Sie sind auf Seite 1von 109

30/10/2019 MD-100 Exam Simulation

Quick Quiz October 29, 2019 Test ID: 115758498

Question #1 of 50 Question ID: 1191064

You want to create a report that displays which Group Policy Objects (GPOs) are applied to the user named
tevin.washington@nutex.com. You type the following command at the administrative prompt:

C:\Users\Admin> /User tevin.washington@nutex.com /V

Type the missing command in the field provided.

Explanation

Acceptable answer(s) for field 1:

gpresult

You should use the gpresult command to see which Group Policy Objects (GPOs) are applied to a user. This
command-line tool will display GPOs that apply to both the user and computer.

If you run gpresult with the /USER parameter along with the /V parameter, you will see a verbose descriptions of
which GPOs apply to the USER.

You can also use the Resultant Set of Policy (RSoP) snap-in, RSOP.MSC, to retrieve the same information in a GUI
form:

You could also use the Group Policy Modeling options in the Group Policy Management Console (GPMC) see
which Group Policy Objects (GPOs) are applied to a user or a computer.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 1/109
30/10/2019 MD-100 Exam Simulation

Objective:
Manage Devices and Data)

Sub-Objective:
Configure devices by using local policies

References:

GPResult Tool: How To Check What Group Policy Objects are Applied

Docs > Windows Server > Windows Commands > Commands by Server Role > gpresult

Question #2 of 50 Question ID: 1191043

You administer Windows 10 machines used by the sales department. Sales users frequently leave their cubicles to
check their social media accounts on their mobile phones. You want to ensure that users’ computers are locked
when users leave their cubicles with their phones or when the users’ phones are no longer in the building.

What should you configure? ( Choose three.)

A) Pair each user’s phone with the user’s Windows 10 computer


B) Configure a Picture Password

C) Configure Windows Hello


D) Configure the phone and Windows computer to use the same SSID

E) Configure Bluetooth on the Windows 10 computers


F) Configure Dynamic lock

Explanation

You should perform the following actions:

1. Configure Bluetooth on the Windows 10 computer.


2. Pair the user’s phone with the user’s Windows 10 computer.
3. Configure Dynamic lock.

Dynamic lock allows your computer to be locked when the Bluetooth device that is paired with the Windows 10
computer goes out of range. You can configure Dynamic lock under Settings > Sign-in options. You should check
Allow Windows to automatically lock your device when you’re away to enable the feature:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 2/109
30/10/2019 MD-100 Exam Simulation

Bluetooth must be configured on the Windows 10 computer, and the phone must be paired with the computer via
Bluetooth for the Dynamic lock feature to work.

You should not enable Windows Hello. This feature allows an infrared camera to perform facial recognition. This
feature will lock the computer, but will not lock the computer based on a device. It will lock the computer if your face
is out of view of the camera.

A Picture Password allows a user to sign in to their Windows 10 computer by selecting certain portions of a picture
with different swipes to authenticate the user.

You do not have to configure the mobile phone and Windows 10 computer to use the same SSID. Dynamic lock
uses Bluetooth, not Wi-Fi.

Objective:
Deploy Windows

Sub-Objective:
Perform post-installation configuration

References:

Lock your Windows 10 PC automatically when you step away from it

How to take advantage of the Dynamic Lock feature in Windows 10

Question #3 of 50 Question ID: 1191118

You are the remote desktop administrator for the nutex.com domain. You have several RemoteApps that users
need to run on their mobile devices.

Which of the following are TRUE regarding remote desktop clients?

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 3/109
30/10/2019 MD-100 Exam Simulation

A) You must run at least Android 4.1.x (Jelly Bean) operating system on an
Android device to run the remote desktop client.

B) You must run at least Android 4.0.4 (Ice Cream Sandwich) operating system
on an Android device to run the remote desktop client.

C) You must run at least the iOS 5.x operating system on an iPad to run the
remote desktop client.
D) You must run at least the iOS 4.x operating system on an iPad to run the
remote desktop client.
E) You must run at least the Android 2.3.7 (Gingerbread) operating system on an
Android device to run the remote desktop client.
F) You must run at least Android 3.2.6 (Honeycomb) operating system on an
Android device to run the remote desktop client.
G) You must run at least the iOS 6.x operating system on an iPad to run the
remote desktop client.

Explanation

The Remote Desktop client can be used on Android devices, iOS devices, Windows phones, and Windows clients.
You must run at least the iOS 6.x operating system on an iPad or any iOS device to run the Remote Desktop client.
You must run at least Android 4.1.x (Jelly Bean) operating system on an Android device to run the Remote Desktop
client.

All other answers are incorrect.

Objective:
Configure Connectivity

Sub-Objective:
Configure remote connectivity

References:

Docs > Windows > Remote Desktop Clients > Microsoft Remote Desktop Clients

Docs > Windows Server > Remote Desktop Services > Remote Desktop clients > Remote Desktop client for
Android > Get started > Get started with Remote Desktop on Android

Question #4 of 50 Question ID: 1191151

You are a system analyst for the Verigon Corporation. You have created an application that imports Microsoft Word
documents into a database. The application has several bugs in it.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 4/109
30/10/2019 MD-100 Exam Simulation

While troubleshooting the errors, you notice that an update recently downloaded from Windows Update is
conflicting with the application on Windows 10 and Windows 8.1 computers. You need to roll back the update on
these computers in order to fix the application. It may take several days for the application to be fixed, and you do
not want the update to appear until the repairs on the application are complete. Once the application is fixed, you
want the update to be re-applied.

What should you do? (Choose all that apply.)

A) Uninstall the update.

B) Clear the All users to install updates on this computer setting.


C) Hide the update.
D) Delete the update file in the \Windows\System32 directory.
E) Specify a different WSUS server in Windows Update.

Explanation

You should first uninstall the update in Windows Update. This will prevent the update from applying itself to your
computer. In Windows 8.1, you should go to Control Panel, select System and Security, select Windows Update,
and select Installed Updates.

In Windows 10, you would go to Settings, then choose Update and Security, choose Windows Update, choose
Advanced Options, choose View your update history, and choose Uninstall updates.

Highlight the update you want to uninstall, right-click the update, and choose Uninstall.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 5/109
30/10/2019 MD-100 Exam Simulation

Uninstalling the update will remove the update from your computer, but will not prevent the update from being
downloaded again. In Windows 8.1, to prevent the update from being downloaded again, go to the Available
Updates list by clicking the optional update available option at the Windows Update screen shown in the prior
exhibit. In the Available Updates list, highlight the update that you do not want to be downloaded, right-click the
update, and choose Hide update.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 6/109
30/10/2019 MD-100 Exam Simulation

In Windows 10, you must download the "Show or hide updates" troubleshooter. This troubleshooter temporarily
prevents the driver or update from being reinstalled until a new driver or updated fix is available for Windows 10.
You can obtain and run the "Show or hide updates" troubleshooter by downloading it from the Microsoft Download
Center.

Hiding an update prevents the update from being checked and marked for download. Once the application has
been repaired and you are ready to download the update, you can choose the option of Restore Hidden Updates
option from the Windows Update dialog box to make the update available again. Clicking Restore Hidden Updates
launches the following applet:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 7/109
30/10/2019 MD-100 Exam Simulation

You should not attempt to delete the update file in the \Windows\System32 directory. An update may contain a
single file or multiple file. You cannot get details on the file name for the update in Windows Update. It is not
recommended to uninstall an update this way.

You should not specify a different WSUS server in Windows Update. You can specify a different server to pull
updates from than the Microsoft Update server by editing a local security policy or having the server configured in a
GPO that is applied to the computer. However, specifying a different WSUS may not prevent the update from
applying. If the administrator of the WSUS server has approved the update, the client computer will download the
update.

You should not clear the All users to install updates on this computer setting. Clearing this setting will prevent
non-administrators from installing updates on the computer. You want to prevent a particular update from installing,
not prevent other updates from installing.

If you need to remove hotfixes or service packs from a Windows 8 or Windows 10 computer, you can use the Hotfix
Uninstall option of the Microsoft Diagnostics and Recovery Toolset (DaRT).

In addition to removing Windows Updates from a Windows computer, you may also need to understand how to
restore Windows computers to a previous state. If the Windows computer is configured with restore points enabled,
you can recover any restore point. But Windows also includes a new way to restore a computer to its original
configuration. In Windows 8.1, the General section of PC Settings contains two options: Refresh your PC without
affecting your files and Remove everything and reinstall Windows, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 8/109
30/10/2019 MD-100 Exam Simulation

If you select the Refresh your PC without affecting your files option, all of your personal files will be retained. For
applications, only those applications you obtain from the Windows Store will be retained. All others will need to be
reinstalled.

If you select the Remove everything and reinstall Windows option, the computer will be restored to its original
factory settings. Keep in mind that if you use this option, you will need the Windows product key.

In Windows 10, you can perform a PC refresh by opening Settings, selecting the Update and Security option,
choosing Recovery on the right side, and clicking the Get Started button under the Refresh this PC without
affecting your files section on the right.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 9/109
30/10/2019 MD-100 Exam Simulation

This option is commonly called push button refresh.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

Windows Support > Windows Update: FAQ

Microsoft > Windows 8 > Security & accounts > Windows automatic updating: Frequently asked questions

SevenForums.com > Tutorials > How to hide or restore Hidden Windows Updates in Windows 7 and Windows 8

Question #5 of 50 Question ID: 1191067

You need to encrypt the C:\Tax\2018\Records directory. You want to make sure that any additional files added to
this directory are encrypted. You type the following from the command prompt:

C:\User\Admin> C:\Tax\2018\Records

Type the command and the proper parameter in the field provided.

Explanation

Acceptable answer(s) for field 1:

Cipher /e
Cipher.exe /e

You should use the cipher.exe command with the /e parameter. This parameter both encrypts files and ensures the
directory will encrypt files when they are added.

When you type Cipher /e C:\Tax\2018\Records at the command prompt, any new files added to the directory
will be encrypted. If you do not use the /e parameter, then any new file that is added to the directory will not be
encrypted.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows Server > Windows Commands > Commands by Server Role > cipher

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 10/109
30/10/2019 MD-100 Exam Simulation

Question #6 of 50 Question ID: 1230865

Your company has a branch office that consists of four Windows 10 computers in a workgroup. You have shared
invoice files from a folder on Computer4. Users are not able to print invoices on the laser printer attached to
Computer4, nor access any invoice files or any other files on Computer4. You need to ensure that other users in
the office can print to this printer.

What should you configure first on Computer4?

A) Open Devices and Printers. Open the Security tab of the Print Server
properties and enable printer sharing.
B) Modify the Private profile.
C) Open Devices and Printers. Open the Sharing tab in the printer
properties of the laser printer and share the printer.
D) Open Devices and Printers. Open the Advanced tab of the Print Server
properties and enable printer sharing.
E) Open Windows Defender Firewall, open Allow an app or feature through
Windows Defender Firewall, and check File and Printer Sharing and
Private Network.

Explanation

You will need to first modify the Private profile on Computer4 to ensure that File and Printer Sharing is configured
to ON.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 11/109
30/10/2019 MD-100 Exam Simulation

File and printer sharing must be turned on for files and printers that have been shared from a computer to be
accessed by other people on the network. In this scenario, users are not able to access the file shares on
Computer4, nor access the printer on Computer4. Although in the scenario, it does not mention that the printer
has been shared, but it did mention that the folder that contained the invoice files was shared on Computer4. Since
none of the users could access the shared folder, you should check to see that File and Printer Sharing is enabled.

You can also open Windows Defender Firewall, open Allow an app or feature through Windows Defender
Firewall, and check File and Printer Sharing and Private Network on a Windows 10 computer.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 12/109
30/10/2019 MD-100 Exam Simulation

You can share a printer by opening Devices and Printers on Computer4, opening the Sharing tab in the printer
properties of the laser printer, and sharing the printer. However, in this scenario, you must FIRST ensure that that
File and Printer Sharing is enabled. Since no other users can access any shared files on Computer4, you should
check to see File and Printer Sharing is configured to on before sharing the printer.

You cannot open Devices and Printers and enable printer sharing on the Advanced tab or the Security tab of the
Print Server properties. The Advanced tab of the Print Server properties displays the spool folder and how
informational notifications will be sent. The Security tab of the Print Server properties is where you configure the
permissions for users who access the print server.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows > Threat protection > Windows Defender Firewall with Advanced Security

TechNet > Installed Help for Windows Server 2008 R2 > Networking > Windows Firewall with Advanced Security
and IPsec > Windows Firewall with Advanced Security > Understanding Firewall Profiles

GeekSquad > Knowledge Vault > How to set up file sharing on Windows 10

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 13/109
30/10/2019 MD-100 Exam Simulation

Question #7 of 50 Question ID: 1191031

You plan to install Windows 10 on several existing computers that run 32-bit or 64-bit AMD processors in your
domain. You want to ensure that Credential Guard is enabled on these computers for the following reasons:

Employees in your organization store credentials in Credential Manager as generic credentials so that
credentials saved by the Remote Desktop Protocol cannot be used.
Windows services that manage derived domain credentials run in a protected environment that is isolated from
the running operating system.

What must you configure? (Choose all that apply.)

A) Ensure that Secure Boot is disabled on the computers.


B) Ensure that the computers have UEFI firmware 2.5 or higher.
C) Ensure that Secure Boot is enabled on the computers.
D) Use the registry to turn on Credential Guard on the 32-bit computers.
E) Ensure that Windows 10 Enterprise is installed on the computers.
F) Ensure Windows 10 Pro or Windows 10 Enterprise is installed on the
computers.
G) Ensure that the computers have UEFI firmware 1.5 or higher.
H) Ensure that the computers have UEFI firmware 2.0 or higher.
I) Use Group Policy to turn on Credential Guard on the 64-bit computers.
J) Migrate the 32-bit computers to virtual machines on a Hyper-V host that has a
64-bit processor, and use Group Policy to turn on Credential Guard for these
virtual machines.
K) Ensure Windows 10 Pro, Windows 10 Educational, or Windows 10 Enterprise
is installed on the computers.

Explanation

The computer must have the following for Credential Guard to be used:

The computer must be running Windows 10 Enterprise.


The computer must have UEFI firmware version 2.3.1 or higher.
The computer must have Secure Boot.
The computer must have virtualization extensions, such as Intel VT-x or AMD-V, and Second Level Address
Translation enabled.
The computer must be a physical computer (not virtual) and must have a 64-bit processor.

The computer must have Trusted Platform Module (TPM) version 1.2 or 2.0. Credential Guard can still be enabled
even if your computer does not have a TPM chip installed. Virtualization-based security keys used to protect
Credential Guard secrets will be protected in a UEFI Boot Service variable and will not be bound to the TPM.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 14/109
30/10/2019 MD-100 Exam Simulation

You can enable Credential Guard in Group Policy by finding the Turn On Virtualization Based Security policy
under Computer Configuration > Administrative Templates > System > Device Guard. You should choose
Secure Boot under Select Platform Security Level. If you want to prevent Credential Guard from being turned off
remotely, then select Enabled with UEFI lock under Credential Guard Configuration.

You can also turn on Credential Guard by editing the registry on the 64-bit computer.

Windows 10 Pro edition or Windows 10 Educational edition cannot support Credential Guard. Only Windows 10
Enterprise edition can.

You cannot migrate the 32-bit computers to virtual machines on a Hyper-V host that has a 64-bit processor and use
Group Policy to turn on Credential Guard for these virtual machines. Credential Guard can be enabled on both
physical and virtual 64-bit computers.

Objective:
Deploy Windows

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 15/109
30/10/2019 MD-100 Exam Simulation

Sub-Objective:
Deploy Windows 10

References:

What's new in Credential Guard?

Protect derived domain credentials with Credential Guard

Question #8 of 50 Question ID: 1230860

You manage your company's network that contains Windows 10 and Windows Server 2012 R2 computers in a
single domain. One of the Windows 10 computers is used by contractors for data entry and is isolated from network
communication using Windows Firewall with Advanced Security and group policies.

Recently, IT technicians have requested the ability to connect to this computer over TCP port 3389. What should
you do to provide this functionality for the IT technicians on this computer?

A) Enable the Windows Firewall: Allow local port exceptions policy.


B) Enable the Windows Firewall: Allow inbound remote administration
exception policy.
C) Enable the Windows Firewall: Allow inbound Remote Desktop exceptions
policy.
D) Enable the Windows Firewall: Allow ICMP exceptions policy.

Explanation

You should enable the Windows Firewall: Allow inbound Remote Desktop exceptions policy in the
Network\Network Connections\Windows Firewall\Domain Profile path to allow IT technicians to connect to the
computer over TCP port 3389. TCP port 3389 is the port used by Remote Desktop.

You should not enable the Windows Firewall: Allow inbound remote administration exception policy because
this policy opens port 135 and 445. The scenario specifically stated that you wanted to open port 3389.

You should not enable the Windows Firewall: Allow local port exceptions policy. This policy would allow
administrators to create any local port exception.

You should not enable the Windows Firewall: Allow ICMP exceptions policy. This policy defines which type of
ICMP messages are allowed.

All of these group policies are found in the Computer Configure > Administrative Templates > Network >
Network Connections > Windows Firewall > Domain Profile section as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 16/109
30/10/2019 MD-100 Exam Simulation

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows > Threat protection > Windows Defender Firewall with Advanced Security

Windows Defender Firewall with Advanced Security: What is it? How to open it? What can you do with it?

TechNet Library > Windows Server > Windows Server 2008 and Windows Server 2008 R2 > Windows Server
Content by Category > Windows Server 2008 R2 Content by Category > Installed Help for Windows Server 2008
R2 > Group Policy > Group Policy Management Console

TechNet Library > Windows Server > Windows Server 2008 and Windows Server 2008 R2 > Browse Windows
Server Technologies > Remote Desktop Services (Terminal Services) > Remote Desktop Services in Windows
Server 2008 R2 > Technical Reference > Group Policy Settings for Remote Desktop Services in Windows Server
2008 R2 > All Group Policy Settings for Remote Desktop Services in Windows Server 2008 R2

How to Enable Remote Desktop and Allow Access through the Windows Firewall with Advanced Security on
Windows 8 and Server 2012 using Group Policy

LanSweeper.com > How to Configure the Windows Firewall with Group Policies

Question #9 of 50 Question ID: 1230852

You are the administrator of the nutex.com domain. You want to set up a Windows 10 Pro computer in a workgroup
to run as a single-app kiosk. The NutexUser account is assigned to the kiosk. You want to ensure that when
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 17/109
30/10/2019 MD-100 Exam Simulation

NutexUser logs in, a single application is automatically launched.

Because this kiosk will reside in the building lobby, you must also ensure that a person using the kiosk cannot do
anything on the device except use the kiosk app. Also, if the computer restarts due to a power problem, the
NutexUser should log in automatically and the device should launch the kiosk application.

What should you configure? (Choose all that apply.)

A) Sign in as NutexUser, go to Settings > Accounts > Sign-in options, and toggle
the Use my sign-in info to automatically finish setting up my device after an
update or restart setting to OFF.

B) Enable user account control (UAC).


C) Sign in as NutexUser, go to Settings > Accounts > Sign-in options, and toggle
the Use my sign-in info to automatically finish setting up my device after an
update or restart setting to ON.

D) Go to Start > Settings > Accounts > Other users and configure the account to
be used as the kiosk account.

E) Disable user account control (UAC).


F) Go to Start > Settings > Accounts > Sign-in options and configure the account
to be used as the kiosk account.

Explanation

For a Windows 10 computer to act as a kiosk, you must enable user account control (UAC).

To ensure that the NutexUser account is logged in and the kiosk is automatically launched if the Windows 10
computer is rebooted, you should configure the Use my sign-in info to automatically finish setting up my device after
an update or restart setting to ON. If this setting is set to OFF, then the account does not automatically sign in when
the device is restarted.

You should not go to Start > Settings > Accounts > Other users and configure the account to be used as the kiosk
account. From this page, you can choose to Set up a kiosk by adding a local account that will act as the kiosk
account and choose the app that will run when the kiosk account signs in to the computer.

You can use the PowerShell cmdlet Set-AssignedAccess to configure access to the kiosk account and kiosk
application.

You can use the kiosk wizard in Windows Configuration Designer to configure access to the kiosk account and
kiosk application:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 18/109
30/10/2019 MD-100 Exam Simulation

You would not go to Start > Settings > Accounts > Sign-in options and configure the account to be used as the kiosk
account. The Sign-in options page allows you to configure Windows Hello, Picture password, PIN, or Dynamic Lock
for your computer.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage local users, local groups, and devices

References:

Docs > Windows > Set up a single-app kiosk

Question #10 of 50 Question ID: 1230917

You must perform a backup of all files on an associate's Windows 10 computer. The computer has two drives. You
need to archive the following:

All data on the first drive


All spreadsheets stored on the second drive

If any drive fails or if the computer stops working, you will need to restore all the data from this backup.

Which applet in Control Panel should you use?

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 19/109
30/10/2019 MD-100 Exam Simulation

A) Storage Spaces
B) Recovery
C) Sync Center
D) Device and Printers
E) File History
F) Backup and Restore (Windows 7)

Explanation

You should use the Backup and Restore (Windows 7) applet, which appears as follows:

The Backup and Restore (Windows 7) applet allows you to create a system image in Windows 10. This
functionality was not available in Windows 8, but was added to Windows 10. The Backup and Restore (Windows
7) tool backs up data stored on stored on New Technology File System (NTFS) volumes. Windows 10 volumes are
NTFS by default.

You cannot use the Backup and Restore (Windows 7) applet to back up data that is on file allocation table (FAT),
FAT32, exFAT, or Resilient File System (ReFS) volumes.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 20/109
30/10/2019 MD-100 Exam Simulation

A system image can be used to restore a computer if a drive failure occurs. You can store a system image on an
attached hard disk, on multiple DVDs, or on a shared network location:

You should not use the File History applet. This applet backs up files located in your user account's libraries. You
can add folders to these libraries or create new libraries if you want to back up files stored in other folders.
However, this applet will not create a backup that can be used to restore a computer if a drive fails.

You should not use the Recovery applet. The Recovery applet will allow you to create a recovery drive and restore
a system using restore points. The Recovery applet will not create a backup of data.

You should not use the Devices and Printers applet. This applet will allow you to add or remove printers,
multimedia devices, and other devices. The Devices and Printers applet will not create a backup of data.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 21/109
30/10/2019 MD-100 Exam Simulation

You should not use the Storage Spaces applet. This applet will allow you to create a storage pool or a storage
space. The Storage Spaces applet will not create a backup of data.

You should not use the Sync Center applet. This applet will allow you to view sync activity, perform a
synchronization of offline files, or change your sync settings. The Sync Center applet will not create a backup of
data.

Objective:
Maintain Windows

Sub-Objective:
Configure system and data recovery

References:

How to Use All of Windows 10's Backup and Recovery Tools

Question #11 of 50 Question ID: 1230866

You must Telnet into a Cisco router from your Windows 10 computer to modify the route table. You receive the
following error when you attempt to connect to the router:

What must you configure on your computer?

A) Open Windows Defender Firewall, choose Allow apps to communicate


through Windows Defender Firewall, and add Telnet.
B) In Programs and Features, choose Turn Windows Features on or off, and
check Simple TCP/IP services.
C) Run dism /online /Enable-Feature /FeatureName:TelnetClient.

D) Install the Remote Server Administration Tools (RSAT).

Explanation

You should run dism /online /Enable-Feature /FeatureName:TelnetClient to install the Telnet client:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 22/109
30/10/2019 MD-100 Exam Simulation

The Telnet client is not installed by default. Besides using the dism command to enable features, you can use the
Turn Windows Features on or off option in the Program and Features applet in Control Panel. You should choose
Telnet Client, not Simple TCP/IP services. Simple TCP/IP services installs legacy UNIX features, such as echo
and daytime services, and does not install the Telnet client.

You will have to open Windows Defender Firewall, and choose Allow apps to communicate through Windows
Defender Firewall, and add Telnet. However, you must first install the Telnet client.

You do not have to install the Remote Server Administration Tools (RSAT). RSAT will install server-based
management tools such as DNS Manager, DHCP Manager, and others, but will not install the Telnet client.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

How to enable the Telnet Client in Windows 10

Question #12 of 50 Question ID: 1230861

You have a Windows 10 computer on which you have implemented Windows Firewall with Advanced Security. You
need to create a new inbound firewall rule for the Windows 10 computer. Which PowerShell cmdlet should you use?
(Enter only the cmdlet.)

Explanation

Acceptable answer(s) for field 1:

New-NetFirewallRule

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 23/109
30/10/2019 MD-100 Exam Simulation

You should use the New-NetFirewallRule PowerShell cmdlet. This cmdlet can add both inbound and outbound
firewall rules.

The syntax for the New-NetFirewallRule cmdlet is as follows:

New-NetFirewallRule -DisplayName <String> [-Action <Action> ] [-AsJob] [-Authentication


<Authentication> ] [-CimSession <CimSession[]> ] [-Description <String> ] [-Direction
<Direction> ] [-DynamicTransport <DynamicTransport> ] [-EdgeTraversalPolicy <EdgeTraversal> ]
[-Enabled <Enabled> ] [-Encryption <Encryption> ] [-GPOSession <String> ] [-Group <String> ]
[-IcmpType <String[]> ] [-InterfaceAlias <WildcardPattern[]> ] [-InterfaceType
<InterfaceType> ] [-LocalAddress <String[]> ] [-LocalOnlyMapping <Boolean> ] [-LocalPort
<String[]> ] [-LocalUser <String> ] [-LooseSourceMapping <Boolean> ] [-Name <String> ] [-
OverrideBlockRules <Boolean> ] [-Owner <String> ] [-Package <String> ] [-Platform <String[]>
] [-PolicyStore <String> ] [-Profile <Profile> ] [-Program <String> ] [-Protocol <String> ]
[-RemoteAddress <String[]> ] [-RemoteMachine <String> ] [-RemotePort <String[]> ] [-
RemoteUser <String> ] [-Service <String> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [
<CommonParameters>]

Some of the parameters that you can use with this cmdlet are as follows:

-Action – specifies the action (allow or deny) that should be taken on communication that matches this rule.
-Authentication – specifies whether authentication should be required or not.
-Direction – specifies whether it is an inbound or outbound rule.
-Enabled – specifies whether the rule is enabled or not.
-Encryption – specifies whether encryption is required or not.

You must specifically enable a Windows 10 computer to remotely execute PowerShell commands. The Enable-
PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by
using the WS-Management technology.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

TechNet > Scripting with Power Shell > Windows and Windows Server Automation... > Windows Server 2016
Technical Preview... > Network Security Cmdlets > New-NetFirewallRule

Question #13 of 50 Question ID: 1230892

You need to configure an IPv4 address on a new connection for a Windows 10 computer. Which PowerShell cmdlet
should you use? (Enter only the cmdlet without parameters.)
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 24/109
30/10/2019 MD-100 Exam Simulation

Explanation

Acceptable answer(s) for field 1:

New-NetIPAddress

You should use the New-NetIPAddress cmdlet to configure an IPv4 or IPv6 address on a new connection for a
Windows 10 computer.

You must know either the Interface Alias or Interface Index to use this command. The correct syntax if you know the
Interface Alias is as follows:

New-NetIPAddress [-IPAddress] <String> -InterfaceAlias <String> [-AddressFamily


<AddressFamily> ] [-AsJob] [-CimSession <CimSession ] [-DefaultGateway <String> ] [-
PolicyStore <String> ] [-PreferredLifetime <TimeSpan> ] [-PrefixLength <Byte> ] [-
SkipAsSource <Boolean> ] [-ThrottleLimit <Int32> ] [-Type <Type> ] [-ValidLifetime <TimeSpan>
] [-Confirm] [-WhatIf] [ <CommonParameters>]

The correct syntax if you know the Interface Index is as follows:

New-NetIPAddress [-IPAddress] <String> -InterfaceIndex <UInt32> [-AddressFamily


<AddressFamily> ] [-AsJob] [-CimSession <CimSession ] [-DefaultGateway <String> ] [-
PolicyStore <String> ] [-PreferredLifetime <TimeSpan> ] [-PrefixLength <Byte> ] [-
SkipAsSource <Boolean> ] [-ThrottleLimit <Int32> ] [-Type <Type> ] [-ValidLifetime <TimeSpan>
] [-Confirm] [-WhatIf] [ <CommonParameters>]

Some of the parameters used with the command are as follows:

-AddressFamily – configures whether IPv4 or IPv6 is used.


-CimSession – runs the command in a remote session.
-DefaultGateway – configures the default gateway.
-InterfaceAlias – specifies the interface alias that is being configured or queried.
-InterfaceIndex – specifies the interface index that is being configured.
-IPAddress – specifies the IP address to be used.

-Type – specifies whether using a unicast or anycast address.

You must specifically enable a Windows 10 computer to remotely execute PowerShell commands. The Enable-
PSRemoting cmdlet configures the computer to receive Windows PowerShell remote commands that are sent by
using the WS-Management technology.

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 25/109
30/10/2019 MD-100 Exam Simulation

References:

Docs > New-NetIPAddress

Question #14 of 50 Question ID: 1230920

You have twenty Windows 10 computers in an on-premises domain, twenty Windows 10 in Azure Active Directory
domain, and one hundred Windows 10 computers in a workgroup.

Your goal is to ensure that all Windows 10 computers have the latest updates deployed. You must conserve
available bandwidth.

Your solution is to use Intune to configure the Windows Update for Business settings that control how and when
Windows 10 devices are updated.

Does your solution meet your goal?

A) No
B) Yes

Explanation

You can use Intune to configure the Windows Update for Business settings to control how and when Windows 10
devices are updated. In this scenario, you could use Intune because Intune with Windows Update for Business can
manage devices that are not joined to a domain at all, or devices that are joined to Microsoft Azure Active Directory
(Azure AD) alongside your on-premises domain-joined devices.

You could not use Group Policy to configure all of the Windows 10 devices to use a WSUS server because some of
the Windows 10 computers are in a workgroup. Group Policy can only affect users and computers that are
members of a domain. However, if all your computers were members of a domain, you can configure a Group
Policy to enable the Configure Automatic Updates setting and Specify intranet Microsoft update service
location setting for a WSUS server. This policy setting will allow computers to receive updates from a particular
server instead of using Windows Update.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

Docs > Windows > Deployment > Walkthrough: use Microsoft Intune to configure Windows Update for Business

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 26/109
30/10/2019 MD-100 Exam Simulation

Question #15 of 50 Question ID: 1230836

You plan to roll out Windows 10 clients to a branch office in your domain. You plan to use Active Directory-based
activation.

Which of the following statements are true regarding Active Directory-based activation? (Choose all that apply.)

A) The Volume Activation Services server role must be installed on a domain


controller running Windows 2012 R2 or higher.
B) Clients attempt to reactivate every 30 days.
C) You must add a KMS host key by using the Software Protection Service.
D) You must add a KMS host key by using the VAMT.
E) Clients that are activated with Active Directory-based activation will maintain
their activated state for up to 180 days.
F) Clients that are activated with Active Directory-based activation will maintain
their activated state for up to 90 days.
G) If the computer was previously configured with a Multiple Activation Key,
replace it with the Generic Volume License Key by running the slmgr.vbs /ato
command and specifying the Generic License Volume Key as the new product
key.

H) You must add a KMS host key by using the Health Key and Certificate
Management service.
I) The Volume Activation Services server role must be installed on a member
server running Windows 2012 R2 or higher.
J) If the computer was previously configured with a Multiple Activation Key,
replace it with the Generic Volume License Key by running the slmgr.vbs /ipk
command and specifying the Generic License Volume Key as the new product
key.
K) Only domain-joined client computers running Windows 10 and Windows 8.1
with a Generic Volume License Key will be activated automatically and
transparently.
L) Clients attempt to reactivate every 7 days.
M) The Volume Activation Services server role must be installed on a standalone
server running Windows 2012 R2 or higher.

Explanation

You must have the Volume Activation Services server role on a computer that is a domain controller running
Windows Server 2012 R2 or higher. The domain that contains the Volume Activation Services server role must have
the domain extended to the Windows Server 2012 R2 schema level. You must add a KMS host key by using the
Volume Activation Management Tool (VAMT) console in Windows Server 2012 R2 or the VAMT in earlier versions
of Windows Server.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 27/109
30/10/2019 MD-100 Exam Simulation

Once the domain controller with the Volume Activation Services server role has been installed and the KMS host
key with the VAMT has been added with the VAMT, Microsoft verifies the KMS host key that has been installed.
Once the key has been verified, the activation object has been created. Computers that run Windows 8 and higher
and Windows Server 2012 and higher are activated by the activation object they receive from a domain controller
during startup.

Computers that are activated with Active Directory-based activation remain activated for at least 180 days.
However, during the 180-day period, the computer will try reactivation every seven days.

You should replace the Multiple Activation Key with the Generic Volume License Key by running the slmgr.vbs /ipk
command and specifying the Generic License Volume Key as the new product key if the computer has been
previously configured with a MAK key. You should not use the slmgr.vbs /ato command. This command is used to
activate online over the Internet without specifying a key.

It is not true that only domain-joined client computers running Windows 10 and Windows 8.1 with a Generic Volume
License Key will be activated automatically and transparently. You can also automatically activate domain-joined
Windows 8 and higher computers with a Generic Volume License Key.

You cannot add a KMS host key by using the Software Protection Service or the Health Key and Certificate
Management service. The Health Key and Certificate Management service provides X.509 certificate and key
management services for the Network Access Protection Agent (NAPAgent). The Software Protection Service
enables the installation and enforcement of digital licenses for Windows and Windows applications, but does not
allow you add a KMS host key.

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

Docs > Windows > Deployment > Activate using Active Directory-based activation

Question #16 of 50 Question ID: 1230857

You need to configure several computers in the Marketing OU. You have to meet two business requirements:

The domain user Nutex\Geoff must be a member of the Remote Desktop Users group on all computers in the
Marketing OU.
All of the computers in the Azure Active Directory domain run a proprietary application that must have a file
shared enabled for the application to work properly

What is the easiest way to configure the computers in the Marketing OU and in the Azure Active Directory domain?

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 28/109
30/10/2019 MD-100 Exam Simulation

A) Edit the AADDC Users GPO for all computers in the Azure Active Directory
domain. Create and apply a GPO for the Marketing OU.
B) Edit the AADDC Computers GPO for all computers in the Azure Active
Directory domain. Run PowerShell scripts on the computers in the Marketing
OU.
C) Edit the AADDC Computers GPO for all computers in the Azure Active
Directory domain. Create and apply a GPO for the Marketing OU.
D) Edit the AADDC Computers GPO for all computers in the Azure Active
Directory domain. Run PowerShell scripts on the computers in the Marketing
OU.
E) Edit the AADDC Users GPO for all computers in the Azure Active Directory
domain. Run PowerShell scripts on the computers in the Marketing OU.

Explanation

The easiest way to make the domain user Nutex\Geoff a member of the Remote Desktop Users group on all
computers in the Marketing OU is to create and apply a GPO for the Marketing OU. You can create a GPO, set the
Restricted Groups policy setting in that GPO, and apply it to the Marketing OU. If the GPO is applied to the
Marketing OU, then it will apply to all objects in that OU.

Because the Restricted Groups policy setting is a Computer Only preference, then it will apply only to the
computers in the Marketing OU. The Restricted Groups policy setting allows you to prepopulate a default group with
domain users. In this scenario, you are adding a domain user from the Nutex domain to the Remote Desktop Users
group. Membership in the group allows the domain user to connect via RDP to that computer remotely:

The easiest way to have a file shared enabled on all computers in the Azure Active Directory domain is to edit the
AADDC Computers GPO for all computers in the Azure Active Directory domain. In this scenario, you want to
apply the Network Shares preference setting to all computers in the Azure Active Directory domain. You can set the

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 29/109
30/10/2019 MD-100 Exam Simulation

preference in the AADDC Computers GPO. This GPO is the default GPO for the AADDC Computers OU. This
OU contains all the computers in the Azure Active Directory domain.

The Network Shares preference setting allows you to create a share on a computer. The following screenshot
shows the Network Share preference setting creating a share named AppShare1 in the Group Policy: object

You should not edit the AADDC Users GPO. This GPO is the default GPO for the AADDC Users OU. This OU
contains all the users in the Azure Active Directory domain. In this scenario, the Network Share preference setting
is a computer only preference, not a User Configuration setting.

You should not use PowerShell scripts to configure the computers in the Marketing OU or in the Azure AD domain
because this would take more administrative effort than necessary.

Objective:
Manage Devices and Data)

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 30/109
30/10/2019 MD-100 Exam Simulation

Sub-Objective:
Configure devices by using local policies

References:

Azure > AD > Administer Group Policy on an Azure AD Domain Services managed domain

Question #17 of 50 Question ID: 1230842

You are issuing each mobile employee a laptop that runs Windows 10 and an Android phone. All users are
members of the nutex.com domain and all are joined to the nutex.com domain.

You configure a Group Policy to ensure the laptops lock when the users walks away from them with their phones for
a certain amount of time. All users report that their computers lock when they leave the building.

Jack’s laptop fails. You issue Jack a new laptop that has been joined to the domain. Jack complains that his laptop
does not lock when he leaves the building for lunch.

What could be the problem?

A) Jack’s phone is not paired with the laptop


B) Windows Hello is not configured
C) Dynamic Lock is not configured
D) Jack’s phone does not use the same SSID as the laptop

Explanation

For Dynamic lock to work, you must have Bluetooth enabled, the phone device paired with the laptop, and Dynamic
lock set on the computer.

In this scenario, Dynamic lock is configured via Group Policy. Jack’s laptop is joined to the Active Directory domain,
so Jack’s new laptop would have received the same settings from Group Policy as his old laptop. Because Group

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 31/109
30/10/2019 MD-100 Exam Simulation

Policy settings enabled Dynamic lock on the computers, the issue may be that Bluetooth is not turned on the laptop
or the phone device is not paired with the laptop.

Dynamic lock uses Bluetooth, not Wi-Fi. It does not matter whether Jack’s phone uses the same SSID as the laptop
because Dynamic lock uses Bluetooth.

You should not enable Windows Hello. This feature allows an infrared camera to perform facial recognition. This
feature will lock the computer, but will not lock the computer based on a device. It will lock the computer if your face
is out of view of the camera.

Objective:
Deploy Windows

Sub-Objective:
Perform post-installation configuration

References:

Lock your Windows 10 PC automatically when you step away from it

How to take advantage of the Dynamic Lock feature in Windows 10

Question #18 of 50 Question ID: 1230864

You manage client computers for an organization. You plan to remote desktop for specific computers. You need to
allow the TCP port that is used for remote desktop on the computers.

Which Windows PowerShell cmdlet should you use?

A) Set-NetFirewallPortFilter
B) Enable-NetFirewallRule
C) New-NetFirewallRule
D) Set-NetFirewallRule

Explanation

You should use the Enable-NetFirewallRule cmdlet. A default rule exists in the inbound policy that can be enabled
to allow remote desktop through the firewall. The following enables a firewall rule by specifying the name of the rule:

Enable-NetFirewallRule -DisplayName "Network Discovery"

You should not use the New-NetFirewallRule cmdlet. This creates a new firewall rule on the computers. The
following command creates an outbound firewall rule to block all of the traffic from the local computer that originates
on TCP port 21:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 32/109
30/10/2019 MD-100 Exam Simulation

New-NetFirewallRule -DisplayName "Block Outbound Port 21" -Direction Outbound -LocalPort 21 -


Protocol TCP -Action Block

You should not use the Set-NetFirewallRule cmdlet. This modifies an existing rule but does not enable the rule on
a computer. The following changes the WebServer8080 rule to match a different remote IP address of a web server
of 192.168.0.2 for which traffic is allowed by a rule:

Set-NetFirewallRule -DisplayName "WebServer8080" -RemoteAddress "192.168.0.2"

You should not use the Set-NetFirewallPortFilter cmdlet. This modifies the port filter for a specific firewall setting.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Windows IT Center > Windows 10 and Windows Server 2016 > Network security > Enable-NetFirewallRule

Docs > Windows > Threat protection > Windows Defender Firewall with Advanced Security

TechNet > Networking > Windows Firewall with Advanced Security and IPsec > Windows Firewall with Advanced
Security > Understanding Firewall Profiles

Question #19 of 50 Question ID: 1230930

You have deployed Windows 10 on several computers that once ran Windows 7. A user reports that applications
that are supposed to be compatible with Windows 10 are crashing several times a week, and that the overall OS
freezes frequently. You want to view all events affecting the stability of the computer that occurred in the past seven
days.

What tool should you use to view the events?

A) System logs in the Event Viewer

B) Performance Monitor
C) %windir%\WindowsUpdate.log
D) Reliability Monitor

Explanation

You should use the Reliability Monitor to view the events that indicate the stability of a computer. You can track
important changes made to the computer that may be affecting system stability, such as Windows updates, driver
updates, new device installations, and software installations. You can use the Reliability Monitor snap-in to trace a
reliability change to a particular event. When you open Reliability Monitor, you will see a graphical chart that gives
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 33/109
30/10/2019 MD-100 Exam Simulation

you one-click access to all application failures, Windows failures, miscellaneous failures, warnings, and
informational events that occurred on a given date or in a given week.

To open Reliability Monitor, go to the Action Center in Control Panel, expand the Maintenance node, and choose
View reliability history.

All other options are incorrect because they cannot be used to review the overall stability of the computer.

The Performance Monitor snap-in is used to view performance counters, such as print queue and processor.
Performance Monitor allows you to review performance log data using graphical views. You can use several
system-defined data collector sets, or you can create a user-defined data collector set (DCS) to monitor the
performance counters.

For example, if you wanted to create a DCS to review memory, physical disk, and processor counters, you should
right-click the User Defined option under the Data Collector Sets category in the Performance node of Computer
Management, and select New. In the wizard, you should select the Performance Counter Alert option if you do not
want to use the template, and click Next. If necessary, run the DCS as a user with the rights to do so. There is an
option to specify this. Then you should click the Add button to add memory, physical disk, and processor counters
to the DCS. While finishing the wizard, you can select the open properties for this data collector set radio button to
access the properties window of the DCS to add the schedule to start the DCS.

The WindowsUpdate.log file located in the %windir% directory is used to determine the cause of the error if you
face any trouble while installing updates on your computer. The Windows Update log file contains information
related to the updates of your computer and information for those who connect to an SUS or WSUS server for
updates. You can view the %windir%\WindowsUpdate.log file to determine the exact cause of the error that can
help in troubleshooting your Windows Update problems.

The system logs in the Event Viewer are used to view events logged by Windows system components. For
example, you can view driver failure events or failure of other system components during Windows startup in the
system log. The events that should be logged by system components in the system logs are predetermined by
Windows.

Objective:
Maintain Windows

Sub-Objective:
Monitor and manage Windows

References:

Solving Problems Using Reliability Monitor in Windows 10

TechNet Library > Windows Server > Windows Server 2008 R2 and Windows Server 2008 > What's New in
Windows Server > Changes in Functionality in Windows Server 2008 R2 > What's New in Performance and
Reliability Monitoring

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 34/109
30/10/2019 MD-100 Exam Simulation

Question #20 of 50 Question ID: 1230924

You have an application that is negatively affected by an update installed by Windows Update. Before you roll back
the update, you want to identify the specific update in order to determine if the update is important.

Where can you find this information? (Choose all that apply.)

A) Filter the security log by the Task Category value of Windows Update Agent.
B) Filter the system log by the Event ID value of 19.
C) View the DTCinstall.log file under the C:\Windows directory.
D) Filter the application log by the Source value of WindowsUpdateClient.
E) View the update history.

Explanation

You can view the update history in Windows Update to find a list of updates that have been applied to your
computer. In Windows 10, you would go to Settings, then choose Update and Security, choose Windows
Update, choose Advanced Options, and choose View your update history.

You can also filter the system log by criteria such as an Event ID value of 19, a Task Category value of Windows
Update Agent, or a Source value of WindowsUpdateClient. All of these criteria will filter the system log to retrieve
updates that were installed on your computer.

Although this option was not given, you can also view the history of Windows updates by viewing the Operation log
of the Windows Update Client. This log can be viewed by opening Event Viewer, expanding Applications and

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 35/109
30/10/2019 MD-100 Exam Simulation

Services Logs, expanding Microsoft, expanding Windows, expanding WindowsUpdateClient, and expanding
Operational, as shown in the following exhibit:

Another way of viewing specific updates that were installed on your computer is to view the ReportingEvents.log
file under the C:\Windows\SoftwareDistribution directory.

You cannot filter the application log by the Source value of WindowsUpdateClient to find Windows Update events.
With any Windows log in Event Viewer, you can filter the log by criteria such as Event Level, Event Source, Event
ID, Date, User, and Computer. However, events for Windows Update do not appear in the application log. These
events appear in the system log.

You cannot filter the security log by the Task Category value of Windows Update Agent to find Windows Update
events. The security log contains information that pertains to auditing on the computer. You must configure auditing
before events will appear in the security log. The security log will not track events that pertain to Windows Update.

You cannot view Windows updates installed on this computer by looking in the DTCinstall.log file under the
C:\Windows directory. This file keeps information related to the MSDTC service, not information on updates from
Windows Update.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 36/109
30/10/2019 MD-100 Exam Simulation

How to see update history in Windows 10

TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Windows Server
2008 R2 Content by Category > Installed Help for Windows Server 2008 R2 > Troubleshooting > Event Viewer

CNET news > Worker's Edge > Check your Windows Update history

Question #21 of 50 Question ID: 1230909

You are a desktop support technician for your company. All client computers run Windows 10 Enterprise.

A user named Cheryl in the Research department recently downloaded and installed the latest version of the video
card driver for her computer. Now she informs you that the Windows 10 operating system is behaving erratically.
You want to restore the original version of the device driver with the least amount of impact on the overall operating
system.

Which of the following actions should you take to solve the problem?

A) Open the Device Manager applet in Control Panel. Expand the Display
Adapters section, and double-click the display adapter. Open the Driver tab
of the device's Properties dialog box, and select Update Driver.
B) Open the System applet in Control Panel, and select the System protection
option. Click the System Restore button, and load a restore point from a date
prior to when you installed the defective device driver.
C) Open the Device Manager applet in Control Panel. Expand the Display
Adapters section, and double-click the display adapter. Open the Driver tab
of the device's Properties dialog box, and select Disable.
D) Open the Device Manager applet in Control Panel. Expand the Display
Adapters section, and double-click the display adapter. Open the Driver tab
of the device's Properties dialog box, and select Uninstall.
E) Open the Device Manager applet in Control Panel. Expand the Display
Adapters section, and double-click the display adapter. Open the Driver tab
of the device's Properties dialog box, and select Roll Back Driver.

Explanation

You should perform the following steps:

1. Open the Device Manager applet in Control Panel.


2. Expand the Display Adapters section, and double-click the display adapter.
3. Open the Driver tab of the device's Properties dialog box, and select Roll Back Driver.

Device driver rollback is a feature that allows a user to restore a previous version of an updated device driver on a
system. Driver rollback affects only the specified hardware device; no other hardware or software on the computer
is affected.
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 37/109
30/10/2019 MD-100 Exam Simulation

A sample of the Properties dialog box for a device is shown in the following exhibit:

You should not open the System applet in Control Panel, select the System protection option, click the System
Restore button, and load a restore point from a date prior to when you installed the defective device driver. A
system administrator uses system restore points to save "snapshots" of a computer's overall installed device driver
base. If a driver begins to malfunction, the administrator can restore the system to a point in time prior to the failure
of the device driver by loading an appropriate system restore point. Although loading a previous system restore
point in this scenario would restore the original video device driver, doing so would adversely affect the entire
operating system by replacing all other currently installed device drivers with the versions, possibly older, that were
present on the day that the system restore point was created.

You should not open the Device Manager applet in Control Panel, expand the Display Adapters section, double-
click the display adapter, open the Driver tab of the device's Properties dialog box, and select Update Driver. This
is the method you would use to obtain the latest version of the driver. The latest version of the driver is what is
causing the problem.

You should not open the Device Manager applet in Control Panel, expand the Display Adapters section, double-
click the display adapter, open the Driver tab of the device's Properties dialog box, and select Disable. This would
completely disable the device.

You should not open the Device Manager applet in Control Panel, expand the Display Adapters section, double-
click the display adapter, open the Driver tab of the device's Properties dialog box, and select Uninstall. This
would uninstall the device driver, causing the device to no longer function.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 38/109
30/10/2019 MD-100 Exam Simulation

Objective:
Maintain Windows

Sub-Objective:
Configure system and data recovery

References:

Roll Back a Device Driver to a Previous Version

TechNet > TechNet Library > Windows Server > Windows Server 2008 and Windows Server 2008 R2 > Windows
Server Content by Category > Windows Server 2008 R2 Content by Category > Installed Help for Windows Server
2008 R2 > Device Management and Installation > Device Manager > Installing Devices and their Drivers > Roll
Back a Device Driver to a Previous Version

Question #22 of 50 Question ID: 1230828

Your company has a plant that runs three shifts. Workers share desktop computers. Users on the afternoon and
night shifts are paid hourly. Users on the day shift are salaried and require access to information after hours.

You want to ensure that users who work the day shift have their Work Folders configured on each device they log
on to without being prompted to do so.

What must you do?

A) 1. Enable Specify Work Folder settings in User


Configuration\Policies\Administrative Templates\Windows
Components\Work Folders in Group Policy Editor (GPE)
2. Specify the Workfolder URL

B) 1. Enable Specify Work Folder settings in User


Configuration\Policies\Administrative Templates\Windows
Components\Work Folders in Group Policy Editor (GPE)
2. Specify the Workfolder URL
3. Check Force automatic setup

C) 1. Enable Specify Work Folder settings in Computer


Configuration\Policies\Administrative Templates\Windows
Components\Work Folders in Group Policy Editor (GPE)
2. Specify the Workfolder URL

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 39/109
30/10/2019 MD-100 Exam Simulation

D) 1. Enable Specify Work Folder settings in Computer


Configuration\Policies\Administrative Templates\Windows
Components\Work Folders in Group Policy Editor (GPE)
2. Specify the Workfolder URL
3. Check Force automatic setup

Explanation

You should enable Specify Work Folder settings in User Configuration\Policies\Administrative


Templates\Windows Components\Work Folders in Group Policy Editor (GPE). This policy setting allows users to
receive Work Folders settings from a URL. If you check Force Automatic Setup, then Work Folders will be setup
automatically without prompting users.

This policy setting should be configured under User Configuration, not Computer Configuration. In this scenario,
you wanted to ensure that users who work the day shift have their Work Folders configured on each device they log
on to without being prompted. If you chose the Specify Work Folder settings in Computer Configuration, the
setting would apply to the computer, not to the user. When users from the afternoon and night shift use the
computer that the policy setting applies to, then anybody else who logs on to the computer during any shift will have
the policy setting applied. You should use the policy setting under User Configuration to filter by user.

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

Work Folders FAQ

TechNet Library > Windows Server > Windows Server 2012 R2 and Windows Server 2012 > Server Roles and
Technologies > File and Storage Services > Work Folders > Windows Performance Toolkit Overview

Windows Server 2012 R2 Work Folders

How to set up Work Folder using Group Policy

Question #23 of 50 Question ID: 1230883

You have several computers that run Windows 10 in the Marketing OU. You need to ensure that a computer in the
Marketing OU named WKS1 has a specific wireless configuration. You want to make sure that this configuration
remains the same if the computer reboots.

Which action should you perform?

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 40/109
30/10/2019 MD-100 Exam Simulation

A) Use the Group Policy Object Editor to edit the local computer policy on WKS1
B) Use the Group Policy Object Editor to edit a Group Policy object in the
Marketing OU and apply the GPO to WKS1
C) Use the Windows Configuration Designer on WKS1

D) Use SecEdit on WKS1

Explanation

You should use the Group Policy Object Editor to edit a Group Policy object in the Marketing OU and apply the
GPO to WKS1. You can configure the Wireless settings under \Computer Configuration\Windows
Settings\Security Settings:

You cannot use the Local Computer policy to change wireless settings. Unlike a GPO, there is not an option
configure Wireless Network (IEEE 802.11) policies.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 41/109
30/10/2019 MD-100 Exam Simulation

You should not use the Windows Configuration Designer to configure WKS1. The Windows Configuration Designer
is used to create portioning packages to configure Windows devices without imaging. The Windows Configuration
Designer may be able to configure a computer, but will not be able to reset the configuration if it has been changed.
A Group Policy Object that is applied to the computer will configure the computer with the Group Policy settings
when the computer reboots.

You cannot use SecEdit to configure Wireless policies on a local computer. This command-line utility is used to
analyze the security policy of a computer and compare the configuration against security templates.

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

References:

Docs > Windows Server > Wireless Access Deployment

Question #24 of 50 Question ID: 1230868

You have several laptops running 64-bit Windows 8 Enterprise that need to be upgraded to Windows 10. The
laptops have identical hardware with the following configuration:

64-bit processor
4 GB of RAM
520 GB drive with a FAT32 partition for the system drive and an NTFS partition for the operating system

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 42/109
30/10/2019 MD-100 Exam Simulation

The laptops support the Secure Boot feature and the Windows Connected Standby feature, but do not support TPM
version 1.2. You must ensure that data on the laptop is protected if the laptop is stolen.

What should you do?

A) Upgrade the laptops to Windows 10 Enterprise. Enable the Require


additional authentication at setup Group Policy setting for each laptop.
Enable BitLocker on the laptops.
B) Upgrade the laptops to Windows 10 Enterprise. After the upgrade, place your
mouse pointer in the upper right hand corner, choose Settings, choose
Change PC and Devices, and choose PC Info. On the right side of the
screen, you should see the Device Encryption section. Click Turn On to
enable device encryption.
C) Upgrade the laptops to Windows 10 Enterprise. Enable the Central Access
Policy Group Policy setting for each laptop. Enable BitLocker on the laptops.
D) Upgrade the laptops to Windows 10 Enterprise. After the upgrade, Device
Encryption will be enabled by default.

Explanation

You must enable BitLocker to protect the data on the laptop if the laptop is stolen. BitLocker encrypts drives on your
computer in order to protect data on drives that may be stolen from or with the computer. BitLocker is supported in
Windows 10 Pro and Enterprise editions.

You can enable native BitLocker support if the computer supports TPM version 1.2 or higher. If the computer does
not support TPM 1.2 or higher, then BitLocker will use a USB flash drive instead of a TPM chip to store the
BitLocker startup key. To enable BitLocker without TPM 1.2, you must enable the Require additional
authentication at setup Group Policy setting under Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. Finally, select the
Allow BitLocker without a compatible TPM check box.

In Windows 10, pervasive device encryption encrypts the system drive and other internal drives, just as BitLocker
does on Windows 10 and in earlier versions of Windows. Device encryption is supported on all versions of Windows
10, while BitLocker is only supported on Windows 10 Pro and Windows 10 Enterprise. Pervasive device encryption
is automatically enabled on a new installation, but it is turned off by default when upgrading. For pervasive device
encryption to work on Windows 10, the device must meet the Windows Hardware Certification Kit (HCK)
requirements, including supporting TPM 1.2 or higher, supporting Secure Boot, and Connected Standby systems.
Older computers may not meet the hardware requirements. If they do not meet the hardware standards and run the
Windows 10 Pro or Windows 10 Enterprise editions, then they can use BitLocker to encrypt the drives.

Device encryption requires a password recovery key. You must log in with a Microsoft account, such as Hotmail
account or Windows Live ID with administrative privileges, or join the computer to a domain. The recovery key will
be backed to Microsoft servers if you use a Microsoft account. The recovery key will be backed up to Active
Directory Domain Services, and encryption will be enabled if you use a domain account. With BitLocker, your

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 43/109
30/10/2019 MD-100 Exam Simulation

encryption key is not stored on Microsoft servers via your Microsoft account. You are in control of the encryption key
with BitLocker and can dictate where to store the key.

You must be able to log in with your user ID and password to access your files. If you use a Microsoft account and
forget your user ID and password, Microsoft holds the recovery key, and can authenticate your Microsoft account
credentials via the alternative means that you provided with your account, such as a phone number.

You can disable device encryption by placing your mouse pointer in the upper right hand corner, choosing Settings,
choosing System, and choosing About. On the right side of the screen, you should see the Device Encryption
section. Click Turn off to disable device encryption.

If the Device Encryption section does not appear under About, your computer does not support the hardware
requirements for Device Encryption.

You do not have to enable the Central Access Policy Group Policy setting for each laptop that does not support
TPM 1.2 in order to enable BitLocker. Central Access Policies are used with Active Directory Federation Services to
extend permissions to users and groups by applying flexible access and audit policies.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 44/109
30/10/2019 MD-100 Exam Simulation

References:

Microsoft Support > Turn on device encryption

Docs > Windows > Security > Information protection > BitLocker: Use BitLocker Drive Encryption Tools to manage
BitLockerDocs > Windows > Security > Information protection

TechNet Library > Windows Server > Windows Server 2012 R2 and Windows Server 2012 > Server Roles and
Technologies > Security and Protection > BitLocker > What's New in BitLocker for Windows 8.1 and Windows
Server 2012 R2

how-to geek > Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

Question #25 of 50 Question ID: 1230827

You are your company's systems administrator. The network contains fifteen Windows 10 computers in a
workgroup.

A user named Tom recently left your company, and his user account was disabled. Cathy has been hired as Tom's
replacement. You need to ensure that Cathy has access to all of the same resources that Tom accessed.

What should you do?

A) Change the name for Tom's user profile to Cathy, and re-enable the profile.
B) Run the User State Migration Tool (USMT) to migrate Tom's settings to Cathy's
profile.
C) Use scanstate and loadstate to migrate Tom's user profile settings to Cathy's
user profile.
D) Create a new user profile for Cathy, and copy the settings from Tom's profile to
Cathy's profile.

Explanation

You should change the name for Tom's user profile to Cathy, and re-enable the profile. This will ensure that Cathy
has access to all of the same resources that Tom accessed.

You should not create a new user profile for Cathy and copy the settings from Tom's profile to Cathy's profile. Tom's
profile has a unique security ID (SID). The only way to ensure that Cathy is able to use this SID is for her to be
given access to the same account.

You should not run USMT to migrate Tom's settings to Cathy's profile. USMT is used to migrate user settings from
one computer to another, not from one profile to another.

You should not use scanstate and loadstate to migrate Tom's user profile settings to Cathy's user profile. This is
the process you should use this process if you need to migrate a user profile from one computer to another or from
one operating system to another.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 45/109
30/10/2019 MD-100 Exam Simulation

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

How To Rename User Accounts In Windows 10

TechNet Library > Windows Server > Windows Server 2008 and Windows Server 2008 R2 > Windows Server
Content by Category > Windows Server 2008 R2 Content by Category > Installed Help for Windows Server 2008
R2 > Active Directory Domain Services > Local Users and Groups > How to ... Manage Local Users and Groups >
Rename a local user account

Question #26 of 50 Question ID: 1191078

All sales people in the Sales Organizational Unit (OU) of nutex.com have Windows 10 installed on their laptop. You
want to ensure that salespeople can ask for remote assistance when they need help while traveling out of the office.
You do not want salespeople to ask for remote assistance when they are in the office. Each sales person's laptop is
configured as follows:

What should you configure on each sales person's laptop? (Choose two. Each answer is part of the solution.)

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 46/109
30/10/2019 MD-100 Exam Simulation

A) Disallow Remote Desktop and Remote Assistance for the Private network
profile.
B) Create an inbound rule to allow TCP port 3389 for the Private network profile.
C) Allow Remote Desktop and Remote Assistance for the Public network profile.
D) Allow Remote Desktop and Remote Assistance for the Private network profile.
E) Disallow Remote Desktop and Remote Assistance for the Public network
profile.
F) Create an outbound rule to block TCP port 3389 for the Public network profile.

Explanation

You should complete the following steps to configure each sales person's laptop:

Disallow Remote Desktop and Remote Assistance for the Private network profile.
Allow Remote Desktop and Remote Assistance for the Public network profile.

You should ensure that Remote Desktop and Remote Assistance are blocked on the Private network profile and
enabled in the Public network profile in Windows Firewall. Windows Firewall can block or allow programs based on
a network profile.

You should not create an outbound rule to block TCP port 3389 for the Public network profile. TCP port 3389 is
used by remote desktop. You should have an inbound rule for this port and profile because the help desk personnel
will be connecting to the salespeople's laptop. The salespeople will not be initiating a connection to the help desk
personnel.

You should not create an inbound rule to allow TCP port 3389 for the Private network profile. You should not have
help desk personnel initiate a remote desktop connection to a salesperson's laptop on the Private network. A
remote desktop connection should only be made when the laptop is using the Public network profile.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Windows > Support > Remote Desktop Connection: FAQ

Docs > Windows > Threat protection > Windows Defender Firewall with Advanced Security

TechNet Library > Windows Server > Windows Server 2012 > Server Roles and Technologies > Networking >
Windows Firewall with Advanced Security > Windows Firewall with Advanced Security Deployment Guide >
Procedures Used in This Guide > Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista,
Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 47/109
30/10/2019 MD-100 Exam Simulation

TechNet Library > Windows Server > Windows Server 2008 and Windows Server 2008 R2 > Secure Windows
Server > Using Windows 7 and Windows Server 2008 R2: Controlling Communication with the Internet > Remote
Assistance and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2

PureInfoTech.com > Articles > How to Set Up Windows Remote Assistance in Windows 7

Question #27 of 50 Question ID: 1230853

You have the following folder named test2 on a Windows 10 computer:

You configure the gmonsalvatge user with the following permissions:

The user is not part of any other groups that have permissions on the folder.

Which of the following statements are true? (Choose two.)

A) When the user types \Research2019\test2\ttax at the Run prompt, the user
successfully runs ttax.bat
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 48/109
30/10/2019 MD-100 Exam Simulation

B) When the user types \Research2019\test2\ttax at the Run prompt, the user
will receive an error message that the user does not have permissions to run
ttax.cmd
C) When the user types \Research2019\test2\ttax at the Run prompt, the user
will receive an error message that the user does not have permissions to run
ttax.exe
D) The user cannot read the contents of rssh.txt
E) The user can read the contents of rssh.txt
F) When the user types \Research2019\test2\ttax at the Run prompt, the user
will receive an error message that the user does not have permissions to run
ttax.bat
G) When the user types \Research2019\test2\ttax at the Run prompt, the user
successfully runs ttax.exe
H) When the user types \Research2019\test2\ttax at the Run prompt, the user
successfully runs ttax.cmd

Explanation

The user will be able to read the contents of rssh.txt because the user has Read permissions to the folder, any
subfolders, and files in the directory.

The user will not be able to run a batch file, a command file, or executable file because the user has not been given
the Read & Execute permission. Because the user typed \Research2019\test2\ttax at the Run prompt without
specifying an extension, such EXE, BAT, or CMD, the operating system will check for the file in the following order:

1. First it will check for the file name with an EXE extension.
2. If there is no EXE with that name, it will check for a file with the BAT extension.
3. If there is no BAT with that name, it will check for a file with the CMD extension.

Because there is a ttax.exe file in the folder and the user does not have the Read & Execute permission, the user
will attempt to run ttax.exe, not ttax.cmd or ttax.bat. When doing so, the user will see the following error:

Objective:
Manage Devices and Data)

Sub-Objective:
Configure data access and protection

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 49/109
30/10/2019 MD-100 Exam Simulation

References:

Share and NTFS Permissions on a File Server

Docs > Windows > Security > Identity and access protection > Access Control Overview

Question #28 of 50 Question ID: 1230929

Your network contains the nutex.com Active Directory domain. The domain contains has two OUs, Marketing and
Sales. All computers in the Marketing OU run Windows 7 Enterprise Service Pack 1, and all the computers in the
Sales OU run Windows 10 Enterprise version 1803.

All computers in both the Marketing OU and Sales OU display changing background images and show tips for using
different Windows features.

You want to disable the tips and changing background images.

What should you do? (Choose two.)

A) Create a Group Policy Object (GPO) to enable the Turn off all Windows
Spotlight features setting and apply the policy to the Sales OU.
B) On all computers in the Marketing OU, disable the third-party screensaver.
C) Create a Group Policy Object (GPO) to enable the Turn off all Windows
Spotlight features setting and apply the policy to the Marketing OU.
D) Create a Group Policy Object (GPO) to enable the Turn off the Windows
Spotlight on Settings setting and apply the policy to the Sales OU.

Explanation

For the Windows 10 computers in the Sales OU, you should create a Group Policy Object (GPO) and enable the
Turn off the Windows Spotlight features setting in the GPO. When this policy is enabled, it will disable Windows
tips, Microsoft consumer features, and other related features, such as changing background images. When you
enable this policy, you can minimize network traffic.

The Windows Spotlight feature is available in Windows 10 and allows you to have background images change on a
lock screen. This feature is NOT available on Windows 7.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 50/109
30/10/2019 MD-100 Exam Simulation

Because the Windows Spotlight feature is not available on Windows 7, the computers in the Marketing OU cannot
be using the Windows Spotlight feature. There must be a third-party screensaver that is changing the background
images. You should disable the third-party screensaver on the Windows 7 computers. You cannot apply a GPO to
enable or disable Windows Spotlight features for Windows 7 computers; this only applies to Windows 10
computers.

You should not enable the Turn off the Windows Spotlight on Settings setting for a GPO applied to the Sales
OU. This setting will remove the Windows Spotlight settings in the Settings app, but does not uninstall the third-
party screensaver.

This setting does not stop the Windows spotlight. It just removes the option from the Settings app.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 51/109
30/10/2019 MD-100 Exam Simulation

Objective:
Maintain Windows

Sub-Objective:
Monitor and manage Windows

References:

Docs > Windows > Configure Windows Spotlight on the lock screen

How to fix Windows Spotlight Lock screen errors on Windows 10

How to Turn Off Windows 10 Lock Screen Tips

Question #29 of 50 Question ID: 1191148

You are the branch office administrator for the Verigon Corporation. You have a few Windows 10 computers in your
branch office. These Windows 10 computers have the default settings for Windows Updates and Automatic
Maintenance configured.

You want to ensure that all Windows updates are downloaded from the server srv55.verigon.com. This server
downloads approved updates from Microsoft Update. You want any updates to be automatically downloaded every
day and installed at 02:00 AM. You plan to test this configuration in a local security policy. If the updates are
downloaded successfully on the proper schedule, you will configure the settings in a Group Policy object that will be
applied to this branch office and other branch offices.

What must you configure? (Select the group policy setting(s) that you should enable by clicking the policies.)

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 52/109
30/10/2019 MD-100 Exam Simulation

A) 200,336,800,351
B) 200,486,800,501
C) 200,306,800,321
D) 200,426,800,441
E) 200,351,800,366
F) 200,321,800,336
G) 200,441,800,456
H) 200,85,800,100
I) 200,456,800,471
J) 200,100,800,115
K) 200,381,800,396
L) 200,366,800,381
M) 200,396,800,411
N) 200,276,800,291
O) 200,115,800,130
P) 200,411,800,426
Q) 200,291,800,306
R) 200,471,800,486

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 53/109
30/10/2019 MD-100 Exam Simulation

S) 200,501,800,516

Explanation

The correct policy settings that should be enabled are shown in the following graphic:

The Maintenance Scheduler group policy settings in the top of the exhibit are located in the Computer
Configuration > Administrative Templates > Windows Components > Maintenance Scheduler node. The
Windows Update group policy settings in the bottom of the exhibit are located in the Computer Configuration >
Administrative Templates > Windows Components > Windows Update node.

You should enable the Configure Automatic Updates policy setting and set this policy to Auto download and
schedule the install, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 54/109
30/10/2019 MD-100 Exam Simulation

For Windows 7 and earlier computers, the schedule configured here would apply. However, Windows 10 controls
the scheduling using the Automatic Maintenance feature. For Windows 10, you would need to configure the update
schedule in the Maintenance Scheduler group policy section.

You should also enable the Specify intranet Microsoft Update service location policy and specify the intranet
update service for detecting updates as srv55.verigon.com, which is a WSUS server. With this configuration, the
Windows 10 computer will pull updates from srv55.verigon.com instead of using the Windows update servers.

You should enable the Automatic Maintenance Activation Boundary setting and set it to 2:00 a.m., as shown in
the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 55/109
30/10/2019 MD-100 Exam Simulation

This will ensure that the Windows 10 computers will be scheduled to perform maintenance at 2:00 a.m. The default
settings on Windows 10 computers are to perform maintenance at 3:00 a.m.

You should also enable the Automatic Maintenance Wakeup Policy setting as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 56/109
30/10/2019 MD-100 Exam Simulation

This setting ensures that the wake-up policy is configured by group policy settings, not by the local settings.
However, if Windows 10 Automatic Maintenance does not have the Allow scheduled maintenance to wake up
my computer at the scheduled time option enabled, then the group policy will not work. By default, the Allow
scheduled maintenance to wake up my computer at the scheduled time option is enabled. You access this
setting by expanding the Maintenance section in Action Center, and clicking the Change maintenance settings
option.

You should not enable the Turn on Software Notifications group policy setting, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 57/109
30/10/2019 MD-100 Exam Simulation

This setting allows users to receive detailed enhanced notification messages about downloaded updates. This
option will not allow you to change how updates are downloaded or specify which server will be the source of the
updates.

There are also some Windows Update group policy settings that can be configured in User Configuration >
Administrative Templates > Windows Components > Windows Update node, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 58/109
30/10/2019 MD-100 Exam Simulation

The Remove access to use all Windows Update features group policy setting removes all Windows Update
features from the operating system's user interface. It also allows you to configure the types of notifications that
occur.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

Download Center > Group Policy Settings Reference for Windows and Windows Server

TechNet Library > Systems Management > Update Management > Windows Server Update Services > Windows
Server Update Services 3.0 SP2 > Deployment > Windows Server Update Services 3.0 SP2 Deployment Guide >
Update and Configure the Automatic Updates Client Computer > Configure Automatic Updates using Group Policy

Question #30 of 50 Question ID: 1230895

Your company has an Active Directory domain named verigon.com. All servers in the domain run Windows Server
2016, and all domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2. All sales people
use laptops that run Windows 10 and are members of the verigon.com domain.

Sales people must be able to connect to the VPN when they are out of the office. Specifically, they must be able to
connect to the VPN when an application is launched if they are not connected to the corporate network. The sales
person must be able to use the application to connect to a database on a SQL Server 2016 server in the
verigon.com domain. If the sales people are in the corporate headquarters and physically connected to the
corporate network, the application should not auto-trigger a VPN connection.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 59/109
30/10/2019 MD-100 Exam Simulation

You need to configure the following on one of the sales people's laptops:

Add the application for which the VPN connection is triggered to the sales person's VPN profile using the Add-
VpnConnection cmdlet.
Configure a trusted network list of DNS suffixes that are matched with the connection-specific DNS suffix on the
physical interface of the laptop.

You run the following script:

$vpn = Verigon VPN


$app = C:\Program Files (x86)\KaplanIt Learning\ItCertification\ItCertification.exe
Add-VpnConnectionTriggerApplication -Name $vpn -ApplicationID $app
Set-VpnConnection -Name $vpn -SplitTunneling $True
Set-VpnConnection -Name $vpn -IdleDisconnectSeconds 9
Add-VpnConnectionTriggerTrustedNetwork -Name $vpn -DnsSuffix nutex.com, metroil.com

When the sales person launches the application from a remote location, a VPN connection is NOT made. What
could be the reason auto-triggering is not working in this scenario?

A) Logging for the VPN connection has not been configured.


B) The domain functional level of the verigon.com domain must be set to
Windows Server 2012.
C) The laptop is a member of the domain.
D) The VPN profile has split tunneling enabled.

Explanation

The most likely solution is that auto-triggering failed because the laptop was a member of the domain. The auto-
triggering of VPN connections will not work on domain-joined machines.

Microsoft Intune and System Center 2012 R2 Configuration Manager support configuring auto-triggering properties
in Windows 10 devices for VPN connections. Besides using the Add-VpnConnectionTriggerApplication cmdlet to
associate an application with a VPN profile, you can use System Center 2012 R2 Configuration manager to
associate an application with a VPN profile in order to automatically connect to a VPN.

You can use the set name suffixes that will trigger a VPN connection whenever a resource belonging to the name
suffix is accessed. You can use the Add-VpnConnectionTriggerDnsConfiguration cmdlet or Configuration
Manager to configure this.

All other choices are incorrect.

Auto-triggering is supported for a VPN profile that has split tunneling enabled. If the split tunneling is disabled, then
auto-triggering is not supported.

The domain functional level does not have to be Windows Server 2012. The auto-triggering is a function of the
Windows 10 client, not the server.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 60/109
30/10/2019 MD-100 Exam Simulation

VPN logging does not have to be enabled to ensure auto-triggering. However, you can enable VPN logging to
troubleshoot problems. You explicitly enable logging on a Windows 10 computer by typing the following at the
command prompt:

Netsh ras set tr * en

This command will create RAS tracing logs as an HTML file. You can view the RAS tracing logs by using the
following command:

Netsh ras diagnostics show all type= file destination= c:\temp\logs

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

References:

Auto-Triggering VPNs in Windows 10

TechNet Blogs > Automatically Triggering VPN Connections and VPN Diagnostics Enhancements in Windows 8.1
TechNet Library > Windows Server > Windows Server 2012 R2 and Windows Server 2012 > Server Roles and
Technologies > Networking > Remote Access > Routing and Remote Access Service (RRAS) > Windows Server
2012 R2 Test Lab Guide: Demonstrate VPN Auto trigger

Question #31 of 50 Question ID: 1230826

You are the administrator for the Verigon Corporation. Verigon has purchased another company, Metroil, and will
integrate the company into the Verigon domain. You have installed Windows 10 on several computers. Windows 7
is stored in the c:\Windows.old directory. You have attached an external drive to each computer.

You want to perform an offline migration of all user state settings. You want to make sure that the user settings for
all metroil domain users who logged on the computer under the previous version of Windows will NOT appear on
the new installation of Windows 10.

What commands should you run? (Choose two.)

A) loadstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml


/v:13 /offlinewindir:c:\windows.old /ue:metroil\*

B) loadstate /i:migapp.xml /i:miguser.xml


/offlinewindir:c:\windows.old /ue:*\* /ui:*

C) scanstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml


/v:13 /offlinewindir:c:\windows.old /ue:metroil\*

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 61/109
30/10/2019 MD-100 Exam Simulation

D) loadstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml


/v:13 /offlinewindir:c:\windows.old /ue:*\* /ui:*

E) scanstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml


/v:13 /offlinewindir:c:\windows.old /ue:*\* /ui:*

F) scanstate /i:migapp.xml /i:miguser.xml


/offlinewindir:c:\windows.old /ue:*\* /ui:*

Explanation

You should run the following commands:

scanstate /i:migapp.xml /i:miguser.xml /offlinewindir:c:\windows.old /ue:*\* /ui:*

loadstate /i:migapp.xml /i:miguser.xml /offlinewindir:c:\windows.old /ue:*\* /ui:*

You can run the scanstate command on a computer that is offline by booting the computer to the Windows
Preinstallation Environment (Windows PE). If the computer already has Windows 10 installed, but has a previous
version of Windows stored in another directory, you can use scanstate to retrieve the user state settings from a
previous Windows directory and store the information. After all applications are reinstalled, you should run
loadstate to restore any personal files and user state settings.

You can use the /i: parameter to specify MigApp.xml, MigSys.xml, MigUser.xml, or any custom .xml file. The
MigApp.xml file is used to control which application settings are migrated. The applications specified in this file can
be included or excluded from the migration. The MigUser.xml file is used to identify which user folders, files, file
types, and desktop settings are migrated. The MigSys.xml file was typically only used for Windows XP targets, and
contains information that controls operating systems and browser settings to be migrated.

The Config.xml file is a custom file that is created by using the /genconfig special switch with the scanstate
command. You can use this option to generate a custom configuration file that meets organizational requirements.
You can use the Config.xml file to exclude certain operating-system settings.

You should run scanstate on a computer to retrieve the user state settings from a previous Windows directory. You
can specify either the /offlinewindir: or /offlinewinold: parameters.

/offlinewindir: – This specifies the offline Windows directory to retrieve the user state from. You must specify
the correct path, such as C:\WINDOWS.OLD or C:\WINDOWS.001
/offlinewinold: – This parameter is intended to be used only if the offline Windows directory is set to
WINDOWS.OLD.

You can specify which users to include in a migration. You can use the following parameters to include or exclude
users.

/all: – Migrates all user accounts that are on the computer. This is the default option. This parameter cannot be
used with the /genconfig parameter.
/ui: – Migrates users that you include. This parameter cannot be used with the /genconfigparameter
parameter.
/ue: – Allows you to exclude users from being migrated. This parameter cannot be used with the /genconfig
parameter.
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 62/109
30/10/2019 MD-100 Exam Simulation

You can use /ue:*\* /ui:* to exclude all domain users and include only local (non-domain) users.

You should not run the following scanstate commands:

scanstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml /v:13


/offlinewindir:c:\windows.old /ue:metroil\*

or

scanstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml /v:13


/offlinewindir:c:\windows.old /ue:*\* /ui:*

In these statements, the /genconfig parameter and the /ue parameter are used together. These parameters cannot
be used together.

You should not run the following loadstate commands:

loadstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml /v:13


/offlinewindir:c:\windows.old /ue:*\* /ui:*

or

loadstate /i:migapp.xml /i:miguser.xml /genconfig:config.xml /v:13


/offlinewindir:c:\windows.old /ue:metroil\*

In these statements, the /genconfig parameter and the /ue parameter are used together. These parameters cannot
be used together.

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

Docs > User State Migration Tool (USMT) Overview

Docs > Windows > Deployment > User State Migration Tool (USMT) Technical Reference > USMT XML Reference
> Config.xml File

Microsoft Docs > Windows > Deployment > User State Migration Tool (USMT) Command-line Syntax

Microsoft Docs > Windows > Deployment > Windows 10 deployment scenarios and tools

TechNet > TechNet Library > LoadState Syntax

TechNet > TechNet Library > ScanState Syntax

Question #32 of 50
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 63/109
30/10/2019 MD-100 Exam Simulation

Question ID: 1191050

You administer the enterprise network for your company. The network contains Windows Server 2012 R2 servers
and Windows 10 computers. Most of the Windows 10 computers are laptops.

Users are changing wireless, power, and volume settings from a tool that is included on the Windows 10 laptops.
You have decided to remove the central tool from the laptops to ensure that users cannot change these settings as
easily. You hope that this change will reduce the problems users are experiencing.

You need to prevent users from being able to change commonly used laptop settings in one spot.

You open the User Configuration > Administrative Templates > Windows Components node in the Group
Policy object editor. You need to select the appropriate node from the right-hand pane that will disable the tool being
used by the users to change their settings.

Click the image to select the node from the right-hand pane that you need to expand.

A) 328,255,558,270
B) 564,170,723,185
C) 564,323,723,338
D) 328,357,558,372
E) 564,238,723,253
F) 564,221,723,236

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 64/109
30/10/2019 MD-100 Exam Simulation

G) 328,119,558,134
H) 564,187,723,202
I) 328,238,558,253
J) 564,153,723,168
K) 564,375,723,390
L) 564,392,723,407
M) 328,392,558,407
N) 328,170,558,185
O) 328,272,558,287
P) 564,272,723,287
Q) 328,306,558,321
R) 328,323,558,338
S) 564,136,723,151
T) 328,136,558,151
U) 328,85,558,100
V) 564,289,723,304
W) 328,340,558,355
X) 328,409,558,424
Y) 328,289,558,304
Z) 564,306,723,321
AA)564,102,723,117
AB)328,375,558,390
AC)564,119,723,134
AD)564,204,723,219
AE)564,357,723,372
AF)328,221,558,236
AG)328,153,558,168
AH)564,255,723,270
AI) 328,204,558,219
AJ)328,102,558,117
AK)564,340,723,355
AL)564,85,723,100
AM)328,187,558,202
AN)328,426,558,441

Explanation

You should select the Windows Mobility Center node, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 65/109
30/10/2019 MD-100 Exam Simulation

The Windows Mobility Center is a tool included with Windows 7, Windows 8, and Windows 10 that allows users to
adjust the display brightness and volume, check the battery status, change the power settings, and turn wireless on
and off. The Windows Mobility Center node contains the Turn off Windows Mobility Center policy setting, as
shown in the following exhibit:

None of the other nodes in the right-hand pane contains any policy settings that disable Windows Mobility Center,
which is the tool that the users are using.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 66/109
30/10/2019 MD-100 Exam Simulation

Objective:
Deploy Windows

Sub-Objective:
Perform post-installation configuration

References:

Windows > Windows 7 Features > Windows Mobility Center

Windows 10 How to Access and Utilize Mobility Center Settings

Question #33 of 50 Question ID: 1230897

A user has a Windows 10 computer, a wireless printer, and a wireless mobile device. The user often travels to
locations that do not have any wireless networks available. The user takes all of his wireless devices with him when
he travels. You need to ensure that this user's devices are able to communicate with each other when he travels.

What should you do?

A) Configure VPN Fast Reconnect.


B) Configure a SmartScreen filter.
C) Configure synchronization in Sync Center.
D) Configure Windows To Go.
E) Configure BitLocker.
F) Configure Wi-Fi Direct.
G) Configure Secure Boot.

Explanation

You should configure Wi-Fi Direct to allow the user's devices to communicate with each other while they are in
close proximity. This feature allows a Windows 10 computer to act as a wireless router, thereby allowing other
devices to connect to the computer.

You should not configure Windows To Go. This version of the Windows operating system allows you to create a
Windows To Go workspace on a USB flash drive. This drive can then be used to boot a computer.

You should not configure BitLocker. This feature will encrypt the entire contents of a hard drive.

You should not configure synchronization in Sync Center. Synchronization works with the Offline Files feature that
allows users to access files even when they are not connected to the network. The versions of the files are synced
between the devices either on a regular schedule, when certain events occur, or manually.

You should not configure VPN Fast Reconnect. This VPN feature automatically reconnects to a VPN should the
primary Internet connection fail and then reconnect. This feature keeps users from having to continually reconnect
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 67/109
30/10/2019 MD-100 Exam Simulation

to the VPN when they are using an unreliable Internet connection.

You should not configure Secure Boot. This feature increases computer security by ensuring that unauthorized
operating systems cannot be installed on the computer.

You should not configure SmartScreen filter. This security feature introduced in Windows 8 helps protect you from
downloading potentially harmful software.

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

References:

Docs > Windows > Using Wi-Fi Direct on your Windows 10 IoT Core device

channel9.msdn.com > Events > Build > Build2011 > Understanding Wi-Fi Direct in Windows 8

WiseGeek.com > What is Wi-Fi Direct?

Question #34 of 50 Question ID: 1230874

You have 50 Windows 10 computers that are protected by BitLocker, which requires the provision of a startup key.
You frequently need to roll out software updates when the computers are hibernating or turned off.

What action could you take to ensure that the systems can start when needed without the startup key?

A) Publish a data recovery agent by using a GPO.


B) Implement the BitLocker Network Unlock feature.
C) Enable the Store BitLocker recovery information in Active Directory
Domain Services group policy setting.
D) Enable the Turn on TPM backup to Active Directory Domain Services
group policy setting.

Explanation

You should implement the BitLocker Network Unlock feature by enabling the Allow network unlock at startup
group policy setting. This group policy setting is located in the Computer Configuration/Windows
Settings/Security Settings/Public Key Policies/BitLocker Drive Encryption node.

The BitLocker Network Unlock feature provides automatic unlocking of operating system volumes at system reboot
when they are connected to a wired corporate network. This feature requires the client hardware to have a DHCP
driver implemented in its UEFI firmware. Network Unlock allows BitLocker-enabled systems that have TPM+PIN
and meet the hardware requirements to boot into Windows without user intervention.
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 68/109
30/10/2019 MD-100 Exam Simulation

You should not publish a data recovery agent by using a GPO. This technique is used to designate a recovery
agent for encrypted drives. This can be used, for example, to ensure that users of BitLocker To Go who forget their
password can unencrypt the drives using the recovery agent certificate thumbprint.

You should not enable the Turn on TPM backup to Active Directory Domain Services group policy setting. This
group policy setting is located in the Computer Configuration > Administrative Templates > System > Trusted
Platform Module Services node. This setting will ensure that the TPM owner information is backed up to a central
location. If you later needed to unlock a protected volume, you would need to know the user's login name and the
computer's name to retrieve the recovery password from Active Directory Domain Services. If the user does not
know the name of the computer, the computer name is supplied in the first word of the Drive Label in the BitLocker
Drive Encryption Password Entry user interface. If multiple recovery passwords are stored under a computer object
in AD DS, the name of the BitLocker recovery information object includes the date that the password was created.

You should not enable the Store BitLocker recovery information in Active Directory Domain Services group
policy setting. This setting manages the Active Directory Domain Services (DS) backup of BitLocker recovery
information for Windows Server 2008 and Windows Vista devices. For Windows Server 2012 and above and
Windows 7 and above, you should manage this activity using the Turn on TPM backup to Active Directory
Domain Services setting in the Computer Configuration > Administrative Templates > System > Trusted
Platform Module Services node.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows > BitLocker: How to Enable Network Unlock

Docs > Windows > BitLocker Group Policy settings

Docs > Windows > Security > Information protection > BitLocker: Use BitLocker Drive Encryption Tools to manage
BitLocker

Question #35 of 50 Question ID: 1230910

Your company's network contains 25 Windows 10 Enterprise computers. You are responsible for maintaining these
computers.

You determine that there is a driver update for the sound card that is installed in all the Windows 10 computers. You
need to ensure that you can return the computers back to their previous state if the driver update causes problems,
using the least amount of administrative effort.

What should you do?

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 69/109
30/10/2019 MD-100 Exam Simulation

A) Click the Turn on button in the File History applet of Control Panel.
B) Click the Create a recovery drive option in the Recovery applet of Control
Panel.

C) Click System Image Backup in the File History applet of Control Panel.
D) Select the System Protection option in the System applet of Control Panel,
and click the Create button on the System Protection tab of the System
Properties dialog box.

Explanation

You should select the System Protection option in the System applet of Control Panel, and click the Create button
on the System Protection tab of the System Properties dialog box. If you create a restore point before updating
drivers or applications, you will be able to use the created restore point to return a computer to its state before that
update occurred.

You should not click the Turn on button in the File History applet of Control Panel. The File History feature in
Windows 10 retains the file history of user files to ensure that users can recover a previous version of documents,
pictures, and other user files.

You should not click the Create a recovery drive option in the Recovery applet of Control Panel. A recovery drive
will allow you to boot to the system recovery options to recover Windows 10. While this can help to recover from
driver issues, it does not use the least amount of administrative effort.

You should not click System Image Backup in the File History applet of Control Panel.

While a system image can be used to restore a Windows 10 computer, it does not use the least amount of
administrative effort to recover from a driver update issue.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 70/109
30/10/2019 MD-100 Exam Simulation

Objective:
Maintain Windows

Sub-Objective:
Configure system and data recovery

References:

How to schedule a Windows System Image backup (step-by-step)

TechNet > Windows Server 2012 R2 and Windows Server 2012 > Management and Tools > Command-Line
Reference > Wbadmin > Wbadmin start backup

Scheduled system image backup windows 8.1

TechNet > TechNet Blogs > IT Pros ROCK! at Microsoft > Backup and Recovery of Windows 8 - Tip of the Day

Question #36 of 50 Question ID: 1230845

A user in your domain, named Jane, complains that when she tries to connect to a local intranet site, she sees the
following message:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 71/109
30/10/2019 MD-100 Exam Simulation

The server that holds the Web site is on the same local subnet as the Jane's computer. All computers use a single
proxy server to connect to the Internet. The proxy server is on a different subnet than Jane's computer. Other users
on the same subnet and other subnets can connect to the intranet site. Jane can ping the server that holds the Web
site and can connect to different Web sites on the Internet via Internet Explorer.

What could be the problem with Jane's computer?

A) The wrong default gateway is configured.


B) The wrong address for the proxy server is configured.
C) The Don’t use the proxy server for local (intranet) addresses setting is not
checked in the default domain policy.
D) The Don’t use the proxy server for local (intranet) addresses setting is not
checked on Jane's computer.

Explanation

Jane's computer should have the Don’t use the proxy server for local (intranet) addresses option checked in
Control Panel > Network & Internet > Proxy:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 72/109
30/10/2019 MD-100 Exam Simulation

If this option is not checked, the proxy server will attempt to resolve this address. In this scenario, Jane is on the
same subnet as the computer that hosts this site. This could pose a problem if the proxy server thinks that the
address of the Web site is different.

Jane has the correct default gateway configured. A default gateway address for a computer is the address of the
near side (within the same subnet) of the router through which that computer can reach other subnets or networks,
or to the Internet. Jane was able to connect to different Web sites on the Internet. Since all computers use the proxy
server to connect to the Internet, Jane was able to connect to the proxy server that was on a different subnet.
Jane's default gateway must be configured correctly to connect with the proxy server that is on a different subnet.

Jane has the correct proxy server configured. Since all computers use a single proxy server to connect to the
Internet, Jane was able to visit other Web sites via her browser. Jane was able to connect to the proxy server.

The default domain policy is applied at the domain level and will affect all users and computers in the domain. If the
Don’t use the proxy server for local (intranet) addresses setting were not checked in the default domain policy,
it would have affected all other users, including those users on the same subnet as Jane. Since other users on the
same subnet and other subnets can connect to the intranet site, this setting must be checked in the default domain
policy.

Objective:
Deploy Windows

Sub-Objective:
Perform post-installation configuration

References:

Configure Internet Explorer to Use a Proxy Server

Question #37 of 50 Question ID: 1230830

Your company has several Windows 7, Windows 8.1, and Chromebook laptops that require Windows 10 for a new
application. You need to evaluate the Upgrade Readiness tool.

Which of the following upgrades will require you to reinstall applications and personal data?

A) 32-bit version of Windows 7 Pro to 32-bit version of Windows 10 Pro


B) 32-bit version of Windows 8.1 Pro to 32-bit version of Windows 10 Pro
C) 64-bit version of Windows 7 Pro to 64-bit version of Windows 10 Pro
D) 32-bit version of Windows 7 Pro to 64-bit version of Windows 10 Pro

Explanation

Although it is possible to upgrade from a licensed 32-bit version of Windows 7 Pro to a 64-bit version of Windows
10 Pro, doing so requires two steps. First, you must upgrade to the 32-bit version of Windows 10 Pro. The upgrade
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 73/109
30/10/2019 MD-100 Exam Simulation

process will give you a Windows 10 license. Next, you would download the 64-bit version of Windows 10, create the
install media, insert the Windows 10 install media, and perform a clean installation of Windows 10. This means you
will have to reinstall applications and restore personal data.

In-place upgrades retain all applications and personal data. They are supported for the following versions:

32-bit version of Windows 7 Pro to 32-bit version of Windows 10 Pro


64-bit version of Windows 7 Pro to 64-bit version of Windows 10 Pro
32-bit version of Windows 8.1 Pro to 32-bit version of Windows 10 Pro

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit

Docs > Windows > Deployment > Windows 10 upgrade paths

answers.microsoft.com > Forum Article > How to migrate to Windows 10 64 bit from 32 bit versions of Windows

Question #38 of 50 Question ID: 1230870

Your company's network contains 25 Windows 10 Pro computers in a workgroup. One of the Windows 10 Pro
computers, named Research1, contains valuable proprietary information on your company's products. Research1
does not contain a TPM chip.

You have been asked to encrypt the drives located on Research1 to provided added security for the data it
contains. You need to ensure that the computer can only be booted if the user enters the appropriate key at startup.
You must ensure that this key is backed up to a USB flash drive.

On Research1, you enter gpedit.msc. When the Local Group Policy Editor opens, you open the Computer
Configuration Policies \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \
Operating System Drives node and double-click the Require additional authentication at startup option. You
enable the feature, select the Allow BitLocker without a compatible TPM option, and click Apply and OK. You
then turn on BitLocker for the computer's hard drive and restart the computer. What should you do next?

A) During the reboot process, select the Require a Startup Key at every startup
option on the BitLocker Drive Encryption (C:) dialog box, enter the startup
key, and select the drive you want to use to back up the startup key.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 74/109
30/10/2019 MD-100 Exam Simulation

B) During the reboot process, select the Require a PIN at every startup option
on the BitLocker Drive Encryption (C:) dialog box, and enter the PIN. Once
the reboot is finished, open the BitLocker Drive Encryption applet in Control
Panel, and select the Back up recovery key option.
C) During the reboot process, select the Require a Startup Key at every startup
option on the BitLocker Drive Encryption (C:) dialog box, and enter the
startup key. Once the reboot is finished, open the BitLocker Drive
Encryption applet in Control Panel, and select the Back up recovery key
option.
D) During the reboot process, select the Require a PIN at every startup option
on the BitLocker Drive Encryption (C:) dialog box, enter the PIN, and select
the drive you want to use to back up the PIN.

Explanation

You should select the Require a Startup Key at every startup option on the BitLocker Drive Encryption (C:)
dialog box, enter the startup key, and select the drive you want to use to back up the startup key during the reboot
process. The startup key can only be backed up during the reboot that is part of the initial BitLocker encryption
process. You can back up the startup key to any non-operating system drive, including USB flash drives.

You should not select the Require a Startup Key at every startup option on the BitLocker Drive Encryption (C:)
dialog box, and enter the startup key during the reboot process, and open the BitLocker Drive Encryption applet
in Control Panel once the reboot is finished, and select the Back up recovery key option. This will back up the
recovery key, not the startup key. While backing up the recovery key is important, backing up the recovery key was
not a requirement in this scenario.

You should not select the Require a PIN at every startup option on the BitLocker Drive Encryption (C:) dialog
box, enter the PIN, and select the drive you want to use to back up the PIN during the reboot process. This will
create a startup PIN, not a startup key.

You should not select the Require a PIN at every startup option on the BitLocker Drive Encryption (C:) dialog
box during the reboot process, and enter the PIN, and open the BitLocker Drive Encryption applet in Control
Panel once the reboot is finished, and select the Back up recovery key option. This will create a startup PIN, not a
startup key. In addition, this will back up the recovery key, not the startup key.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows > Trusted Platform Module Technology Overview

HowToGeek.com > How To > How to Use BitLocker Drives Without TPM

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 75/109
30/10/2019 MD-100 Exam Simulation

Docs > Windows > Security > Information protection > BitLocker: Use BitLocker Drive Encryption Tools to manage
BitLocker

Question #39 of 50 Question ID: 1191140

You have several Windows 10 computers in the Marketing department. All of the users in the Marketing department
have complained that an application fails to run properly. After contacting the application manufacturer, they
suggest uninstalling the following update:

KB4487038 - Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64

What action should you perform on each Windows 10 computer? Choose the appropriate troubleshooting steps and
place them in the correct order.

{UCMS id=5724874314088448 type=Activity}

Explanation

You should choose the following actions:

1. Press the [Windows] key + [I] key to open Settings


2. Choose Windows Update
3. Choose View Update History
4. Choose Uninstall updates
5. Choose KB4487038, right click, and choose Uninstall

You have two different types of updates with Windows 10: feature updates and quality updates.

Feature Updates - This type of update actually installs a new version of Windows. Microsoft recommends that
you make a full backup of your existing files before installing this type of update. A feature update becomes
available every six months (Semi-Annual) and is generally larger than a quality update.
Quality Updates - This type of update is a cumulative update. It is a mandatory update that your device
downloads typically every month through Windows Update on the second Tuesday of the every month.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 76/109
30/10/2019 MD-100 Exam Simulation

The Update for Adobe Flash Player for Windows 10 patch would appear under Quality Updates. However, to
uninstall this updated or any other updates, you would choose Uninstall updates.

From the Installed Updates page, find the update, right-click, and choose Uninstall.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 77/109
30/10/2019 MD-100 Exam Simulation

You should not choose System from the Settings menu. System will allow you to change the display, sound,
notifications, and other settings, but will not allow you to change the status of the update.

You should not choose Apps from the Settings menu. Apps will allow you to manage optional features of apps and
manage app execution aliases.

You should not choose Feature Updates or Quality Updates. Updates are displayed by Feature Updates or Quality
Updates under Updates History, but you should choose to uninstall a Feature or Quality update by choosing
Uninstall Updates from Update History.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

How to Undo a Windows Update

The difference between Windows 10 'feature updates' and 'quality updates'

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 78/109
30/10/2019 MD-100 Exam Simulation

Question #40 of 50 Question ID: 1230878

Joe has encrypted a file named file.doc on a Windows 10 virtual machine named WKS1. Joe moves the file to
another Windows 10 computer named WKS2. Jane needs to have access to the file on WKS2. What should be
done to allow Jane access to the file?

A) Jane must run CIPHER /ADDUSER /USER:Jane file.doc on WKS2.


B) Jane must add her Encrypting File System (EFS) certificate to the file.

C) Joe needs to add Jane's Encrypting File System (EFS) certificate to the file.
D) Joe must run CIPHER /ADDUSER /USER:Jane file.doc on WKS2.

Explanation

Joe should add Jane's Encrypting File System (EFS) certificate to the file. Joe would first have to export the EFS
certificate and key from WKS1 to WKS2. Joe would not be able to access the file on WKS2 without the key. For
Jane to access the file on WKS2, Joe would have to add Jane's certificate to the file.

You should not have Jane add her Encrypting File System (EFS) certificate to the file. The file has been encrypted
by Joe. Joe would have to export the EFS certificate from WKS1 and import the certificate to WKS2. Joe would also
have to add Jane's EFS certificate to the file before she could access it. The file would be encrypted for Jane until
Joe adds her EFS certificate to the file.

You should not have either Jane or Joe run CIPHER /ADDUSER /USER:Jane file.doc on WKS2. You can use
CIPHER /ADDUSER to add a user's Encrypting File System (EFS) certificate to a file. The user who encrypted the
file, Joe, would need to add Jane's certificate to the file before she could access it. Jane would not be able to add
her certificate to the file because the file is encrypted. Joe would need to run the CIPHER command. This command
fails to include the /CERTHASH or /CERTFILE parameter that is used to specify the certificate.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Windows Help and How-to > Troubleshoot encrypted files and folders

Question #41 of 50 Question ID: 1230858

You are the administrator of an Active Directory domain. All servers run Windows Server 2012 R2, and all client
computers run Windows 10. In the future, you want to be able to find which user has changed Windows registry
keys on the computers in the domain.

What should you do?


https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 79/109
30/10/2019 MD-100 Exam Simulation

A) Create a Group Policy object, and link it to the domain. Enable the Specify
the default quota limit and warning level group policy under the Computer
Configuration/Administrative Templates/System/Disk Quotas node.
B) Create a Group Policy object, and link it to the domain. Enable the Enable
disk quotas group policy under the Computer Configuration/Administrative
Templates/System/Disk Quotas node.
C) Create a Group Policy object, and link it to the domain. Enable the Enforce
disk quota limit group policy under the Computer
Configuration/Administrative Templates/System/Disk Quotas node.
D) Edit the Default Domain Controllers policy. Enable the Enable disk quotas
group policy under the Computer Configuration/Administrative
Templates/System/Disk Quotas node.
E) Edit the Default Domain Controllers policy. Enable the Audit privilege use
group policy under the Computer Configuration/Windows Settings/Security
Settings/Local Policies/Audit Policy node.
F) Create a Group Policy object, and link it to the domain. Enable the Audit
privilege use group policy under the Computer Configuration/Windows
Settings/Security Settings/Local Policies/Audit Policy node.
G) Create a Group Policy object, and link it to the domain. Enable the Audit
object access group policy under the Computer Configuration/Windows
Settings/Security Settings/Local Policies/Audit Policy node.
H) Create a Group Policy object, and link it to the domain. Enable the Audit
policy change group policy under the Computer Configuration/Windows
Settings/Security Settings/Local Policies/Audit Policy node.

Explanation

You should create a Group Policy object (GPO), link it to the domain, and enable the Audit object access group
policy under the Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy
node. The Audit object access policy allows you to enable auditing on files and registry keys. To enable auditing
for files, you must have Audit object access policy enabled in a GPO or local security policy, and you must enable
auditing on the file, directory, or volume.

You should not enable the Audit policy change group policy under the Computer Configuration/Windows
Settings/Security Settings/Local Policies/Audit Policy node. This policy audits attempts to change user rights
assignment policy, audit policy, account policy, or trust policy. This policy will not audit attempts to the registry.

You should enable the Audit privilege use group policy under the Computer Configuration/Windows
Settings/Security Settings/Local Policies/Audit Policy node. This policy audits each instance of a user
exercising a user right. This policy will not audit attempts to the registry.

You should not edit the Default Domain Controllers policy. This policy will only affect the computers that are
contained in the Default Domain Controllers Organizational Unit (OU). These computers are domain controllers, not

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 80/109
30/10/2019 MD-100 Exam Simulation

client computers.

The audit policies that are available are shown in the following exhibit:

You should not enable the Enable disk quotas group policy under the Computer Configuration/Administrative
Templates/System/Disk Quotas node. This policy is used to enable or disable disk quota management. Disk
quota management is a feature in Windows that allows administrators to control the amount of hard drive space that
a user can use. The disk quota policies that can be configured are shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 81/109
30/10/2019 MD-100 Exam Simulation

You should not enable the Enforce disk quota limit group policy under the Computer
Configuration/Administrative Templates/System/Disk Quotas node. This policy is used to control whether disk
quota limits are enforced. If this policy is enabled, users will be unable to use more space than their disk quota
policy states. If this policy is disabled, users can exceed the amount in the quota policy.

You should not enable the Specify the default quota limit and warning level group policy under the Computer
Configuration/Administrative Templates/System/Disk Quotas node. This policy is used to configure the disk
quota limit and the warning level. The warning level must be configured at a lower amount than the quota limit.

Objective:
Manage Devices and Data)

Sub-Objective:
Configure devices by using local policies

References:

TechNet > TechNet Library > Windows > Windows Server 2008 and Windows Server 2008 R2 > Browse Windows
Server Technologies > Security and Protection > Security Auditing > Security Audit Policy Reference > Audit Policy
Settings Under Local Policies\Audit Policy

Question #42 of 50 Question ID: 1230901

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 82/109
30/10/2019 MD-100 Exam Simulation

Your company has an Active Directory domain named nutex.com. All client computers in the domain run Windows
10. You have a computer named wks1 in your department that is having issues with a sound card. You have
ordered a new sound card, but need to disable the existing sound card device. You create the following script on a
share on a server to temporarily fix the problem temporarily:

Get-Device | where {$_.name -like "Acme Sound*"} | Disable-Device

Get-Device | where {$_.name -like " Acme Sound*"} | Enable-Device

What should you run on your computer to resolve the issue on the other computer?

A) On your computer, run the following:


Enable-PsRemoting -Force
On wks1 enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Invoke-Command -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

B) On your computer, run the following:


Enable-PsRemoting -Force
On wks1, enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Start-Process -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

C) On wks1. run the following:


Enable-PsRemoting -Force
Enable-PsRemoting -Force
On your computer, enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Start-Process -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

D) On wks1. run the following:


Enable-PsRemoting -Force
On your computer, enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Invoke-Command -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 83/109
30/10/2019 MD-100 Exam Simulation

E) On your computer, run the following:


Enable-PsRemoting -Force
On your computer, enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Start-Process -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

F) On your computer, run the following:


Enable-PsRemoting -Force
On your computer, enter the following:
Enter-PSSession -ComputerName wks1.nutex.com -Credential
Nutex\CarlSpackler
Invoke-Command -ComputerName wks1.nutex.com -FilePath
\\server5\Scripts\.ps1

Explanation

You should run the following on wks1:

Enable-PsRemoting -Force

On your computer, you should enter the following:

Enter-PSSession -ComputerName wks1.nutex.com -Credential Nutex\CarlSpackler


Invoke-Command -ComputerName wks1.nutex.com -FilePath \\server5\Scripts\.ps1

You should first ensure that Enable-PsRemoting -Force is run on the computers that you want to remotely access
so that the remote computers can receive remote commands. The Enable-PsRemoting cmdlet starts the WinRM
service and sets the service to start automatically. It also creates a firewall rule that allows incoming connections
from remote computers. The -Force parameter ensures that there is no user intervention.

You should not enter Enable-PsRemoting -Force on your own computer because wks1 is the computer you are
trying to access remotely.

You should use the Enter-PSSession -ComputerName wks1.nutex.com -Credential Nutex\CarlSpackler


command to start a remote PowerShell session on wks1 with the proper credentials. To do so, run the following:

Invoke-Command -ComputerName wks1.nutex.com -FilePath \\server5\Scripts\.ps1

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 84/109
30/10/2019 MD-100 Exam Simulation

The Invoke-Command cmdlet runs a script on a remote computer. You should use the -FilePath parameter to
specify the location of the script. The script will run on wks1 and return the results to your computer.

You should not run the Start-Process cmdlet to invoke the script file on the remote computer. This cmdlet will start
a process, but not run a script.

You should not run the following on wks1 because this should be run on the local computer, not the remote
computer:

Enter-PSSession -ComputerName wks1.nutex.com -Credential Nutex\CarlSpackler

Objective:
Configure Connectivity

Sub-Objective:
Configure remote connectivity

References:

How to Run PowerShell Commands on Remote Computers

Windows PowerShell 5.0 > Microsoft.PowerShell.Core Module > Core Cmdlets > Invoke-Command

Question #43 of 50 Question ID: 1230837

During the implementation of a new KMS server for Volume Activation, you installed and activated the KMS service,
then opened port 1688 on the firewall. You find that the clients cannot locate the KMS server to activate the keys.

Which of the following commands would help you determine the existence of the necessary SRV records for the
KMS server?

A) nslookup -type=srv _ sip._tcp.


B) nslookup -type=srv _ ldap._tcp
C) nslookup -type=srv _ vlmcs._tcp
D) nslookup -type=srv _ msdcs._tcp

Explanation

You should execute the command nslookup -type=srv _vlmcs._tcp. Nslookup is used to troubleshoot DNS; it can
be used to test the function of DNS and to list information from the DNS database. The command nslookup -
type=srv _vlmcs._tcp will list any existing VLMCS service or KMS Service Location (SRV) resource records that
exist in the DNS database. Please note that KMS servers are capable of registering SRV resource records on their
own, but in some cases, it may be necessary or advisable to create these records manually. When KMS SRV
records are created manually, it is advisable to give all KMS servers the Full Control permission for those records.
This ensures that the KMS server(s) can update the records as needed.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 85/109
30/10/2019 MD-100 Exam Simulation

You should not run the nslookup command and specify any of the other record types listed. The srv _msdcs._tcp
record represents the entire _msdcs subdomain DNS. The srv _ldap._tcp record represents the LDAP service on
a domain controller, and srv _sip._tcp is a record type used for a SIP server.

Objective:
Deploy Windows

Sub-Objective:
Deploy Windows 10

References:

Volume Activation for Windows 10

TechNet > TechNet Library > Deployment > Volume Activation > Volume Activation for Windows 7 and Windows
Server 2008 R2 > Pilot and Deploy > Volume Activation Deployment Guide

Question #44 of 50 Question ID: 1230902

You are the administrator of the Verigon Corporation's Active Directory domain. All the servers in the domain run
Windows Server 2012 R2, and all client computers run Windows 10. A server named AppSrv1.verigon.com is an
application server for nutex.com.

The Remote Desktop listening port on AppSrv1.verigon.com has been changed from 3389 to 10557. You have
connected to the server via a VPN connection.

You will be traveling on a commuter train between your home and office. The train offers Wi-Fi service, but the
bandwidth is very low. You want to be able to use Remote Desktop to modify the application server. You do not
want any desktop graphics from AppSrv1.verigon.com to be displayed.

What should you do? (Choose all that apply.)

A) On the Advanced tab of your Remote Desktop connection, specify the port of
AppSrv1.verigon.com in the server authentication section.
B) On the General tab of your Remote Desktop connection, specify
AppSrv1.verigon.com:10557 in the Computer field.
C) On the Experience tab of your Remote Desktop connection, set the
connection type to Low-Speed broadband (256kbps–2 Mbps), and ensure
the Desktop Background option is checked.
D) On the Experience tab of your Remote Desktop connection, set the
connection type to Low-Speed broadband (256kbps–2 Mbps), and ensure
the Desktop Background option is cleared.
E) On the Advanced tab of your Remote Desktop connection, specify the IP
address and port of AppSrv1.verigon.com.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 86/109
30/10/2019 MD-100 Exam Simulation

Explanation

You should specify AppSrv1.verigon.com:10557 in the Computer field on the General tab of your Remote
Desktop connection. You can specify the connecting port after the computer name or IP address. The General tab
of the Remote Desktop Connection dialog box is shown in the following exhibit:

You should ensure that the Desktop Background option is unchecked and that the connection type is set to Low-
Speed broadband (256kbps–2 Mbps) on the Experience tab of your Remote Desktop connection. You do not
want to have the desktop background of the server to display when you log on to the server with Remote Desktop.
You can save your remote desktop settings in an .rdp file. The Experience tab of the Remote Desktop
Connection properties dialog box is shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 87/109
30/10/2019 MD-100 Exam Simulation

You cannot specify the IP address and port of AppSrv1.verigon.com on the Advanced tab of your Remote
Desktop connection. The Advanced tab of the Remote Desktop Connection properties dialog box is shown in the
following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 88/109
30/10/2019 MD-100 Exam Simulation

If you click the Settings button located on the Advanced tab of the Remote Desktop Connection Properties
dialog box, you will be able to configure the RD Gateway server and credentials settings. Using an RD Gateway will
allow remote users that connect through Remote Desktop to access work resources through the Remote Desktop
computer. The RD Gateway Server Settings dialog box is shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 89/109
30/10/2019 MD-100 Exam Simulation

Objective:
Configure Connectivity

Sub-Objective:
Configure remote connectivity

References:

Docs > Windows > Remote Desktop Services

Question #45 of 50 Question ID: 1230907

Your company's network contains 25 Windows 10 Pro computers. One of the Windows 10 computers requires a
device driver update for its network adapter. You install the new driver and reboot the computer.

The computer reboot results in a blue screen error. You need to roll back to the older driver that was working
properly.

You reboot the computer, press the Shift + F8 key combination, and select See advanced repair options. When
the Choose an option screen displays, you select Troubleshoot. On the Troubleshoot screen, you select
Advanced Options. On the Advanced Options screen, you select Windows Startup Settings. On the Windows
Startup Settings screen, you press the Restart button.

When the computer reboots, the Advanced Boot Options menu is displayed. You need to roll back the device
driver as quickly as possible. Which option should you select?

A) Last Known Good Configuration


B) Debugging Mode
C) Enable Boot Logging
D) Start Windows normally
E) Safe Mode
F) Safe Mode with Networking
G) Disable automatic restart on system failure
H) Disable Driver Signature Enforcement
I) Disable Early Launch Anti-Malware Driver
J) Safe Mode with Command Prompt
K) Enable low-resolution video

Explanation

You should select Safe Mode and roll back the network adapter's driver from the Driver tab of the device's
Properties dialog box.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 90/109
30/10/2019 MD-100 Exam Simulation

You should not select Safe Mode with Networking. The network adapter is the one causing the issue. If you boot
with networking enabled, the network adapter drivers will be loaded, probably resulting in another blue screen error.

You should not select Safe Mode with Command Prompt. This option will boot to a command prompt, which means
you would have to know the command to roll back the driver.

You should not select Enable Boot Logging. This would cause all boot events to be logged but would not allow you
to roll back the driver because the reboot would most likely result in another blue screen error.

You should not select Enable low-resolution video. This boot mode takes longer to load. In addition, it would most
likely result in another blue screen error because all components use their normal drivers in this mode except for
the video card.

You should not select Last Known Good Configuration. In all version of Windows prior to Windows 8, Last Known
Good Configuration is the easiest way to boot a computer if the first boot after a device driver update fails. However,
the Last Known Good Configuration option is NOT available in Windows 8, Windows 8.1, and Windows 10 by
default. However, it can be added by editing the registry or running the following:

In previous versions of Windows, you could use the Last Known Good configuration to fix a broken registry
hardware configuration. You could select the Last Known Good configuration at startup via F8. This option is not
enabled by default in Windows 10. The bootmenu parameter of the BCDEdit command defines the type of boot
menu the operating system will use. Windows 10 and Windows RT use the standard option. Windows Server 2012
R2 uses the legacy option. When the legacy option is set, then the Last Known Good configuration will display in
the Advanced Boot Options via the F8 key.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 91/109
30/10/2019 MD-100 Exam Simulation

To edit the registry to restore the Last Known Good configuration, you need to edit the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager

Create a key called BackupCount that is a DWORD value if the key does not already exist. If the BackupCount
value already exists, set the value to 2. If the BackupCount value does not exist, set the value to 1. This key will
back up the CurrentControlSet of the registry.

Right click on the Configuration Manager key and create a key called LastKnownGood with a DWORD value of
1.

You should not select Debugging Mode. This mode would provide debugging information that could be used to
troubleshoot the error. However, it would not recover the system by rolling back the driver.

You should not select Disable automatic restart on system failure. This would prevent Windows from rebooting
automatically when a blue screen error occurs. However, it would not allow you to roll back the driver.

You should not select Disable Early Launch Anti-Malware Driver. The early launch anti-malware driver prevents
malicious drivers from loading early in the boot process. Disabling this feature would not allow you to roll back the
driver.

You should not select Start Windows normally. This would probably result in another blue screen error.

Objective:
Maintain Windows

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 92/109
30/10/2019 MD-100 Exam Simulation

Sub-Objective:
Configure system and data recovery

References:

HowToGeek.com > How to Boot Into Safe Mode on Windows (The Easy Way)

Blog.ITBubble.ru > How to enable Last Known Good Configuration in Windows 8

Microsoft > Support > Windows 8 > Error: Windows failed to start. A recent hardware or software change might
have caused the issue after you install Windows Updates

Question #46 of 50 Question ID: 1230925

You have upgraded several Windows 8 Pro computers in the nutex.com Active Directory domain to Windows 10
Pro. Users of these computers complain that several applications from the Windows Store now display notifications
that the application has updated. When an application updates, it may have new features that require the users to
learn the new layout or new features before using the application.

You want to ensure that applications from the Windows Store do not automatically update, but rather, give users the
freedom to update the application when they choose. What should you configure on the Windows 10 computers?

A) Open Windows Store and navigate to Settings, then choose Update and
Recovery. Configure the settings in Choose how updates get installed.
B) From the Start Menu, choose Settings, choose Update and Security, choose
Notifications, and set Automatically update my apps to Off.
C) Open Windows Store and navigate to Settings, under App Updates. Set
Automatically update my apps to Off.
D) From the Start Menu, choose Settings, choose Update and Security.
Configure the settings in Choose how updates get installed.
E) From the Start Menu, choose Settings, choose System, choose Apps and
features, choose Notifications, and set Automatically update my apps to
Off.

Explanation

To disable automatic installation and updating of Windows Store applications in Windows 10, you should open
Windows Store and navigate to Settings. Next, go under App Updates and set Automatically update my apps
to Off.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 93/109
30/10/2019 MD-100 Exam Simulation

In Windows 8 and higher, apps from the Windows Store could automatically download updates, but would not install
the updates until you manually approved them from the Store tile notifications. In Windows 10, applications are
automatically updated by default. While most of the time this is a good thing, there may be instances where a user
would manually want the freedom to choose.

All other answers are incorrect.

The Apps and Features under System allows you to manage features, and add features, but it will not allow you to
stop automatic updates to the app.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 94/109
30/10/2019 MD-100 Exam Simulation

The Update and Security under Settings allows you to manage Windows updates.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 95/109
30/10/2019 MD-100 Exam Simulation

You cannot use this to manage updates from Windows Store apps.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

Windows Support > Windows Update: FAQ

TechNet > Windows Client > Home > Articles > Automated Updating for Windows Store Apps

How To Turn Off Automatic App Updates In Windows 10

Windows 8.1 Tip: Disable App Auto-Update

Question #47 of 50 Question ID: 1230881

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 96/109
30/10/2019 MD-100 Exam Simulation

All workstations in your network run Windows 10. The following graphic shows a partial diagram of your network
configuration:

The following users can perform these activities:

John can retrieve files from ServerA using the FQDN of ServerA
John can upload files to ServerC using the FQDN of ServerC
John, Betty, and Julie can browse web sites on the Internet.
Julie and Betty can retrieve files from ServerD using the FQDN of ServerD
Julie and Betty can upload files to ServerD using the FQDN of ServerD

The user named John reports the following issues:

John cannot retrieve files from ServerD by using an IP address or FQDN


John cannot upload files to ServerD by using an IP address or FQDN

Which of the following options or features is misconfigured on John’s computer?

A) Subnet mask
B) DNS suffix
C) DNS server address
D) Default gateway

Explanation

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 97/109
30/10/2019 MD-100 Exam Simulation

John’s subnet mask is incorrect. In this scenario, the following conditions exist:

John can retrieve files from ServerA


John can upload files to ServerC
John, Betty, and Julie can browse web sites on the Internet.
Julie and Betty can retrieve files from Server D
Julie and Betty can upload files to Server D

If John can retrieve files from ServerA or ServerC using the FQDN of ServerA, then John’s computer must have the
correct default gateway, because ServerA is on a separate subnet. If a request is not on your local subnet, then it is
sent to your default gateway and routed.

If Julie and Betty can retrieve files from and upload files to ServerD using the FQDN, then Julie and Betty are
configured with the correct default gateway. The router on the subnet that contains Julie and Betty’s computer is
correct. Because ServerD can communicate with Julie and Betty’s computer, ServerD has its default gateway
correctly configured and is properly registered in the DNS.

John’s computer and ServerD are on the same subnet. If John’s computer attempts to communicate with ServerD,
John’s computer will attempt to resolve ServerD’s name to an IP address. Once John’s computer has obtained
ServerD’s IP address, John’s computer will decide if ServerD is on the same subnet or different subnet through a
process called ANDing. With ANDing, John’s computer will use its subnet mask to determine whether ServerD is on
the same subnet as the computer. If it is on the same subnet, John’s computer will send an ARP request to obtain
ServerD’s physical or MAC address. If John’s computer thinks that ServerD is not on its subnet, it will send a
request to the default gateway address configured on John’s computer to route the request.

If John’s computer has a subnet mask of 255.255.255.128 while other computers on the same subnet have a
subnet mask of 255.255.255.0, then John’s computer will see ServerD as computer on a different subnet. John’s
computer will see itself on the subnet of 10.32.0.0/25 and ServerD as a computer on the 10.32.0.128/25 subnet.

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

References:

TechNet Library > Windows > Windows XP > Resource Kit > Configuring IP Addressing and Name Resolution

Tech Republic > Articles > IP Subnetting Made Easy

Question #48 of 50 Question ID: 1230862

You work for the Metroil Corporation out of the central office. You travel 40% of your time. You want to know when
Windows Defender Firewall blocks a new program when you are using a wireless network in an Internet cafe or

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 98/109
30/10/2019 MD-100 Exam Simulation

airport. You do not want to be alerted when Windows Defender Firewall blocks a program when you are in the
central office.

What should you configure?

A) Use Windows Firewall with Advanced Security to create a rule that turns off
notifications for the private network.
B) Use Windows Firewall with Advanced Security to create an inbound rule and
outbound rule to turn off notifications for the private network.
C) Use Windows Defender Firewall to turn off Windows Firewall on the private
network settings.
D) Use Windows Defender Firewall to change notification settings for the private
network settings.

Explanation

You should use Windows Defender Firewall to change notification settings for the private network settings. You
should clear the Notify me when Windows Firewall blocks a new program option for the Private network
settings. You can specify separate settings for the private network or the public network.

You cannot use Windows Firewall with Advanced Security to create any kind of rule to turn off notifications for the
private network. Notifications are not supported via rules in Windows Firewall with Advanced Security.

You should not use Windows Defender Firewall to turn off Windows Firewall on the private network settings. This
action would disable notifications on the private network, but it would also prevent Windows Defender Firewall from
protecting the computer.

Several PowerShell cmdlets exist that can be used to manage Windows Defender Firewall. You can use the Set-
NetFirewallProfile cmdlet to enable the domain, public, or private profiles. The New-NetFirewallRule cmdlet
https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 99/109
30/10/2019 MD-100 Exam Simulation

configures new firewall rules. The Set-NetFirewallRule cmdlet modifies existing firewall rules. The Remove-
NetFirewallRule cmdlet deletes firewall rules.

You can also use the netsh command to manage the firewall. However, the netsh command is scheduled for
deprecation.

Objective:
Manage Devices and Data)

Sub-Objective:
Manage Windows security

References:

Docs > Windows > Threat protection > Windows Defender Firewall with Advanced Security

TechNet Library > Windows Server > Windows Server 2012 > Server Roles and Technologies > Networking >
Windows Firewall with Advanced Security > Windows Firewall with Advanced Security Administration with Windows
PowerShell

Techtiplib.com > Adjust Windows 8 Firewall Settings

Question #49 of 50 Question ID: 1230926

Your organization's network contains twenty Windows 10 Pro computers. All computers are configured to install
Windows updates automatically during the maintenance window. Maintenance is scheduled to occur every day at
3:00 a.m.

While troubleshooting an issue with a Windows 10 Pro computer named Client10, you discover that software
updates from Microsoft are not being installed because the user had changed several of the default settings. The
user informs you that he places his computer into Hibernate mode each evening when he leaves. You open the
Local Group Policy editor and navigate to the Computer Configuration / Administrative Templates / Windows
Components / Windows Update node, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 100/109
30/10/2019 MD-100 Exam Simulation

What should you do?

A) Enable the Enabling Windows Update Power Management to


automatically wake up the system to install scheduled updates policy.
B) Open Control Panel, click the Security and Maintenance applet, and click
Change maintenance settings. In the Automatic Maintenance dialog box,
enable the Allow scheduled maintenance to wake up my computer at the
scheduled time option.
C) Enable the Configure Automatic Updates policy, select the Automatically
download updates and install them on the schedule specified below
option, and configure the schedule appropriately.
D) Enable the Reschedule Automatic Updates scheduled installations policy
and configure the Wait for system startup option to five minutes.

Explanation

You should open Control Panel, click the Security and Maintenance applet, and click Change maintenance
settings.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 101/109
30/10/2019 MD-100 Exam Simulation

Then, in the Automatic Maintenance dialog box, you should enable the Allow scheduled maintenance to wake
up my computer at the scheduled time option.

This setting will allow the computer to wake when it is time for the updates to occur and is enabled by default. By
default, a Windows 10 computer is scheduled for automatic maintenance at 3:00 a.m.

You should not enable the Configure Automatic Updates policy, select the Automatically download updates
and install them on the schedule specified below option, and configure the schedule appropriately. Windows 10
is no longer configured to use this policy to schedule installation for automatically downloaded updates or to
manage the update schedule. This policy and its configuration options are shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 102/109
30/10/2019 MD-100 Exam Simulation

If you decided to use group policies to manage Automatic Updates, the scheduling aspect of Automatic Updates for
Windows 10 is configured using the Maintenance Activation Boundary policy in the Computer Configuration >
Administrative Templates > Windows Components > Maintenance Scheduler node. All of the policies included
in this node are shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 103/109
30/10/2019 MD-100 Exam Simulation

You should not enable the Enabling Windows Update Power Management to automatically wake up the
system to install scheduled updates policy, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 104/109
30/10/2019 MD-100 Exam Simulation

This would be the setting to enable if you wanted to wake Windows Server 2008, Windows 7, and Windows Vista
computers. However, the ability to wake a Windows 10 computer is controlled using the Automatic Maintenance
feature.

You should not enable the Reschedule Automatic Updates scheduled installations policy and configure the
Wait for system startup option to five minutes, as shown in the following exhibit:

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 105/109
30/10/2019 MD-100 Exam Simulation

This setting ensures that an Automatic Updates installation can start after a computer boots if the computer was
down during the regularly scheduled update time.

Objective:
Maintain Windows

Sub-Objective:
Manage updates

References:

How to Prevent Your Computer From Waking Up Accidentally

Microsoft > Windows 8 > Support > Article ID: 2799178 - Windows 8 desktop wakes up unexpectedly from sleep or
hibernation

MyWindows8.org > Windows 8 Automatic Maintenance: Change Maintenance Settings in Windows 8

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 106/109
30/10/2019 MD-100 Exam Simulation

Question #50 of 50 Question ID: 1230886

Your company issues Windows 10 laptops to all salespeople. The salespeople travel all over the United States and
use different networks to connect to the Internet.

One of the salespeople reports that his mobile wireless company is lowering his data limit. You need to ensure that
this connection is not used to download device, operating system, or application updates. What should you do?

A) Configure the mobile wireless connection as non-metered.


B) Turn sharing on for the mobile wireless connection.
C) Configure the mobile wireless connection as metered.
D) Turn sharing off for the mobile wireless connection.

Explanation

You should configure the mobile wireless connection as metered. This will prevent the Windows 10 laptop from
using the mobile wireless connection to download device, operating system, and application updates. If a
connection is configured as metered and you need to use it to download updates, you should change the
connection to a non-metered connection.

To change a network connection to a metered connection, you should go to Settings, choose Network and
Internet, choose Wi-Fi, choose Advanced Options, choose the Set as metered connection option, and switch it
to On.

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 107/109
30/10/2019 MD-100 Exam Simulation

You should not configure the mobile wireless connection as non-metered. This would allow the user to use the
mobile wireless connection to download all updates.

You should not turn sharing on or off for the mobile wireless connection. This setting has no effect on downloading
updates. Turning sharing on will allow the user to share files on his Windows 10 laptop with others on the network.

Windows 10 supports synchronization that automatically tracks roaming and bandwidth usage limits while on
metered connections. By default, when the user on a metered connection is near or over the bandwidth limit, or is
roaming on another provider's network, Windows will switch to offline mode and disable background
synchronization.

Objective:
Configure Connectivity

Sub-Objective:
Configure networking

References:

How, When, and Why to Set a Connection as Metered on Windows 10

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 108/109
30/10/2019 MD-100 Exam Simulation

Windows > Support > Web & networking > Windows 8.1 > Metered Internet connections: Frequently asked
questions

TechNet Library > Windows Server > Windows Server 2012 R2 and Windows Server 2012 > Server Roles and
Technologies > File and Storage Services > Folder Redirection, Offline Files, and Roaming User Profiles > Deploy
Folder Redirection, Offline Files, and Roaming User Profiles > Enable Background File Synchronization on Metered
Networks

TechNet Library > Windows Server > Windows Server 2012 R2 and Windows Server 2012 > Server Roles and
Technologies > File and Storage Services > Folder Redirection, Offline Files, and Roaming User Profiles

Bleepingcomputer.com > Computer Tutorials > Windows 8 Tutorials > How to configure metered connections in
Windows 8

https://www.kaplanlearn.com/education/test/print/33334997?testId=115758498 109/109