for managing user profiles. It cannot be used to prevent members of security groups from running an application.
https://technet.microsoft.com/en-us/library/ee619725(v=ws.10).aspx#BKMK_WhatRruleConditions

QUESTION 44
You support desktop computers and tablets that run Windows 8 Enterprise. All of the computers are able to connect to your company network from the Internet by using DirectAccess. Your company wants to deploy a new application to the tablets. The deployment solution must meet the following requirements:
– The application is able to access files stored on an internal solid-state drive (SSD) on the tablets.
– The application is isolated from other applications.
– The application uses the least amount of disk space on the tablet.
You need to deploy the new application to the tablets. What should you do?

A.    Deploy the application as an Application Virtualization (App-V) package.
Install the App-V 4.6 client on the tablets.
B.    Deploy the application as a published application on the Remote Desktop server.
Create a Remote Desktop connection on the tablets.
C.    Install the application on a local drive on the tablets.
D.    Install the application in a Windows To Go workspace.
E.    Install Hyper-V on tablets. Install the application on a virtual machine.
F.    Publish the application to Windows Store.
G.    Install the application within a separate Windows 8 installation in a virtual hard disk (VHD) file. Configure the tablets with dual boot.
H.    Install the application within a separate Windows 8 installation in a VHDX file.
Configure tablets with dual boot.

Answer: B
Explanation:
Deploying the application as a published application on the Remote Desktop server will use no disk space on the tablets. Users will be able to access the application by using Remote Desktop Connections. This will also ensure that the application is isolated from other applications on the tablets. We can use Remote Desktop Connection `redirection’ to ensure that the application is able to access files stored on an internal solid-state drive (SSD) on the tablets. Redirection enables access to local resources such as drives, printers etc. in a Remote Desktop Connection.
Incorrect Answers:
A: This solution does not minimize the disk space used on the tablets as the application will be downloaded to the tablets.
C: This solution does not minimize the disk space used on the tablets as the application will be installed on the tablets. This solution also does not provide the required isolation from other applications.
D: This solution does not provide the required access to files stored on the internal solid-state drive (SSD) on the tablets.
E: This solution does not minimize the disk space used on the tablets as disk space will be required for the virtual machine. This solution also does not provide the required access to files stored on the internal solid-state drive (SSD) on the tablets.
F: This solution does not minimize the disk space used on the tablets as the application will need to be downloaded and installed on the tablets.
G: This solution does not minimize the disk space used on the tablets as disk space will be required for the VHD.
H: This solution does not minimize the disk space used on the tablets as disk space will be required for the VHDX.
https://azure.microsoft.com/en-gb/documentation/articles/remoteapp-redirection/

QUESTION 45
You have a computer named Computer1 that runs Windows 10 Enterprise. Computer1 is a member of an Active Directory domain named contoso.com. You have a line-of-business universal app named App1. App1 is developed internally. You need to ensure that you can run App1 on Computer1. The solution must meet the following requirements:
– Minimize costs to deploy the app.
– Minimize the attack surface on Computer1.
What should you do?

A.    Have App1 certified by the Windows Store.
B.    Sign App1 with a certificate issued by a third-party certificate authority.
C.    From the Update & Security setting on Computer1, enable the Sideload apps setting.
D.    Run the Add-AppxProvisionedPackage cmdlet.

Answer: C
Explanation:
To install the application, you need to `Sideload’ it. First you need to enable the Sideload apps setting. LOB Windows Store apps that are not signed by the Windows Store can be sideloaded or added to a PC in the enterprise through scripts at runtime on a per-user basis. They can also be provisioned in an image by the enterprise so that the app is registered to each new user profile that’s created on the PC. The requirements to sideload the app per-user or in the image are the same, but the Windows PowerShell cmdlets you use to add, get, and remove the apps are different. Before you can sideload LOB Windows Store apps that are not signed by the Windows Store, you will need to configure the PC.
Incorrect Answers:
A: We only need to install the app on one computer so it is not necessary to have App1 certified by the Windows Store. This solution does not minimize costs.
B: This solution does not minimize costs as you would have to pay for a third party certificate.
D: The Add-AppxProvisionedPackage cmdlet adds an app package (.appx) that will install for each new user to a Windows image. However, to install an unsigned app, we need to enable sideloading first. Furthermore, the question states that `you’ need to ensure that you can run App1 on Computer1. The Add-AppxProvisionedPackage cmdlet would make the app available to all users, not just you.
https://msdn.microsoft.com/en-us/library/hh454036.aspx


Get the newest PassLeader 70-697 VCE dumps here: http://www.passleader.com/70-697.html (201 Q&As Dumps –> 308 Q&As Dumps –> 350 Q&As Dumps)

And, DOWNLOAD the newest PassLeader 70-697 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=0B-ob6L_QjGLpd0pjaGx0bzVXVG8