SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Storage manager for SANs
Create a Network Load Balancing cluster.
Add George to the Domain Admins group.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
2. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy a failover cluster that uses Node and File Share Disk Majority
Software Restriction Polices
3. To configure Administrator Role Separation for an RODC
Implement Shadow Copies
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
4. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Disable Site Link Bridging from the IP properties
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
5. If you need to encrypt all data on all disks
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Import-Module
Then use Windows BitLocker Drive Encryption
6. Jack and Jill go up the hill - both with a buck and a quarter
DISABLE slow link detection in the GPO
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Jill came down with 2.50.
7. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Implement a domain-based DFS namespace that uses replication
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
8. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Implement Network Access Protection (NAP)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Attach VHD file created by Windows server backup
Then install new Server 2008 R2 Enterprise subordinate CA.
9. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
From Server A - run Create Basic Task Wizard
Authorization Manager role assignment
Autonomous mode...This allows the local administrator to approve their own updates.
10. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Distributed File System (DFS) Replication
11. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Then configure auto enrollment of certificates and Credential Roaming.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
12. In order to manage websites without having to logon you can use
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
PowerShell 2.0
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Active Directory Right Management Services (AD RMS)
13. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Microsoft System Center Data Protection Manager 2010
Repadmin
14. To determine size of AD database file...
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
View properties of %systemroot%ntdsntds.dit
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
15. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Group Policy Preferences
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
AD RMS
16. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install Windows Server Backup and modify the Windows firewall settings
Backup operator's domain local group
Raise the DFL to Windows Server 2008 R2.
17. If users complain that it is hard to find the shared folders on the network implement
Implement a GPO for each domain
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Additional DFS Targets
18. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add-ADFineGrainedPasswordPolicySubject cmdlet
19. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
20. When deploying an application using the Group Policy distribution method assign the...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Dfsrdiag
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
21. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Enable Credential Roaming
Utilize IFM (Install From Media)
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
22. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Microsoft Desktop Optimization Pack (MDOP) to your company
An Active Directory subnet object needs to be created.
23. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Network Load Balancing (NLB) cluster
Implement one LUN for the quorum and another LUN for the data
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
24. To backup Virtual Machines
Configure separate application pools for each application
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
25. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
26. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Modify the local policy to point to the Internal WSUS server
Enable Credential Roaming
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Windows XP Mode
27. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Raise the DFL to Windows Server 2008 R2.
Deploy a failover cluster that uses Node and File Share Disk Majority
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Windows XP Mode
28. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Winrm quickconfig
Then use Windows Deployment Services (WDS)
29. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Microsoft Desktop Optimization Pack (MDOP) to your company
DSMOD
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Modify zone transfer settings for company.com zone on DCA
30. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Offline domain join
Perform an authoritative restore
Utilize IFM (Install From Media)
31. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Recommend Group Policy preferences
Improve the performance of File Servers
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
32. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Modify the local policy to point to the Internal WSUS server
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
33. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Create a MEDV workspace
Event Viewer
34. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Active Directory Domains and Trusts
Run the Delegation of Control Wizard on the Staff OU
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
35. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
AD Rights Management Services
net stop ntds
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
36. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Active Directory snapshots and Tombstone reanimation
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
37. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
PowerShell 2.0
38. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Use the Local Roles options with dsmgmt.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Refresh the zone on DNS2
Microsoft System Center Data Protection Manager 2010
39. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
FILES option within Ntdsutil
Increase the tombstone lifetime for the forest.
Dfsrdiag
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
40. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
41. What should be done to resolve names by using GlobalNames zone?
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Create an Active Directory-Integrated zone.
dnscmd tool
Then use on install image file that contains a single install image.
42. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Deploy a failover cluster that uses Node and File Share Disk Majority
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Properties of PSO need modified
Offline domain join
43. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Disable Site Link Bridging from IP Properties
Implement Shadow Copies
Increase the tombstone lifetime for the forest.
Import-Module
44. An AD LDS instance needs to be replicated from one server to another...
Implement Distributed File System Replication (DFSR) on both servers
Deploy the Root CA certificate to the external computers.
Configure RODC for Administrator Role Separation
Service user account for AD LDS
45. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
fsconfig on FSSrv2
Include a server that runs Microsoft Office SharePoint Server 2010
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
46. What utility is used to see what accounts cached on RODC?
Prestage the computer account in AD
Active Directory Users and Computers
An Active Directory subnet object needs to be created.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
47. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Recommend GPT and basic disks
DFL needs to be Windows Server 2008
Add-ADFineGrainedPasswordPolicySubject cmdlet
Role Separation
48. PowerShell script to create user accounts with passwords from a file called password.csv
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Recommend Group Policy preferences
Share and Storage Management
49. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Folder redirection. Folder redirection is also useful when using roamin profiles.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
50. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Configure event log subscriptions
Back up to an external USB drive by using Windows Server Backup
Active Directory Right Management Services (AD RMS)
Implement Windows BitLocker Drive Encryption (BitLocker)
