Configure System Recovery in Visual Studio .NET

Paint QR Code 2d barcode in Visual Studio .NET Configure System Recovery

Practice 1 You can boot from the installation DVD-ROM and perform a system recovery in one of two ways either by pressing the F8 key on boot to access the Advanced Boot Options or by selecting Repair My Computer. You need to be familiar with running a system restore when a computer cannot boot normally. Practice 2 Access the More Information link given in Lesson 2 to learn more about the Bcdedit utility and the command syntax. Practice using this utility. Practice 3 (optional) If you created a bootable VHD in 2, restore a recent System Image backup to that VHD and boot from that system image.

Practice 1 Delete one of your files (preferably one that you no longer need) and remove it from the Recycle Bin. Recover the file and ensure that other files in the same folder are the most recent versions. Practice 2 Delete all your Internet favorites (it is a good idea to copy your Favorites folder somewhere safe first). Restore your Favorites folder from your user profile backup.

Take a Practice Test The practice tests on this book's companion DVD offer many options. For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-680 certification exam content. You can set up the test so that it closely simulates the experience of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question. Note MORE INFO: PRACTICE TESTS For details about all the practice test options available, see the section entitled "How to Use the Practice Tests," in the Introduction to this book.

Answers 1: Lesson Review Answers Lesson 1 1. Correct Answer: C A. Incorrect: LoadState.exe is part of the User State Migration Tool (USMT) utility and cannot be used to prepare a USB storage device as a Windows 7 installation source. B. Incorrect: ScanState.exe is part of USMT and cannot be used to prepare a USB storage device as a Windows 7 installation source. C. Correct: You can use the Diskpart utility to prepare a USB storage device so you can boot from it to install Windows 7. D. Incorrect: Bcdedit is used to modify boot configuration, but it cannot be used to prepare a USB storage device so that it is possible to boot from it to install Windows 7. 2. Correct Answer: D A. Incorrect: You need to install the operating systems in the order that they were released by Microsoft. Later operating systems are designed to detect existing installations of earlier operating systems, but earlier operating systems cannot detect the installation of later operating systems. B. Incorrect: You need to install the operating systems in the order in which they were released. Later operating systems are designed to detect existing installations of earlier operating systems, but earlier operating systems cannot detect the installation of later operating systems. C. Incorrect: You need to install the operating systems in the order in which they were released. Later operating systems are designed to detect existing installations of earlier operating systems, but earlier operating systems cannot detect the installation of later operating systems. D. Correct: You need to install Windows XP first, Windows Vista, and then Windows 7 because that is the order that Microsoft released them. This allows you to boot among the three operating systems. 3. Correct Answers: B and D A. Incorrect: An x86 version of Windows 7 can utilize a maximum of 4 GB of RAM. B. Correct: An x64 versions of Windows 7 can utilize more than 4 GB of RAM. C. Incorrect: An x86 version of Windows 7 can utilize a maximum of 4 GB of RAM. D. Correct: An x64 versions of Windows 7 can utilize more than 4 GB of RAM. 4. Correct Answer: B A. Incorrect: A computer does not require a DVD-ROM drive for a network-based installation from WDS. B. Correct: To deploy over the network using WDS requires the computer either a PXE-compliant network adapter or be booted from a WDS discover image. C. Incorrect: A computer does not require a USB 2.0 slot for a network-based installation from WDS. D. Incorrect: A computer does not require a HDMI port for a network-based installation from WDS. 5. Correct Answer: B

Incorrect: Two volumes are the minimum number required to support dualbooting between Windows XP and Windows 7. B. Correct: Two volumes are the minimum number required to support dualbooting between Windows XP and Windows 7. The Windows 7 installation routine creates an extra 200-MB system volume on one of these volumes when you install Windows 7, but two volumes is the minimum number required on a Windows XP computer prior to attempting to install Windows 7 for dual-boot configuration. C. Incorrect: Two volumes are the minimum number required to support dualbooting between Windows XP and Windows 7. D. Incorrect: Two volumes are the minimum number required to support dualbooting between Windows XP and Windows 7. Lesson 2 1. Correct Answer: B A. Incorrect: You cannot upgrade Windows Vista Enterprise to Windows 7 Home Professional. Windows Vista Enterprise (x86) only can be upgraded to Windows 7 Enterprise (x86) or Ultimate (x86). B. Correct: Windows Vista Enterprise (x86) only can be upgraded to Windows 7 Enterprise (x86) or Ultimate (x86). C. Incorrect: You cannot upgrade an x86 version of Windows Vista to an x64 version of Windows 7. D. Incorrect: You cannot upgrade an x86 version of Windows Vista to an x64 version of Windows 7. 2. Correct Answers: A, B, and D A. Correct: It is not possible to perform a direct upgrade from Windows XP to Windows 7, so a migration is necessary. B. Correct: It is not possible to perform a direct upgrade between an x86 version of Vista and an x64 version of Windows 7. C. Incorrect: You can perform a direct upgrade from Windows Vista Enterprise (x64) to Windows 7 Enterprise (x64). D. Correct: It is not possible to upgrade from an (x64) version of Windows Vista to an (x86) version of Windows 7. 3. Correct Answer: D A. Incorrect: Sysprep cannot be used to upgrade between editions of Windows 7. B. Incorrect: You cannot use Windows PE to upgrade between editions of Windows 7. C. Incorrect: WDS requires a server with WDS installed. The question specifies that there are no other computers on the home network. D. Correct: A user can utilize Windows Anytime Upgrade with a home Internet connection to upgrade from Windows 7 Home Premium to Windows 7 Ultimate. 4. Correct Answer: A A. Correct: The Windows 7 Upgrade Advisor can examine the configuration of a computer running Windows Vista to determine if any of the applications installed on that computer are known to have compatibility problems with Windows 7. B. Incorrect: Sysprep is used to prepare a computer for imaging. It cannot report whether particular applications have compatibility problems with Windows 7.

Incorrect: The USMT is used to migrate user profile data from one computer to another. It cannot report whether particular applications have compatibility problems with Windows 7. D. Incorrect: Windows PE is a minimal operating system that is used for maintenance tasks. It cannot report whether particular applications have compatibility problems with Windows 7. Correct Answers: A and C A. Correct: You can upgrade Windows 7 Home Premium (x86) to Windows 7 Professional (x86). B. Incorrect: You cannot upgrade an x86 version of Windows 7 to an x64 version of Windows 7. C. Correct: You can upgrade from Windows 7 Home Premium (x86) to Windows 7 Ultimate (x86). D. Incorrect: You cannot upgrade an x86 version of Windows 7 to an x64 version of Windows 7.

Lesson 3 1. Correct Answers: B, C, and D A. Incorrect: Windows 2000 does not support offline migration using the USMT. B. Correct: Windows XP Professional supports offline migration using the USMT. C. Correct: Windows Vista supports offline migration using the USMT. D. Correct: Windows 7 support offline migration using the USMT. 2. Correct Answers: B and C A. Incorrect: File Settings and Transfer Wizard is a Windows XP utility; it cannot be used to migrate data to Windows 7. B. Correct: USMT can be used to transfer user encryption certificates from a computer running Windows XP Professional to a computer running Windows 7 Professional. C. Correct: Windows Easy Transfer can be used to transfer user encryption certificates from a computer running Windows XP Professional to a computer running Windows 7 Professional. D. Incorrect: Robocopy.exe cannot be used to transfer user encryption certificates from a computer running Windows XP Professional to a computer running Windows 7 Professional. 3. Correct Answer: B A. Incorrect: MigDocs.xml contains rules about locating user documents. B. Correct: MigUser.xml contains rules about migrating user profiles and user data. C. Incorrect: MigApp.xml contains rules about the migration of application settings. D. Incorrect: Config.xml contains information about what features to exclude from a migration. 4. Correct Answer: C A. Incorrect: Windows Anytime Upgrade is a tool used to upgrade from one edition of Windows 7 to another. It does not contain USMT 4.0

Incorrect: Windows Upgrade Advisor is a tool that advises you whether hardware and software used with a computer running Windows Vista is compatible with Windows 7. C. Correct: The WAIK contains USMT 4.0. D. Incorrect: The Microsoft Application Compatibility Toolkit does not include USMT 4.0. Correct Answer: C A. Incorrect: Uncompressed migration stores use the most hard disk space as it creates a copy of the data being migrated in a separate directory structure. B. Incorrect: Compressed migration stores create a compressed copy of the data being migrated in a separate directory structure. C. Correct: Hard-link migration stores create a set of hard links to all data that will be migrated in a separate location but do not actually duplicate that data on the volume.

1: Case Scenario Answers Case Scenario 1: Installing Windows 7 at Contoso 1. You could use WDS or a USB storage device as an installation source for deploying Windows 7. Because you do not have access to Windows PE, you cannot use a network share. 2. You could use a USB storage device as an installation source for deploying Windows 7. Because you do not have access to Windows PE, you cannot use a network share. You would not use WDS when you need to deploy operating systems to only five computers at each location. 3. Windows 7 Enterprise supports BitLocker hard disk drive encryption and is available to volume license customers. Although Windows 7 Ultimate also supports BitLocker hard disk drive encryption, it uses a retail license rather than a volume one. Case Scenario 2: Migrating User Data at Fabrikam 1. Side-by-side migrations are appropriate because you are moving users in the branch offices from old computers to new computers. Wipe-and-load migrations are appropriate only when the same computer hardware is being used. 2. You should perform a wipe-and-load because the users in the head office will be using the same hardware and should not be able to boot into the x86 version of Windows 7 Enterprise after the upgrade is complete. 3. Use Windows Easy Transfer with the network method.

2: Lesson Review Answers Lesson 1 1. Correct Answer: D A. Incorrect: To capture a Windows 7 WIM image, you need to boot to Windows PE 3.0 (Windows PE). B. Incorrect: To capture a Windows 7 WIM image, you need to boot to Windows PE 3.0 (Windows PE). Also, the Windows SIM tool opens Windows images, creates answer files, and manages distribution shares and configuration sets. It does not create WIM images. C. Incorrect: To capture a Windows 7 WIM image, you need to boot to Windows PE 3.0 (Windows PE). Also, the DISM tool applies updates, drivers, and language packs to a Windows image. It does not create WIM images. D. Correct: To capture a Windows 7 WIM image, you boot to Windows PE 3.0 (Windows PE) and use the ImageX tool. E. Incorrect: The Windows SIM tool opens Windows images, creates answer files, and manages distribution shares and configuration sets. It does not create WIM images. F. Incorrect: The DISM tool applies updates, drivers, and language packs to a Windows image. It does not create WIM images. 2. Correct Answers: A and E A. Correct: The Windows SIM tool in Windows AIK automates the creation of an unattend answer file. In the Windows SIM Answer File pane, under Settings, you can select the appropriate setting and enter the required value in the right column. B. Incorrect: DISM applies updates, drivers, and language packs to a Windows image. You cannot use it to create an answer file. C. Incorrect: The Deployment Workbench tool lets you access MDT 2010 documentation, gives you a checklist of tasks you need to perform before you can deploy an operating system, enables you to create and configure a task sequence, and lets you view deployment points and create a deployment share. However, you cannot use it to create an answer file. D. Incorrect: Sysprep.exe prepares a computer for image deployment. You can use an answer file to automate the Sysprep process, but you cannot use Sysprep.exe to create an answer file. E. Correct: Although Windows SIM automates the process, some experienced administrators prefer to generate an unattend answer file directly by using a text editor such as Microsoft Notepad. 3. Correct Answers: A, C, F, G, and H A. Correct: You need the ImageX tool and Windows PE tools to create a system image on the reference computer. You also need the Oscdimg tool to generate an ISO file and create bootable Windows PE media. Therefore, you need to install the Windows AIK. B. Incorrect: It is not essential that you use an answer file to configure the reference computer, although this is the method Microsoft recommends. If you prefer, you can configure the computer manually.

Correct: You need to install an operating system on your reference computer so you can image it. D. Incorrect: The question does not stipulate how the image is distributed and MDT is one of several possible methods. If you do use MDT and deploy the image on a large number of destination computers, you will probably install it on a server. E. Incorrect: The question does not stipulate how the image is distributed, and WDS is one of several possible methods. The question also does not state whether the destination computers are PXE-compatible. F. Correct: You need to boot the reference computer into Windows PE to image it. G. Correct: Your goal is to create an image of the reference computer. You use the ImageX tool to do this. H. Correct: You are distributing the image to several computers. You therefore need to prepare the reference computer for imaging by using sysprep /generalize and sysprep /oobe. Correct Answer: C A. Incorrect: Sysprep /audit restarts the computer into audit mode. This lets you add additional drivers or applications to Windows 7 and to test an installation before it is sent to a user. It does not remove unique system information from the installation. B. Incorrect: Sysprep /oobe restarts the computer in Windows Welcome mode. This enables end users to customize their Windows 7 operating system, create user accounts, and name the computer. It does not remove unique system information from the installation. C. Correct: Sysprep /generalize removes all unique system information from the Windows 7 installation. The SID is reset, system restore points are cleared and event logs are deleted. D. Incorrect: Sysprep /unattend, followed by the name of an answer file, applies settings in that answer file to Windows 7 during unattended installation. It does not remove unique system information from the installation. Correct Answer: A A. Correct: The oobeSystem Windows Setup configuration pass applies settings to Windows 7 before Windows Welcome starts. B. Incorrect: The auditSystem Windows Setup configuration pass processes unattended Setup settings while Windows 7 is running in system context before a user logs on to the computer in Audit mode. It does not apply settings to Windows 7 before Windows Welcome starts. C. Incorrect: The specialize Windows Setup configuration pass creates and applies system-specific information such as network settings, international settings, and domain information. It does not apply settings to Windows 7 before Windows Welcome starts. D. Incorrect: The offlineServicing Windows Setup configuration pass applies updates to a Windows image. It also applies packages, including software fixes, language packs, and other security updates. During this pass, you can add drivers to a Windows 7 image before that image is installed. It does not apply settings to Windows 7 before Windows Welcome starts.

Lesson 2 1. Correct Answer: B A. Incorrect: A VHD is created as a file with a .vhd extension. You need to specify the file name Systemvhd.vhd. B. Correct: This creates the VHD file as specified. C. Incorrect: The size (or maximum size) of the VHD is specified in megabytes, not gigabytes. Therefore it needs to be 20000, not 20. D. Incorrect: A VHD is created as a file with a .vhd extension. You need to specify the file name Systemvhd.vhd. Also, the size (or maximum size) of the VHD is specified in megabytes, not gigabytes. Therefore it needs to be 20000, not 20. 2. Correct Answer: C A. Incorrect: This command forces Windows 7 to automatically detect the HAL when creating the boot entry. B. Incorrect: This deletes a VHD entry from the Boot menu. C. Correct: This tests if the boot entry has been created successfully. D. Incorrect: This returns the GUID of the specified VHD. 3. Correct Answer: D A. Incorrect: This command replaces an install image. Typically, you use this command when you have updated an install image and want to overwrite the old image file. B. Incorrect: This command enables the Auto-Add policy on the WDS server. C. Incorrect: This command creates a discover image. D. Correct: This command adds an install image as specified. 4. Correct Answer: A A. Correct: The Offline Virtual Machine Servicing Tool works with the SCVMM. Its main function is to create and implement a scheduled task that brings VHDs and virtual machines online for just long enough for them to obtain updates to their system images, typically from a WSUS server. B. Incorrect: The SCVMM is a prerequisite for installing and running the Offline Virtual Machine Servicing Tool. However, it is the latter tool that implements scheduled boots from VHDs that are normally offline. C. Incorrect: The Windows Deployment Services MMC snap-in is a GUI tool that is available when you install the WDS server role. It enables you to create, modify, and export disk images. It cannot implement scheduled boots from VHDs that are normally offline. D. Incorrect: WDSUTIL is a command-line tool that is available when you install the WDS server role. It enables you to create, modify, and export disk images and to pre-stage client computers. It cannot implement scheduled boots from VHDs that are normally offline. 2: Case Scenario Answers Case Scenario 1: Generating a System Image 1. You should generate a WIM image file. You use the ImageX tool in Windows AIK to do this. 2. You should generate an ISO image file. You use the Oscdimg tool in Windows AIK to do this.

You can use the USMT tool in Windows AIK to transfer user data from computers running Windows Vista Ultimate to computers running Windows 7 Ultimate.

Case Scenario 2: Working with VHDs 1. You can boot only the computer running Windows 7 from the operating system captured on its VHD. Only Windows 7 Enterprise and Windows 7 Ultimate can be booted when installed on a VHD. 2. You need to run sysprep /generalize to strip hardware-specific information such as the SID from the image generated from the reference computer

3: Lesson Review Answers Lesson 1 1. Correct Answers: B and D A. Incorrect: The DISM /image option specifies the folder that contains the mounted 0image, not the source image. B. Correct: The /recurse parameter causes all the drivers in the folder C:\drivers and its subfolders to be added to the mounted image. C. Incorrect: The DISM /image option specifies the folder that contains the mounted image, not the source image. D. Correct: This command would work, although Answer B would be the preferred solution. Typically, you would use the /driver parameter multiple times if the drivers were not in the same file structure (for example, C:\Printerdriver and C:\Scannerdriver). 2. Correct Answer: A A. Correct: The amount of writeable space available on a Windows PE system volume when booted in RAMdisk mode is known as the Windows PE system volume scratch space. You can use the /get-scratchspace DISM option to obtain a value for this. B. Incorrect: This command returns the path to the root of the Windows PE image at boot time, known as the target path. C. Incorrect: This command determines whether the Windows PE profiling tool is enabled or disabled. D. Incorrect: Profiling (file logging) is disabled by default. This command enables it. However, the command does not return the amount of writeable space available on a Windows PE system volume when booted in RAMdisk mode. 3. Correct Answer: D A. Incorrect: The /set-syslocale option sets the language for non-Unicode programs (also called the system locale) and the font settings. You can do this only in an offline-mounted image. B. Incorrect: The /set-userlocale option configures a per-user setting that determines the default sort order and the default settings for formatting dates, times, currency, and numbers. You can do this only in an offline-mounted image. C. Incorrect: The /set-inputlocale option sets the input locale and keyboard layout. You can do this only in an offline-mounted image. D. Correct: In an online working operating system, you can query international settings but not configure them. The DISM option /get-intl is the only option that can be used with an online image. 4. Correct Answer: B A. Incorrect: The mounted image is in C:\Mount, not C:\Textfiles\Answer. The answer file is in C:\Textfiles\Answer, not C:\Mount. B. Correct: This command applies the file Unattend.xml in the folder C:\Textfiles\Answer to an image mounted in the C:\Mount folder. C. Incorrect: The DISM option that applies an answer file to a mounted image is /apply-unattend, not /apply. D. Incorrect: The DISM option that applies an answer file to a mounted image is /apply-unattend, not /apply-answer.

Correct Answer: C A. Incorrect: The /get-appinfo DISM option returns information about Windows Installer (.msi) applications. The /get-packageinfo option returns information about packages implemented as cabinet (.cab) files. B. Incorrect: The /get-appinfo DISM option returns information about Windows Installer (.msi) applications. The /get-featureinfo option returns information about Windows Features. C. Correct: The /get-appinfo DISM option returns information about Windows Installer (.msi) applications. D. Incorrect: The /get-appinfo DISM option returns information about Windows Installer (.msi) applications. The /get-apppatchinfo option returns information about application patches (.msp files).

Lesson 2 1. Correct Answer: B A. Incorrect: MDT 2010 can add updates, applications, and language packs to a WIM system image that can then be installed on client computers and VHDs. However, it does not update VHDs directly. B. Correct: You can use the Offline Virtual Machine Servicing Tool to keep offline VHD files that contain installations of Windows 7 up to date with service packs and software updates. C. Incorrect: You can use the BCDEdit command-line tool to add a boot entry for a VHD. The tool does not update VHDs. D. Incorrect: You can use the Offline Virtual Machine Servicing Tool with VMM 2007 and either WSUS 3.0, SCCM 2007, or Configuration Manager 2007 R2. However, Configuration Manager 2007 R2 does not update VHDs directly. 2. Correct Answer: D A. Incorrect: When you boot a reference client computer from a WDS capture image, the Windows Deployment Services Image Capture Wizard enables you to capture a system image from that computer and export it to the WDS server. It does not directly specify the source directory in which the WIM file resides, specify whether setup or Sysprep files are required, or move the file to the distribution share. B. Incorrect: The SCCM 2007 Task Sequence Editor creates and modifies task sequences. In the New Task Sequence Wizard, you can select Install An Existing Image, Build A Reference Operating System Image, or Create A New Custom Task Sequence. However the wizard creates task sequences. It does not directly specify the source directory in which the WIM file resides, specify whether setup or Sysprep files are required, or move the file to the distribution share. C. Incorrect: You access the Create Distribution Share Wizard from the MDT 2010 Deployment Workbench console. This wizard lets you create a distribution share that will hold the WIM file, but it does not specify the source directory in which the WIM file resides, specify whether setup or Sysprep files are required, or move the file to the distribution share. D. Correct: You access the New OS Wizard from the MDT 2010 Deployment Workbench console. This wizard lets you specify the source directory in which

the WIM file resides, specify whether setup or Sysprep files are required, and then move the file to the distribution share. 3. Correct Answer: C A. Incorrect: WDS deploys install images across the network. You do not need to install them on removable bootable media. B. Incorrect: When you boot a target computer from the network, WDS presents you with a boot menu on the target machine that enables you to boot from a boot image. This is delivered over the network and you do not need to install this image from bootable removable media. Note that the choice specifies a standard boot image. Discover and capture images are special types of boot image. C. Correct: If your target computers are not PXE-compliant, they cannot boot from the network. Therefore, you need to boot them from a discover image on removable, bootable media. D. Incorrect: If you want to capture the image of a reference computer, you boot it from a capture image. Capture images appear on the boot menu in the same way as standard boot images and you do not need to install them on bootable removable media. 4. Correct Answers: A, E, and F A. Correct: The WDS server role needs to be installed on a server in an AD DS domain. B. Incorrect: WDS can work with MDT 2010 to implement LTI, but it does not require MDT 2010 to deploy images. C. Incorrect: SQL Server is required with SCCM 2007 and MDT 2010 to implement ZTI. However, SQL Server is not a WDS requirement. D. Incorrect: SCCM 2007 is required with SQL Server and MDT 2010 to implement ZTI. However, SCCM 2007 is not a WDS requirement. E. Correct: WDS typically deploys to PXE-compliant target client computers that rely on DHCP for their IP configuration. F. Correct: The WDS server role needs to be installed on a server in a network that contains at least one DNS server. 5. Correct Answer: A A. Correct: To make the image bootable, you use BCDboot from Windows PE to initialize the BCD store and copy boot environment files to the system partition. On restart, the target computer boots into Windows 7 Ultimate. B. Incorrect: DISM enables you to manage and manipulate a WIM image. It does not make an image bootable when you have installed it on a target computer. C. Incorrect: You use BCDEdit to make media such as VHD and USB flash memory bootable. However, it does not make an image bootable when you have installed it on a target computer. D. Incorrect: You used ImageX to create the WIM image on the source computer and install it on the target computer. However, ImageX cannot make the installed image bootable. 3: Case Scenario Answers Case Scenario 1: Deploying an Image with More than One Language Pack 1. Don requires the following:

A technician computer with the Windows AIK tools installed and enough available space on the hard disk drive to both hold the master image and mount this image. The Windows image (.wim file) that he wants to service. The drivers (.inf files), update packages (.cab or .msu files), and the language packs (.cab files) that he will use to service the image. 2. Don's first task is to copy an instance of the master image to the technician computer. Microsoft does not recommend mounting an image from a network share. 3. Don uses DISM to mount the image. He then uses DISM commands to apply the update, add the new driver, and change the relevant settings. He checks that both language packs are installed on the image and the correct international settings can be configured. If it is likely that he will service the image regularly, he should create a script using the DISM command-line options. Don uses DISM to verify that the appropriate driver and other packages were added (or removed, if necessary) from the image. Finally, he commits and dismounts the image.

Case Scenario 2: Deploying an Image to 100 Client Computers 1. You need to ensure that all critical and recommended updates, particularly security updates, have been installed. Also, if any new hardware devices are to be used with the new computers that are not Plug and Play, you need to install the device drivers on the reference computer. You need to test the installation thoroughly. Finally, you need to use the Sysprep tool to generalize the computer configuration prior to the image capture. 2. You need to create a capture image on the WDS server. 3. You restart the reference computer and press F12 to boot from the network. On the boot menu, select the capture image and follow the procedure to create the computer's system image. You transfer the resulting WIM file to the WDS server. You boot each target computer from the network (if necessary, configuring the BIOS boot order to do so). You choose the standard boot image (not the capture image) from the boot menu and select the install image you created from the reference computer. The image is installed, and Setup continues normally.

4: Lesson Review Answers Lesson 1 1. Correct Answers: A and C A. Correct: The device must be signed with a valid digital certificate that is recognized by Windows 7 and is in the Trusted Publishers store. Otherwise, administrator privileges are required to install the device. B. Incorrect: Digital certificates are stored in the Trusted Publisher store, not device drivers. C. Correct: The device driver must be stored in the device driver store. Otherwise, administrator privileges are required to copy the driver to that store. D. Incorrect: The device does not need to connect through a USB port. It could, for example, be a PS/2 keyboard. E. Incorrect: Although Microsoft signs many drivers, a Microsoft signature is not essential. The digital certificate needs to be from a trusted CA. For example, in the domain environment, it could be a self-signed certificate. 2. Correct Answer: B A. Incorrect: You use this procedure to determine the power requirements of each device, not the bandwidth requirements. B. Correct: This procedure enables you to view the bandwidth requirements of each device in the Bandwidth-Consuming Devices list on the Advanced tab. C. Incorrect: The Details tab can give you a great deal of information (for example, the device-type GUID) but does not indicate bandwidth requirements. Also, the devices listed are not necessarily those on the USB hub. D. Incorrect: IEEE 1394 bus host controllers are not USB devices. Also, the Resources tab does not show bandwidth requirements. 3. Correct Answers: A and D A. Correct: This permits non-administrators to install any device in the device setup class, provided that the device driver is in the driver store. B. Incorrect: This instructs Windows 7 to search for a device driver in any folder and subfolder on the C: drive. However, administrator privileges are required to copy the driver to the driver store and install it. C. Incorrect: The Trusted Publisher store holds digital certificates that authenticate driver signatures. It does not hold device drivers. D. Correct: When a driver is staged, it is placed in the device driver store and nonadministrators can install the device, provided they have permission to install devices in the appropriate device setup class. 4. Correct Answer: B A. Incorrect: This prevents automatic installation of drivers downloaded from Windows Update but does not remove the Web site from the search path. B. Correct: This prevents Windows 7 from searching for device drivers in Windows Update. C. Incorrect: The DevicePath registry entry does not list the Windows Update Web site specifically. D. Incorrect: This installs drivers from Windows Update if Windows 7 judges they are the best drivers based on inbuilt criteria. It does not prevent Windows 7 from searching for device drivers in Windows Update.

Correct Answer: A A. Correct: This stops the device driver and immediately disables the device. B. Incorrect: This ensures the device is disabled the next time the computer restarts. You would likely do this if you discovered the device was giving problems. However, it does not stop the device immediately to allow you to investigate. C. Incorrect: The Disable control is available for PnP devices but not for devices listed under Non-Plug And Play Drivers. You should use the Stop control instead. D. Incorrect: The Uninstall control is available for PnP devices but not for devices listed under Non-Plug And Play Drivers. In any case, you want to stop the driver, not uninstall it.

Lesson 2 1. Correct Answer: A A. Correct: This Diskpart command converts the selected disk to a GPT disk. B. Incorrect: This Diskpart command converts the selected disk to an MBR disk. C. Incorrect: This Diskpart command converts a selected dynamic disk to a static disk. D. Incorrect: This Diskpart command converts a selected static disk to a dynamic disk. 2. Correct Answer: C A. Incorrect: This is a valid strategy for Windows 7 Enterprise or Ultimate edition, but you cannot make a VHD bootable on a computer running Windows 7 Home Premium. B. Incorrect: RAID-0 (disk striping) offers no fault tolerance and you cannot store operating system files on a RAID-0 volume. C. Correct: You can use a RAID-1 volume to mirror the disk that holds your operating system and provide fault tolerance. D. Incorrect: RAID-0 (disk striping) offers fault tolerance and failover protection. However, you cannot store operating system files on a RAID-5 volume. 3. Correct Answer: B A. Incorrect: Enabling this policy permits remote users to access removable storage devices in remote sessions. It does not deny all access to all types of external storage devices. B. Correct: Enabling this policy denies all access to all types of external storage devices. It overrides any access rights granted by other policies. C. Incorrect: Enabling this policy denies read access to USB removable disks, portable media players, and cellular phones. It does not deny all access to all types of external storage devices. D. Incorrect: Enabling this policy denies write access to USB removable disks, portable media players, and cellular phones. It does not deny all access to all types of external storage devices. 4. Correct Answer: B A. Incorrect: To create the largest possible RAID-0 (striped) volume, you omit the size parameter. Specifying a size of zero does not do this. B. Correct: This command creates the largest possible RAID-0 volume.

Incorrect: The create volume raid command creates a RAID-5 volume. Also, to specify the largest possible volume you omit the size parameter. D. Incorrect: This command creates the largest possible RAID-5 volume. Correct Answer: D A. Incorrect: If you had used the mountvol /n or the diskpart automount command on Aberdeen to prevent new volumes from being added to the system, the volume would not be mounted and would not receive a drive letter. However, the question explicitly states that you did not do this. B. Incorrect: When you move a basic volume to another computer, it receives the next available drive letter on that computer. However, you are moving a dynamic volume. C. Incorrect: The G: drive letter is neither the next available letter on Aberdeen nor the drive letter to which the volume had been allocated on Canberra. There is no reason for this drive letter to be allocated. D. Correct: When moved to a new computer, dynamic volumes retain the drive letter they had on the previous computer, in this case H:.

4: Case Scenario Answers Case Scenario 1: Enforcing a Driver Signing Policy 1. The Dxdiag tool diagnoses any problems with the video card and will tell you whether the driver is WHQL approved. 2. The Sigverif tool scans the computer and detects any unsigned drivers. 3. The Msinfo32 tool lists the resources and tells you what driver uses what resources. In particular, you should investigate Conflicts/Sharing under Hardware Resources. 4. Driver Verifier Monitor tests the device driver under configurable stress conditions. Case Scenario 2: Managing Disks 1. You would create a RAID-1 (mirror) array to hold your operating system and would mirror Drive 0 with 200 GB of the allocated space on Drive 2. 2. You would create a RAID-5 (striping with parity) volume using the unallocated space on Drives 1 and 3 (both 200 GB) and the 200 GB unallocated space that remains on Drive 2. A RAID-5 volume offers fault tolerance and reduced data access times. Although a RAID0 array would provide a greater usable data storage capacity and a greater improvement in performance, it is not fault-tolerant. 3. Three 200 GB portions of unallocated disk would result in a RAID-5 array with 400 GB of usable storage capacity.

5: Lesson Review Answers Lesson 1 1. Correct Answer: A A. Correct: You should install the Windows XP Mode feature and install the application under Windows XP. Windows XP Mode runs a fully virtualized copy of Windows XP on a computer that has the Windows 7 Professional, Enterprise, or Ultimate operating system installed. Applications that work on Windows XP and that have compatibility problems that cannot be resolved using the ACT function in Windows XP Mode. B. Incorrect: You should not create a custom compatibility fix because the question already indicates that you have been unsuccessful in configuring a custom compatibility mode, which is a collection of such fixes. C. Incorrect: A shim is the previous name for a custom compatibility fix. The question text already indicates that you have been unsuccessful in configuring a custom compatibility mode, which is a collection of these fixes. D. Incorrect: You should not configure the application installer to run in Windows XP Professional SP2 mode because you have already found that you are unable to get the application working using the tools included in the ACT. The ACT provides more compatibility mode options than those built into Windows 7. If an application functions under the built-in Windows 7 compatibility modes, it can work under the ACT modes. 2. Correct Answer: D A. Incorrect: Although the application may function in the Windows 98/Windows Me compatibility mode, you only have evidence that the application functions on the Windows 2000 operating system, so you should use this compatibility mode first and try others only if the Windows 2000 mode is unsuccessful. B. Incorrect: Although the application may function in the Windows NT 4.0 (Service Pack 5) compatibility mode, you only have evidence that the application functions on the Windows 2000 operating system, so you should use this compatibility mode first and try others only if the Windows 2000 mode is unsuccessful. C. Incorrect: You should not configure the application to run under Windows XP (Service Pack 2) compatibility mode because you have evidence that the application does not function on computers running Windows XP. D. Correct: You should configure the application to run under the Windows 2000 compatibility mode because you know that the application functions on computers with Windows 2000 installed. 3. Correct Answer: B A. Incorrect: You cannot use the compatibility troubleshooter to troubleshoot .cab files. You must extract the contents of the .cab file to find the executable file that contains the application installer. B. Correct: The Program Compatibility troubleshooter works only with executable files. C. Incorrect: You cannot use the compatibility troubleshooter to troubleshoot .msi installer files. The Program Compatibility troubleshooter only works with executable files that have the .exe extension.

Incorrect: You cannot use the compatibility troubleshooter to troubleshoot .zip files. You need to extract the contents of the .zip file to find the executable file that contains the application installer. Correct Answer: C A. Incorrect: You should not configure the application to run in Windows XP (Service Pack 3) compatibility mode because the problem is that the application does not prompt for elevation. The program will still be unable to prompt for elevation when running in this compatibility mode. B. Incorrect: You should not configure the application to run in 256-color mode. This compatibility option should be used only when the application has display problems. C. Correct: You should enable the Run This Program As An Administrator compatibility option if the application is not configured to prompt for elevation when administrative privileges are required. This will allow the program to run with administrative privileges once the user responds to a User Account Control prompt. D. Incorrect: You should not enable the Disable Desktop Composition compatibility option. You should enable this option when you need the Aero interface disabled when the application executes. Correct Answer: B A. Incorrect: You can use the IEAK to configure Internet Explorer. You cannot use this toolkit to determine whether an existing Web site displays correctly for users of Internet Explorer 8, which is the default browser of Windows 7. B. Correct: The ACT includes the Internet Explorer Compatibility Test Tool. This tool can be used to evaluate whether a Web site is compatible with Internet Explorer 8, which is the default browser of Windows 7. C. Incorrect: The Windows AIK includes tools that assist in deploying the Windows operating system. You cannot use this toolkit to determine whether an existing Web site displays correctly for users of Internet Explorer 8, which is the default browser of Windows 7. D. Incorrect: The MDT is a solution accelerator that assists in the planning and deployment of operating systems to client computers. You cannot use this toolkit to determine whether an existing Web site displays correctly for users of Internet Explorer 8, which is the default browser of Windows 7.

Lesson 2 1. Correct Answer: D 1. Incorrect: AppLocker cannot be used to block the execution of applications on computers running Windows Vista or Windows 7 Professional. 2. Incorrect: AppLocker cannot be used to block the execution of applications on computers running Windows Vista or Windows 7 Professional. 3. Incorrect: AppLocker cannot be used to block the execution of applications on computers running Windows Vista or Windows 7 Professional. 4. Correct: Because you cannot use AppLocker to block the execution of applications on Windows Vista or Windows 7 Professional, you should use Software Restriction Policies to accomplish the same objective. 2. Correct Answer: A

A. Correct: Publisher rules allow you to block applications based on which software vendor wrote the application. B. Incorrect: Path rules do not allow you to block applications based on which software vendor wrote the application, as the question stipulates; they allow you to block an executable file based on its location. C. Incorrect: Hash rules do not allow you to block applications based on which software vendor wrote the application, as the question stipulates; they allow you to block a specific executable file based on a hash value generated from that file. Correct Answers: B and C . Incorrect: You should not create AppLocker publisher rules. Publisher rules can be used only when the file that is the subject of the rule has been signed digitally by the publisher. A. Correct: You should create an AppLocker hash rule because it is not possible to create a publisher rule due to the lack of digital signature. B. Correct: You should configure AppLocker enforcement to audit executable rules. This allows you to ensure that the rules relating to applications function before you enforce them in a production environment. C. Incorrect: You should not configure AppLocker enforcement to audit Windows Installer rules because you are interested in the functionality of executable rules. Correct Answer: C . Incorrect: You should not configure Group Policy to set the Application Management service to start automatically. The Application Management service is used to process installation, removal, and enumeration requests for software deployed through Group Policy. The service that you want to configure to start automatically is the Application Identity service. A. Incorrect: As the Software Restriction Policies are functioning properly, you do not need to modify the settings of services related to the computers running Windows 7 Professional. B. Correct: For AppLocker policies to function properly, you need to have the Application Identity service functioning. The default setting on Windows 7 is to have this service disabled. Through Group Policy, you can force this service to start automatically, which allows AppLocker policies to be enforced. C. Incorrect: Because the Software Restriction Policies are functioning properly, you do not need to modify the settings of services related to the computers running Windows 7 Professional. Correct Answer: A . Correct: You need to create a new hash rule for the application. Hash rules need to be updated whenever you apply an update to an application. This is because the update changes the characteristics of the file so that it no longer matches the hash rule generated for it originally. A. Incorrect: Because the application is not signed digitally, you cannot use a publishing rule to manage it with AppLocker. B. Incorrect: Because other AppLocker policies are functioning, you can infer that the Application Identity service is active and its status does not need to be modified.

C. Incorrect: The Application Management service is related to software installation, removal, and enumeration through Group Policy. This service does not affect AppLocker policies directly. 5: Case Scenario Answers Case Scenario 1: Configuring Application Compatibility at Fabrikam 1. Edit the properties of application Alpha. Configure the application to run using the Windows XP Service Pack 3 compatibility mode. 2. Edit the properties of the Beta application. On the compatibility tab, enable the Run This Program As An Administrator option. This enables the Run As Administrator option without having to right-click the application each time to enable this functionality. 3. You can use the ACT to configure compatibility options for Application Gamma. Case Scenario 2: Restricting Applications at Contoso 1. Configure an AppLocker executable rule that uses a file hash of the data collection application. You cannot use a publisher rule because the application is not digitally signed. 2. Configure this rule to apply to the Everyone group. Block the execution of the application, but configure an exception for the Scientists group. 3. The in-house developers would need to sign the application digitally before you can create a publisher rule for it.

6: Lesson Review Answers Lesson 1 1. Correct Answer: C A. Incorrect: The Ping command is used to test connectivity. It does not display the IP configuration of a computer's interfaces. B. Incorrect: The Tracert command is used to test connectivity to a device on a remote network and return information about the intermediate hops. It does not display the IP configuration of a computer's interfaces. C. Correct: The Ipconfig command displays the IP configuration of a computer's interfaces. D. Incorrect: The Netstat tool displays protocol statistics. It does not display the IP configuration of a computer's interfaces. 2. Correct Answers: B, C, and D A. Incorrect: This accesses the Local Area Network (LAN Settings) dialog box. You can select automatic configuration, specify an automatic configuration script, or specify a proxy server. The dialog box does not display connection properties. B. Correct: This procedure accesses the Local Area Connections Properties dialog box. C. Correct: This is an alternative method of accessing the Local Area Connections Properties dialog box. D. Correct: Double-clicking the LAN connection opens the Local Area Connection Status dialog box. Clicking Properties accesses the Local Area Connections Properties dialog box. 3. Correct answer: D A. Incorrect: DNS resolves computer names to IP addresses. You are pinging the computers by their IPv4 addresses, not their computer names, and a DNS service is not required for the commands to succeed. B. Incorrect: All computers on the same subnet must have the same subnet mask. C. Incorrect: The subnet is isolated and no gateway is required to send traffic to other networks. You do not need to define a gateway to implement connectivity between two computers within the same subnet. D. Correct: By default Windows Firewall blocks the Ping command. You need to enable ICMPv4 traffic at both firewalls. At an elevated command prompt on both computers, enter netsh advfirewall firewall add rule name="ICMPv4". 4. Correct Answer: B A. Incorrect: This sets a /24 subnet mask. The question specifies a /25 subnet mask (255.255.255.128). B. Correct: This configures a static IPv4 address 10.0.10.162 on the 10.0.10.128/25 subnet. C. Incorrect: This specifies dynamic configuration. D. Incorrect: The 10.0.10.128/25 subnet has an IPv4 address range 10.0.10.129 through 10.0.10.254. The IPv4 address 10.0.10.16 is not on this subnet. 5. Correct Answers: C and D A. Incorrect: The command netsh interface ipv4 show route shows route table entries, but it does not display IPv6 routes.

Incorrect: The command tracert -d traces the route of an IP packet through an internetwork. It lists the path the packet took and the delays encountered at each hop. The -d flag prevents the tool from resolving IPv4 addresses to host names. The command does not display a route table. C. Correct: The command route print displays both the IPv4 and IPv6 route tables. D. Correct: The command netstat -r displays the same output as the route print command. E. Incorrect: The command netstat -a displays all active connections and the TCP and UDP ports on which the computer is listening. It does not display a route table. Lesson 2 1. Correct Answer: A A. Correct: Typically you would use a site-local address. If every device on the subnet had a global address, you could also use global addresses, but this option is not given in the question. B. Incorrect: If you use link-local addresses, you need to specify their interface IDs. Also, link-local addresses are not dynamically registered in Windows DDNS. It is therefore much easier to use site-local addresses and typically they are used for this purpose. C. Incorrect: Only two special addresses exist, :: and ::1. Neither can implement IPv6 connectivity over a private network. D. Incorrect: An anycast address is configured only on a router and cannot implement IPv6 connectivity over a private network. Also, it is not a unicast address. 2. Correct Answer: B A. Incorrect: The address fec0:0:0:0:fffe::1 is a site-local unicast IPv6 address that identifies a node in a site or intranet. This type of address is the equivalent of an IPv6 private address (for example, 10.0.0.1), and is not globally routable and reachable on the IPv6 Internet. B. Correct: The address 21cd:53::3ad:3f:af37:8d62 is a global unicast address. This type of address is the IPv6 equivalent of an IPv4 public unicast addresses and is globally routable and reachable on the IPv6 Internet. C. Incorrect: The address fe80:d1ff:d166:7888:2fd6 is a link-local unicast IPv6 address and is autoconfigured on a local subnet. It is the equivalent of an IPv4 APIPA address (for example, 169.254.10.123), and it is not globally routable or reachable on the IPv6 Internet. D. Incorrect: The loopback address ::1 identifies a loopback interface and is equivalent to the IPv4 loopback address 127.0.0.1. It is not globally routable or reachable on the IPv6 Internet. 3. Correct Answer: D A. Incorrect: ARP is a broadcast-based protocol used by IPv4 to resolve IPv4 addresses to MAC addresses. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. B. Incorrect: DNS is a service rather than a protocol. It resolves computer names to IP addresses. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses.

Incorrect: DHCPv6 assigns stateful IPv6 configurations. It does not manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. D. Correct: ND uses ICMPv6 messages to manage the interaction of neighboring nodes and resolve IPv6 addresses to MAC addresses. Correct Answer: A A. Correct: This is a Teredo compatibility address. Teredo addresses start with 2001. B. Incorrect: This is a 6to4 compatibility address. 6to4 addresses start with 2002. C. Incorrect: This is a link-local ISATAP address. Look for 5efe followed by the hexadecimal representation of an IPv4 address, in this case 10.0.2.143. D. Incorrect: This is a site-local Ipv6 address. It is not an IPv4-to-IPv6 compatibility address. Correct Answer: C A. Incorrect: A PTR resource record performs a reverse lookup and resolves an IPv4 or IPv6 address (depending on the reverse lookup zone specified) to a host name. B. Incorrect: An A (address) resource record resolves a host name to an IPv4 address. C. Correct: An AAAA (quad-A) resource record resolves a host name to an IPv6 address. D. Incorrect: A host resource record is another name for an A record. It resolves a host name to an IPv4 address.

Lesson 3 1. Correct Answer: C A. Incorrect: The user's computer works fine in the office. There is no need to reconfigure the office network. B. Incorrect: The order in which the user's computer accesses networks is not the problem. The problem occurs when her computer is within range of two wireless networks and switches between them. C. Correct: The likely cause of the reported behavior is that the lounge area of the hotel is within range of (and possibly equidistant between) two wireless networks and keeps switching between them. You can disable this feature or tell the user how to do so. You need to warn the user that if she moves to another part of the hotel, she might need to reconnect to a network. D. Incorrect: The user's laptop is working in the office and her hotel room. There is nothing wrong with her wireless adapter. 2. Correct Answer: A A. Correct: The MAC address is unique to an interface and does not change. MAC ensures that only computers whose wireless interfaces have one of the listed MAC addresses can access a wireless network. Be aware that if a new computer needs to access the network, or if you replace the wireless adapter in a computer, you need to register the new MAC address in the WAP. B. Incorrect: Most networks are configured by using DHCP so IPv4 addresses can change. Even in networks where IPv4 addresses are statically configured, it is unlikely that the WAP supports IPv4 address control.

Incorrect: WEP is an encryption method that ensures that third parties cannot read messages if they intercept them. It does not determine which computers can access a network. D. Incorrect: Like WEP, WPA is an encryption method and does not determine which computers can access a network. Correct Answers: C, E, and F A. Incorrect: The Network Diagnostic tool is not a system tool and can't be accessed from the System Tools menu. B. Incorrect: You run the Windows Network Diagnostic tool when you have a problem. It is not a tool that you schedule to run on a regular basis and it is not in the task scheduler library. C. Correct: You can run the Network Diagnostic tool from the Network And Sharing Center. D. Incorrect: You cannot access the Windows Network Diagnostic tool from the Adapter Properties dialog box. This dialog box is used for configuration, not diagnosis. E. Correct: You can run the Windows Network Diagnostic tool when you fail to connect to a Web page. F. Correct: You can run the Windows Network Diagnostic tool for a specific connection by accessing the Network Connections dialog box. Correct Answer: B A. Incorrect: Windows Firewall protects Don's computer and is enabled by default. His neighbor is accessing his WAP, not his computer. B. Correct: Don found the WAP setup easy because he accepted all the defaults and did not set up any security. He needs to change his SSID from its default value. He should also configure encryption and set up a passphrase. He should change the access password. He should consider restricting access by MAC address. C. Incorrect: Changing the WAP channel can solve problems related to interference from mobile phones or microwave ovens (for example). It does not affect access to a network. D. Incorrect: ICS enables other computers to obtain their IPv4 configuration from the ICS computer. Unless Don has non-wireless computers connected through a wired interface to his wireless computer, he does not need to set up ICS. Additional wireless computers obtain their configurations directly from the WAP. This has no bearing on whether his neighbor can access his network. Correct Answer: D A. Incorrect: This specifies LaserF2 as the default printer whatever floor Sam is on and whatever network he is connected to. This causes problems because Sam cannot connect to LaserF2 when he is on the third floor. B. Incorrect: This specifies LaserF3 as the default printer whatever floor Sam is on and whatever network he is connected to. This causes problems because Sam cannot connect to LaserF3 when he is on the second floor. C. Incorrect: This specifies LaserF3 as the default printer when Sam is on the second floor and LaserF2 as the default printer when Sam is on the third floor. This causes problems because LaserF3 is on a network that is not accessible from

the second floor and LaserF2 is on a network that is not accessible from the third floor. D. Correct: This specifies LaserF2 as the default printer when Sam is on the second floor and LaserF3 as the default printer when Sam is on the third floor, which is the required scenario. 6: Case Scenario Answers Case Scenario 1: Implementing IPv4 Connectivity 1. Your friend needs to set up ICS on the computer that connects to his modem. He needs to ensure that the other computers on his network obtain their IPv4 configuration automatically. When he has configured ICS on the first computer, he should reboot the other two. 2. He should plug the WAP into his cable modem though its WLAN connection. He then should connect the three wired desktop computers to the Ethernet ports on the WAP and configure the WAP from one of them using its Web interface. He can connect the wireless computer to his network through Network And Sharing Center or by clicking the Wireless icon on the bottom left section of his screen. Case Scenario 2: Implementing IPv6 Connectivity 1. Site-local IPv6 addresses are the direct equivalent of private IPv4 addresses and are routable between VLANs. However, you could also consider configuring every device on your network with an aggregatable global unicast IPv6 address. NAT and CIDR were introduced to address a lack of IPv4 address space, and this is not a problem in IPv6. You cannot use only link-local IPv6 addresses in this situation because they are not routable. 2. This is a Teredo address associated with a Teredo tunnel. It is used to implement compatibility between IPv6 and IPv4. Case Scenario 3: Using Laptop Computers Running Windows 7 on Wireless Networks 1. Windows 7 introduces location-aware printing. The employee can use the office printer as her default printer while at Margie's Travel and her inkjet printer as her default printer while at home. The switchover is seamless and automatic provided that both printers are designated as the default printers. 2. Windows 7 introduces the Network Printer Installation Wizard. This is easier to use than the Add Printer Wizard and users can install printers without requiring administrative privileges. 3. The employee is unfortunate because his desk is located where two wireless networks overlap. If it is impractical to move the employee's desk, you can disable automatic switching. This solves the problem, but the employee should be advised that he would need to connect to a network manually if he moves to some other areas in the building.

7: Lesson Review Answers Lesson 1 1. Correct Answer: B A. Incorrect: Inbound rules are used to block traffic from the network to the computer. You want to block a specific type of network traffic from the computer to the network, which necessitates the use of outbound rules. B. Correct: Outbound rules allow you to block and allow traffic that originates on the computer from traveling out to the network. You should configure an outbound rule to block students from using FTP to upload files to sites on the Internet and an outbound rule to allow students to use SMTP to send e-mail. C. Incorrect: Isolation rules are used to limit the hosts that a computer can communicate with to those that meet a specific set of authentication criteria. They cannot be used to block an outbound specific protocol. D. Incorrect: Authentication exemption rules are used in conjunction with Isolation rule to allow connections to be made without requiring that authentication occur. Authentication exemption rules apply to inbound traffic rather than outbound. 2. Correct Answers: B and C A. Incorrect: Windows Firewall does not allow you to create firewall rules for specific network locations on the basis of port address. Windows Firewall does not allow you to create rules that differentiate between the home and work network locations. You can only create rules that differentiate on the basis of home and work or public network locations. B. Correct: You can use WFAS to create firewall rules on the basis of port address and on the basis of network location. C. Correct: You can use the Netsh command-line utility to create WFAS rules. WFAS rules allow you to create firewall rules on the basis of port address and on the basis of network location. D. Incorrect: Netstat is a tool used to provide information about network traffic. You cannot use Netstat to create firewall rules. 3. Correct Answer: C A. Incorrect: The rule in the question allows traffic rather than blocks traffic. B. Incorrect: The rule in the question applies to inbound traffic rather than outbound traffic. C. Correct: This rule, called CustomRule, applies in the domain profile and allows inbound TCP traffic on port 80. You can create WFAS rules using Netsh in the advfirewall context. D. Incorrect: The rule in the question is an inbound rule rather than an outbound rule. 4. Correct Answer: B A. Incorrect: Although you can create rules based on applications using Windows Firewall, you cannot use this tool to create rules that require that incoming connections be authenticated. B. Correct: WFAS allows you to create detailed rules that include the ability to allow incoming traffic only if it is authenticated.

Incorrect: Credential Manager stores authentication credentials. It cannot be used to create firewall rules that require authentication. D. Incorrect: Authorization Manager allows you to configure roles for the delegation of administrative privileges. You cannot use Authorization Manager to create firewall rules that require authentication. Correct Answers: A and D A. Correct: You should configure Windows Firewall to notify you when it blocks a program in the Home Or Work (Private) Network Location Settings area. This ensures that you receive a message when a new program is blocked when connected to this network profile. B. Incorrect: You should not disable the setting related to receiving a message when a new program is blocked in the Home Or Work (Private) Network Location Settings area because this means that you do not receive a message when a program is blocked. C. Incorrect: You should not enable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this notifies you when a new program is blocked. The question text states that you should not be notified when this occurs. D. Incorrect: You should disable the setting related to receiving a message when a new program is blocked in the Public Network Location Settings area because this ensures that you are not notified when a program is blocked.

Lesson 2 1. Correct Answer: C A. Incorrect: You should not enable Remote Assistance. Remote Assistance requires that someone is logged on to the computer that you wish to manage remotely. B. Incorrect: You should not enable the Remote Desktop: Don't Allow Connections To This Computer option because that blocks the ability to make Remote Desktop connections. C. Correct: You should enable the Remote Desktop: Allow Connections From Computer Running Any Version Of Remote Desktop setting because this allows you to connect to a computer running Windows 7 from a computer running Windows XP with SP2. D. Incorrect: You should not enable the Remote Desktop: Allow Connections Only From Computers With Network Level Authentication as clients running Windows XP with SP2 are unable to connect to clients running Windows 7 when this option is enabled. Windows XP requires SP3 and special configuration to use NetworkLevel Authentication. 2. Correct Answer: B A. Incorrect: You need to configure client Beta rather than client Alpha using the WinRM Quickconfig command. B. Correct: You need to run the command WinRM Quickconfig on client Beta before you can manage it remotely from client Alpha using Windows PowerShell. This command starts the WinRM service, configures a listener for the ports that send and receive WS-Management protocol messages, and configures firewall exceptions.

Incorrect: It is not necessary to create a firewall rule on client Alpha. Incorrect: Although it is necessary to create a firewall rule on client Beta, it is also necessary to configure a listener for WS-Management protocol messages and to start the WinRM service. All these tasks can be accomplished by running the WinRM quickconfig command. Only one of these tasks can be accomplished by creating a firewall rule. Correct Answer: B A. Incorrect: The command nslookup Aberdeen provides the computer's IP address but does not provide the MAC address. B. Correct: The command winrs -r:Aberdeen ipconfig /all runs the command ipconfig /all on Aberdeen but displays the results on the computer that you are logged on to, which in this case is computer Canberra. Ipconfig /all displays a computer's MAC address. C. Incorrect: You should not use the command winrs -r:Canberra ipconfig /all because this displays computer Canberra's IP address information, not the IP address information of computer Aberdeen. D. Incorrect: The command arp -a displays information about IP addresses and MAC addresses on the same subnet but does not display MAC address information about computers on remote subnets. To use this command to determine another computer's MAC address, you also have to know that computer's IP address. Correct Answer: B A. Incorrect: The Windows PowerShell command icm Canberra {Get-Process} displays process information from computer Canberra, not computer Aberdeen. B. Correct: The Windows PowerShell command icm Aberdeen {Get-Process} opens a remote Windows PowerShell session to computer Aberdeen and runs the GetProcess cmdlet, which displays process information, including listing data about CPU and memory usage. C. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet. You must use Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows PowerShell remotely. D. Incorrect: You cannot use WinRS to invoke a Windows PowerShell cmdlet. You must use Windows PowerShell with the syntax icm remotehost {PowerShell Cmdlet} to use Windows PowerShell remotely. In this example, WinRS targets computer Canberra rather than computer Aberdeen. Correct Answer: D A. Incorrect: The WinRM service is required for remote use of Windows PowerShell and Remote Shell. The WinRM service is not required for Remote Assistance. B. Incorrect: A client does not have to be configured to accept Remote Desktop sessions to use Remote Assistance, so this setting does not explain why the connection cannot be made. Clients running Windows 7 always support Network Level Authentication. C. Incorrect: The helper does not need to log on to the target computer when participating in a Remote Assistance session, so it does not matter what groups her user account is a member of. A Remote Assistance session allows the helper