Trying to understand 70-680

themagicone

Hi! I've been studying for the 70-680 for about 2-3 weeks now. I'm using Labsim at the moment. I have to ask, is the real test this vague when it comes to questions? This is what I mean (question from Labsim),

You want to find out who has been running a specific game on the computer. You don't want to prevent access but log the information. It is not digitally signed. (Sorry I can't copy and paste so I got the most of it)

My instinct tells me first it's going to have to be rule that is set to Audit only. Great I get that part. Now the 2nd part, you know the game that you want to track so my guts tells me to use a publisher rule. That way you ignore any path info at the time and just track who is running the program. But that is incorrect according to Labsim. It states to use a path rule. My problem with that what if the person moves the app? Or there is multiple copies?

I get a lot of these question wrong and I just sit there and bash my head asking why. Any advice on how I should attack these? Thanks

[Deleted User]

It is my understanding that publisher rules require that the application is digitally signed. Therefore, you wouldn't be able to use that.

earweed

For a lot of the 70-680 you get into the minutae of the system so you have to delve into the details.

Jander1023

It's all about how the questions are worded. Your question is asking you to audit a specific application; which means a path rule is the correct answer. If the question asked you to block all applications from the same software company, then the correct answer would be publisher rule. Does that clarify the issue?

Moving the application or re-installing it is certainly a possibility. However, most users aren't going to figure that out. The questions will be tricky but not that tricky. Just remember:

One specific application - path rule

All apps by same software company - publisher rule

themagicone

Makes sense. Just a big jump in question format over Comptia Certs. I've never worked with Windows 7 so it makes it that much harder. Even harder is I've never worked with deployment or production environments of any version of Windows so it's getting confusing learning about all the different tools available.

Jander1023

themagicone wrote: »

Makes sense. Just a big jump in question format over Comptia Certs. I've never worked with Windows 7 so it makes it that much harder. Even harder is I've never worked with deployment or production environments of any version of Windows so it's getting confusing learning about all the different tools available.

Microsoft exams can be very difficult. The questions can be very confusing and sometimes vague. You may want to spend a few extra bucks and purchase some test questions. I use Self Test Software and Measure Up. Both offer 30 day online access for anywhere from $49 to $89, or so. While that is an additional expense, it's better than failing an exam!

I only used STS for the 680 and 685 but now I use both STS and MU for the Server 2008 certs. The test questions aren't the exact questions you'll see on the exams, but they are good examples of what to expect. They'll provide you with many scenarios that you wouldn't otherwise see.

BradH

The only thing I can say without giving the game away after completing 70-680 yesterday is that it did my head in.

One or two questions where you had to ask "Are you for real" if someone would get that one wrong.

But there rest went everywhere!! And some were very very hard. Some I had to make an educated "guess" at I suppose however I think completing 640,642 and esp 643 (with deployment type q's) assisted greatly. I only have 647 to complete both the SA and EA certs and leaving 680 to second last was I think a good choice.

Know how 7 intergrates with the latest server edition esp with Microsoft's latest systems. Everyone know MS always take pride in testing people about their new product features. Take time in learning those.

BradH

themagicone wrote: »

Makes sense. Just a big jump in question format over Comptia Certs. I've never worked with Windows 7 so it makes it that much harder. Even harder is I've never worked with deployment or production environments of any version of Windows so it's getting confusing learning about all the different tools available.

Download a copy of Windows 2008 R2 and Window 7 from MS for free with an evaluation period. Use them. Build some VM's or Physical machines with them if you can. Use them together and get familar with them both. It's the only way to learn and put in practice the book lessons or video's you watch

Jander1023

BradH wrote: »

Download a copy of Windows 2008 R2 and Window 7 from MS for free with an evaluation period. Use them. Build some VM's or Physical machines with them if you can. Use them together and get familar with them both. It's the only way to learn and put in practice the book lessons or video's you watch

Keep in mind that Server 08 R2 is 64 bit only. If you don't have 64 bit capability, then you can run regular Server 08. However, with the Server 08 certs being upgraded to included R2, you should try to run it.

Win7 - really doesn't make any difference for the exams.

earweed

To get full use of the features of Windows 7 you need Server 2008 R2 and Windows 7 ultimate/enterprise.

Jander1023

earweed wrote: »

To get full use of the features of Windows 7 you need Server 2008 R2 and Windows 7 ultimate/enterprise.

Agreed. Plus, both the 680 and 685 cover much of the ultimate/enterprise edition material.

themagicone

Well I'm completely lost and fed up with the 70-680. There is no rhyme or reason on how they phase the questions. Every single section exam in labsim I have failed. I have never had issues with taking test, I have passed every time I have ever taken. They set the questions up in a way there is no right or wrong answer, and the one you would think is right - well is wrong. I just had a 10 min argument with myself with a question on setting permissions on a folder. It asked the best way to set up specific rights to a user who is also part of a group. Well I figured you would specifically set the rights for that user, no the right answer was to change right the the groups the user was assigned to. Excuse me but if you want to change the rights for a specific user, which is was asking, you wouldn't change the rights to the whole group. What about other users in said group?

If it wasn't for being a required cert for WGU I'd have it in the trash by now. I started labsim for N+ and finished 50% of it in 3 days, I've been at 70-680 for 3 weeks now and I'm at like 30% and I don't understand most of it.


Uggg I'm just utterly stressed right now.

earweed

The main thing you need to understand is that Labsim was fine as a primary resource for CompTIA but for the big boy exams (Microsoft, Cisco) you better use the books and lab first before going to the labsim. The labsim is a good supplement but should not be your only resource for the 680. The 70-680 is a tough exam, way harder than the CompTIA exams and should not be taken lightly.

Claymoore

It's ok, just relax and read through the question again. I bet it uses the infamous phrase 'least administrative effort' which can change your answer to the correct one. You never give permissions to users, only groups. I will create a group for a single user and assign permissions to that group. Assigning permissions to users, and then dealing with permission inheritance while resolving share and NTFS differences becomes a total nightmare. Not to mention Johnny will someday get an assistant who needs all the same permissions he does -good luck dealing with that if you weren't using groups.

Maybe this link on AGDLP will help:
AGDLP - Wikipedia, the free encyclopedia

I rarely use practice exams as part of my exam prep, for a variety of reasons. You, however, should go through a few more. I assume this is your first MS exam, and the practice exams will help you get used to the format. Use them to practice the taking the test - and not to learn the material. You can quickly memorize the answers and they become less effective as assement tools. When that happens, look at the other answers and try to understand why they are incorrect. Then, look at what would have to change in the question to make one of the other answers correct.

Back to your first question, xmalachi is correct that apps must be signed to use publisher rules. In fact, it says so right under the Publisher option in the rules wizard.
The Lazy Admin : Windows 7 App Locker

You are correct when you say moving the executable to another location would avoid the rule. You really want a hash rule, but that wasn't an option so your best choice was the path rule.

The question gave you a couple of key pieces of information on which you should base your answer - you want to log but not block access, and the app is not signed. With practice you will be able to read the questions and only focus on the relevant information. Don't overthink them.