Home > Sample chapters

Exam Ref 70-696 Managing Enterprise Devices and Apps (MCSE): Plan and Implement Software Updates

Answers

Objective 3.1

Thought experiment

  1. Use the Catalogs workspace of the System Center Updates Publisher console to subscribe to the update catalog the third-party vendor published.
  2. The WSUS server and WSUS clients must trust the CA that issued the signing certificate installed on the SCUP server.

Objective review

  1. Correct answer: B

    1. Incorrect: The Installable rule type determines whether a target computer requires a software update.
    2. Correct: The Installed rule type determines whether an update is already present on a computer.
    3. Incorrect: Automatic approval rules are used with Intune to deploy updates automatically, based on classification and product.
    4. Incorrect: Automatic deployment rules are used with Configuration Manager to deploy updates automatically, based on classification and product.
  2. Correct answer: C

    1. Incorrect: You use the Updates workspace to manage updates and update bundles, but you use the Publications workspace to remove a software update from publication.
    2. Incorrect: You use the Catalogs workspace to subscribe to updates catalogs that third-party vendors publish.
    3. Correct: You use the Publications workspace to remove a software update from publication.
    4. Incorrect: You use the Rules workspace to edit rules that determine whether an update should be installed.
  3. Correct answer: A

    1. Correct: You specify whether an update requires a restart in the Restart Behavior section.
    2. Incorrect: You use the Impact section to specify how an update should be handled—for example, whether it must be installed independently of other updates.
    3. Incorrect: You use Severity to specify the security implications of an update.
    4. Incorrect: You use the CVE ID field to specify the common vulnerabilities and exposures identifier.

Objective 3.2

Thought experiment

  1. You must ensure that the WSUS console is deployed on the site server, given that WSUS is hosted on a separate server. This allows communication between the software update point and the WSUS server.
  2. You must ensure that the management point and distribution point roles are also deployed.

Objective review

  1. Correct answer: B

    1. Incorrect: Port 8530 is used for HTTP communication in the default configuration of WSUS on Windows Server 2012 R2. You need to use port 8531 when configuring communication by using HTTPS.
    2. Correct: You need to use port 8531 when configuring communication by using HTTPS.
    3. Incorrect: Port 80 is usually reserved for HTTP traffic. With WSUS on Windows Server 2012 R2, the default HTTP port is 8530.
    4. Incorrect: Although port 443 is usually reserved for HTTPS traffic and was used for secure communication with earlier versions of WSUS, more recent versions of WSUS use port 8531 for HTTPS communication.
  2. Correct answer: A

    1. Correct: Located on the site server, the Wsyncmgr.log log file provides information about the software-updates synchronization process.
    2. Incorrect: The WSUSCtrl.log log file provides information about the configuration, database connectivity, and health of the site’s WSUS server.
    3. Incorrect: The SoftwareDistribution.log log file provides information about the software updates that synchronize from the configured update source to the WSUS server database.
    4. Incorrect: Located on the client computer, the ScanAgent.log log file provides information about the scan requests for software updates, which tool is requested for the scan, and the WSUS location.
  3. Correct answer: D

    1. Incorrect: The Unknown compliance state indicates that the site server has not received information from the client computer. Although the update might be required, this is not the best answer.
    2. Incorrect: The Installed compliance state indicates that the update has been installed.
    3. Incorrect: The Not Required compliance state indicates that the update does not need to be deployed.
    4. Correct: The Required compliance state indicates that the update should be deployed to the client computer.

Objective 3.3

Thought experiment

  1. Create an automatic approval rule that approves all critical and security updates for computers running Windows 8.1.
  2. Import third-party updates into Intune and then approve them for distribution.

Objective review

  1. Correct answer: D

    1. Incorrect: Automatic approval rules automatically approve updates based on product and classification. If the Windows 8 and Windows 8.1 updates are not present in the Intune console, you need to change the update categories and classifications settings.
    2. Incorrect: You can upload third-party updates to Intune, but you should configure update categories and classifications to ensure that specific Microsoft operating systems and products are covered.
    3. Incorrect: Update policies specify when and how updates will be deployed. You do not use them to configure which updates will be deployed.
    4. Correct: You need to configure update categories and classifications to ensure that updates for Windows 8.1 will be available to your Intune deployment.
  2. Correct answer: B

    1. Incorrect: You configure update categories and classifications to ensure that updates for specific products and for specific classifications will be available to your Intune deployment.
    2. Correct: Update policies specify when and how updates will be deployed, including whether a signed-on user can override a restart required to complete update installation.
    3. Incorrect: You can upload third-party updates to Intune, but this doesn’t involve controlling restart behavior.
    4. Incorrect: Automatic approval rules automatically approve updates based on product and classification. They do not control restart behavior.
  3. Correct answers: A and D

    1. Correct: You need to configure a group for the Melbourne computers and then configure an automatic approval rule.
    2. Incorrect: Update policies do not determine which updates are installed, just when and how the updates are installed.
    3. Incorrect: You only need to configure update categories and classifications if Intune isn’t obtaining updates of the required category and classification.
    4. Correct: You need to configure a group for the Melbourne computers and then configure an automatic approval rule.