Kim Akers has set the file Brisbane .doc which is hosted on an office file server to be available offline using her portable computer running Windows 7?. Which of the following policies
Trang 1Lesson Review
You can use the following questions to test your knowledge of the information in Lesson 2,
“Windows 7 Mobility ” The questions are also available on the companion DVD if you prefer
to review them in electronic form
note aNSWerS
Answers to these questions and explanations of why each answer choice is correct
or incorrect are located in the “Answers” section at the end of the book
1 Which of the following commands can you use to generate a list of devices on
a computer running Windows 7 that are currently configured to wake the computer
from any sleep state?
a powercfg.exe –devicequery all_devices
B powercfg.exe –hibernate on
c powercfg.exe –devicequery wake_armed
D powercfg.exe -list
2 Sam Abolrous has a user account on a client running Windows 7 This user account is
not a member of the local Administrators group Which of the following power settings
tasks can Sam perform? (Choose all that apply )
a Choose a different power plan
B Create a new power plan
c Change what the power buttons do
D Change the Require A Password On Wakeup setting
3 Which of the following tools can you use to migrate a custom power plan from one
computer running Windows 7 to another?
a The Power Options control panel
B Gpedit msc
c Powercfg exe
D Bcdedit exe
4 Kim Akers has set the file Brisbane doc (which is hosted on an office file server) to be
available offline using her portable computer running Windows 7 Kim goes home
for the weekend and works on Brisbane doc Same Abolrous comes into the office on
the weekend and works on the copy of Brisbane doc stored on the office file server
Which of the following tools can Kim use to resolve the conflict that occurs when she
connects her computer to the office network?
a Credential Manager
Trang 2594 CHAPTER 11 BitLocker and Mobility Options
c HomeGroup
D Network And Sharing Center
5 Which of the following policies should you enable to ensure that clients running Windows 7 are able to cache files on shared folders if the round-trip latency to the remote file server exceeds a specific value in milliseconds without having to specify that a file is available offline?
a Configure Slow Link Speed
B Configure Slow Link Mode
c Exclude Files From Being Cached
D Transparent caching
Trang 3Chapter review
To further practice and reinforce the skills you learned in this chapter, you can perform the
following tasks:
n Review the chapter summary
n Review the list of key terms introduced in this chapter
n Complete the case scenarios These scenarios set up real-world situations involving the
topics of this chapter and ask you to create a solution
n Complete the suggested practices
n Take a practice test
Chapter Summary
n BitLocker protects computers against offline attacks by providing full hard disk
encryption as well as protection for the boot environment
n BitLocker To Go provides full volume encryption for USB removable storage devices
These storage devices can be accessed on other computers if the appropriate
password is used
n Offline Files allows files hosted on specially configured shared folders to be used when
a computer is not connected to the network
n Sync Center can be used to resolve conflicts between Offline Files and those stored on
shared folders
n Transparent caching is an automatic caching technology that speeds up access to files
located on file shares on distant networks
n Power plans allow users to balance computer performance against energy consumption
Power plans can be migrated using a command-line utility
Key terms
Do you know what these key terms mean? You can check your answers by looking up the
terms in the glossary at the end of the book
n Data recovery agent (Dra)
n transparent Caching
n Offline Files
Trang 4596 CHAPTER 11 BitLocker and Mobility Options
Case Scenarios
In the following case scenarios, you apply what you’ve learned about subjects covered in this chapter You can find answers to these questions in the “Answers” section at the end of this book
Case Scenario 1: Accessing Offline Files at Contoso
Contoso’s Australian division has its head office located in Melbourne and branch offices in Wagga Wagga, Maroochydore, and Wangaratta The file server in Melbourne, named
fs1 melbourne au contoso com, has Windows Server 2008 installed Several users at the Melbourne office have configured files hosted on shared folders to be available offline Sometimes other users edit these files when the users who made them available offline are out
of the office Several clients in the branch offices need to retrieve files from the Melbourne file server, but they experience delays due to WAN congestion Branch office clients run Windows 7 Professional and are not members of the Contoso domain You have configured a branch office client with a custom power plan You want to use this power plan with other clients running Windows 7 at the branch office sites
With these facts in mind, answer the following questions:
1 What tool should you use to configure other branch office clients with the custom power plan?
2 How can you speed up access to files stored on fs1 melbourne au contoso com for clients in Wagga Wagga, Wangaratta, and Maroochydore?
3 What tool should you advise head office users to use to resolve offline file
synchronization conflicts?
Case Scenario 2: Using BitLocker at Tailspin Toys
Tailspin Toys has recently deployed a large number of computers running Windows 7
Enterprise The company has distributed 32-GB USB flash drives for use with these computers After a senior manager left her flash drive in an airport lounge, you have been asked to review security policies with respect to these devices It is important that unauthorized third parties are unable to recover data if one of these devices is lost Users should be unable to store data on these devices unless that data is encrypted by Tailspin Toys Users should be able to access the data stored on these devices on their home computers Home computers run either Windows XP or Windows Vista
With these facts in mind, answer the following questions:
1 What can you do to allow people to use their USB storage devices at home on their computers running Windows XP and Windows Vista?
Trang 52 What can you do to ensure that users are able to write information only to
BitLocker-protected removable devices from Tailspin Toys?
3 What can you do to ensure that it is possible to recover removable volumes when
people have forgotten their password or lost their key?
Suggested practices
To help you master the exam objectives presented in this chapter, complete the
following tasks
Configure BitLocker and BitLocker To Go
This practice requires a computer that has a compatible TPM chip If you do not have
a computer that has a compatible TPM chip, or you are using a virtual machine, do not
perform this practice
n practice 1 Configure a computer with a TPM chip to use BitLocker to protect all
attached volumes The volume encryption process takes some time
n practice 2 Remove BitLocker from the computer configured in Practice 1
The BitLocker removal process takes some time
Configure Mobility Options
This practice requires that you have both computer Canberra and computer Aberdeen
available and able to connect to each other You configured computer Aberdeen for the
practice exercises in several previous chapters In this practice, you explore offline files
functionality and resolve an offline files conflict
n practice 1 Configure a shared folder on computer Aberdeen Create some temporary
files in the folder using WordPad Connect to this shared folder over the network from
computer Canberra When logged on to computer Canberra, make one of the files that
you created on computer Aberdeen available offline
n practice 2 After you have made the file that you created on computer Aberdeen
available offline on computer Canberra, shut down computer Aberdeen Make
modifications to this file on computer Canberra and then shut down computer
Canberra Start computer Aberdeen and modify the same file that you made offline
on computer Canberra Start computer Canberra Use the Sync Center to resolve
the conflict between the offline file modified on computer Canberra and the shared
file modified on computer Aberdeen
Trang 6598 CHAPTER 11 BitLocker and Mobility Options
take a practice test
The practice tests on this book’s companion DVD offer many options For example, you can test yourself on just one exam objective, or you can test yourself on all the 70-680 certification exam content You can set up the test so that it closely simulates the experience
of taking a certification exam, or you can set it up in study mode so that you can look at the correct answers and explanations after you answer each question
More Info praCtICe teStS
For details about all the practice test options available, see the section entitled “How to Use the Practice Tests,” in the Introduction to this book.
Trang 7C h a p t e r 1 2
Windows Update and
Windows Internet Explorer
Keeping computers secure is one of an IT professional’s most important responsibilities This task has become increasingly difficult as attackers become more sophisticated
Malware authors respond rapidly to the publication of new updates, reverse engineering
them to learn more about the vulnerabilities that the updates address What this means in practical terms is the longer you take to apply a released update, the more time you give
to attackers to exploit the vulnerabilities that are fixed by the update In the first part of
this chapter, you learn which methods and technologies that you can use to keep clients
running Windows 7 up to date so that you can ensure the safety and security of the users
in your organization
Windows Internet Explorer 8 is the browser most commonly used with Windows 7
Browsing the Internet and intranet is becoming as much a critical activity in business as using
a word processor or managing a spreadsheet In the second part of this chapter, you learn how
to configure two new privacy technologies that are included with Internet Explorer 8: InPrivate Browsing and InPrivate Filtering You learn how to extend the functionality of Internet Explorer
by configuring and managing accelerators and add-ons You also learn about how you can
configure Internet Explorer to be more secure, through customizing privacy options and
configuring zone settings
Exam objectives in this chapter:
n Configure updates to Windows 7
n Configure Internet Explorer
Lessons in this chapter:
n Lesson 1: Updating Windows 7 601
n Lesson 2: Configuring Internet Explorer 622
Trang 8600 CHAPTER 12 Windows Update and Windows Internet Explorer
Before You Begin
To complete the exercises in the practice in this chapter, you need to have done the following:
n Install Windows 7 on a stand-alone client PC named Canberra, as described in
Chapter 1, “Install, Migrate, or Upgrade to Windows 7 ”
n Ensure that computer Canberra has an active connection to the Internet
real World
Orin Thomas
Many security incidents would not have occurred if administrators and users had kept their computers up to date with software updates, antivirus definitions, and service packs This is because a significant number of attacks against computers exploit problems that the vendor has previously patched with
a released update Many famous viruses and worms attacked security vulnerabilities that Microsoft had already fixed For example, Code Red, Nimda, and Sasser were successful because a large number of people did not keep their computers current with software updates If almost every administrator diligently applied updates,
we would never have heard of these viruses because they would have been unable
to infect computers Applying updates in a timely manner is important because security researchers have estimated that exploit code becomes available for the vulnerability that a new update addresses within a week of the update’s release One
of the most important aspects of your career as an IT professional who supports client computers is to ensure that the clients you are responsible for managing stay current with software updates This immunizes computers that you manage from malware infections You also do not want to be in a position to have to explain to your manager why you did not manage to find the time to install the update that would have protected your organization’s computers from the attack when the next big virus or worm hits.
Trang 9Lesson 1: Updating Windows 7
Your responsibility for managing a computer does not end once the operating system and
applications are installed, appropriate settings configured, and the user logs on for the first
time As an IT Pro responsible for managing clients running Windows 7, it is likely that you will
spend more time ensuring that software updates and service packs are applied in a timely
manner than you will ever spend on deploying the operating system to new computers
In this lesson, you learn about what steps you can take to automate the deployment of
software updates You learn about the functionality of the Windows Update client built into
Windows 7, and you learn about centralized update deployment solutions like Windows
Server Update Services (WSUS)
After this lesson, you will be able to:
n Manage updates to Windows 7
n Configure update-related group policies
n Configure and update sources
Estimated lesson time: 40 minutes
Configuring Windows Update
The Windows Update control panel is the primary tool you use to manage software updates
on clients running Windows 7 Through this control panel, a user with Administrator privileges
is able to check for updates, change update settings, review installed updates, and review
hidden updates A user who is unable to elevate privileges is able to use this control panel to
check for and install updates Windows Update relies upon the Windows Update service This
service is enabled by default on all clients running Microsoft Windows
When installing Windows 7, the installation routine asks you to set the Windows Update
defaults The options are to use recommended settings, install important updates only, or
have Windows 7 ask about update settings again later If you choose the default settings,
Windows Update attempts to detect and install updates classified as Important and
Recommended every day at 3:00 a.M If the computer is not switched on at 3:00 a.M., the
computer performs a check for updates and installs them the next time it is turned on
Administrators and standard users can manually check for updates by clicking the Check
For Updates item in the control panel The computer needs to be able to contact the update
source to be able to check for updates The update source can be the Microsoft Update
servers on the Internet or a local update server You will learn more about configuring
Windows Update to use a local update server later in this lesson After you check for updates,
the Windows Update control panel lists all available updates that can be installed, as shown in
Trang 10602 CHAPTER 12 Windows Update and Windows Internet Explorer
not automatically download and install updates You can also manually check for updates from the command line by issuing the following command:
Wuauclt.exe /detectnow
FIgUre 12-1 Windows Update control panel
Updates can have one of the three following classifications:
n Important Updates Important updates often address critical security issues In some cases, updates with the important classification address security issues where an exploit is already available to attackers on the Internet
n recommended Updates Recommended updates often address functionality issues The Recommended update shown in Figure 12-2 addresses a problem that Internet Explorer had with unresponsive Web sites
FIgUre 12-2 Properties of a Recommended Update