SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Subnet object needs to be created
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run the Delegation of Control Wizard on the Staff OU
2. You need to ensure that the guest account on all servers is disabled to
Folder redirection. Folder redirection is also useful when using roamin profiles.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Discover the run Microsoft Baseline Security Analyzer (MBSA)
3. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Network Load Balancing (NLB) cluster
Configure authorization rules for Web developers on each web server
Site
Recommend Active Directory delegation
4. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Configure offline files and enable manual caching
Microsoft System Center Data Protection Manager 2010
Implement a domain-based DFS namespace that uses replication
5. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Then use Windows Deployment Services (WDS) on DHCP1.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Ntfrsutil
Create a MEDV workspace
6. To backup Virtual Machines
Microsoft Desktop Optimization Pack (MDOP) to your company
Storage manager for SANs
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Win2000 Native
7. To restore previous version of script without taking up too much of time...
Create an Active Directory-Integrated zone.
Attach VHD file created by Windows server backup
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
8. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Assign the application to all client computers by using a GPO.
9. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Windows Deployment Services (WDS)
Jill came down with 2.50.
Offline domain join
10. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Modify the local policy to point to the Internal WSUS server
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
11. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
DSMOD
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Add the new UPN suffix to the forest.
Add-ADFineGrainedPasswordPolicySubject cmdlet
12. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Implement Windows System Resource Manager (WSRM)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Modify properties of RODC server computer account.
13. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Set-ADServiceAccount cmdlet
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Additional DFS Targets
14. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure caching on the shared folder and configure offline files to use encryption
Modify the schema of LDSInst1
15. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Windows XP Mode
16. FFL is...
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Win2000
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
17. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
18. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Import-Module
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Add George to the Domain Admins group.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
19. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Refresh the zone on DNS2
Modify the local policy to point to the Internal WSUS server
IIS Manager user account
20. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Create a MEDV workspace
Printer driver isolation
21. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Configure Firewall Group Policies and link them at the Domain level
DISABLE slow link detection in the GPO
Back up to an external USB drive by using Windows Server Backup
Storage manager for SANs
22. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
A relying party trust should be created.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Restore-ADObject cmdlet
23. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
The Group Policy Management Console
Offline domain join
The Group Policy Management console
24. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Incoming external trust
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Install Windows Server Backup and modify the Windows firewall settings
WSUS server in the branch office in replica mode.
25. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure an audit policy by editing the default domain policy and configure Event Forwarding
26. To identify users who bypass the new corporate security policy -
Then use Windows Deployment Services (WDS) on DHCP1.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure Audit Special Logon and define Special Groups
Implement a Remote Desktop Connection Broker (RD Connection Broker)
27. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
AD RMS
Configure the zone as an Activde Directory-Integrated zone.
Configure separate application pools for each application
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
28. In order to ensure highly available Windows Update servers you should create this.
Purchase one additional Enterprise License
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Then configure auto enrollment of certificates and Credential Roaming.
29. To add a server with AD FS 2.0 role to an existing AD FS farm...
Ntdsutil
New ACCOUNT STORE should be added and configured
fsconfig on FSSrv2
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
30. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
DSMOD - ADUC
FFL Windows Server 2008 R2
Recommend Group Policy preferences
31. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Passive file screens
802.1.x NAP
DFL needs to be Windows Server 2008
Enable Credential Roaming
32. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Disable Site Link Bridging from IP Properties
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Ensure your account - or the group is a member of the local Administrators group for that specific server.
33. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
Refresh the zone on DNS2
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure Firewall Group Policies and link them at the Domain level
34. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Create a new Password Settings Object (PSO) for the IT users.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
35. To configure Administrator Role Separation for an RODC
Assign the application to all client computers by using a GPO.
Refresh the zone on DNS2
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Disable Site Link Bridging from IP Properties
36. Need to access some resources in another domain that is part of another forest...What trust is created?
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Install Windows Server Backup and modify the Windows firewall settings
Incoming external trust
37. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Domain based Distributed File System (DFS) namespace and DFS Replication.
Dsmgmt
Configure Audit Special Logon and define Special Groups
Import-Module
38. to make shares at a remote location available to users you should implement this.
Configure event log subscriptions
DSMOD - ADUC
Domain based Distributed File System (DFS) namespace and DFS Replication.
Then configure auto enrollment of certificates and Credential Roaming.
39. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Implement one LUN for the quorum and another LUN for the data
Ldp
Configure caching on the shared folder (offline files)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
40. When recommending a monitoring solution for an application so that it's events can be stored in a central
Dynamically expanding VHD's
Subnet object needs to be created
Event Subscriptions
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
41. To recover objects deleted from Active Directory you should recommend
Then install new Server 2008 R2 Enterprise subordinate CA.
Data Recovery Agent
Windows Deployment Services (WDS)
Active Directory snapshots and Tombstone reanimation
42. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Implement GPO for all client computers
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
43. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Windows XP Mode
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Your machine and remote desktops
Win2000
44. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Win2000 Native
Create ADMX and ADML files. Configure the GPO and link it to the domain.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
45. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
The Group Policy Management Console
Group Policy Preferences
Event Log Subscriptions
Network Load Balancing (NLB)
46. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Create a MEDV workspace
WSUS server in the branch office in replica mode.
Recommend Group Policy preferences
47. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Refresh the zone on DNS2
Add the user to the Domain Admins global group
DFL needs to be Windows Server 2008
48. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Increase the tombstone lifetime for the forest.
Dfsrdiag
Run the Delegation of Control Wizard on the Staff OU
49. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Modify the local policy to point to the Internal WSUS server
Disable Site Link Bridging from IP Properties
Windows BitLocker Drive Encryption (Bit Locker)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
50. Enables you to receive emails when domain users locked out of accounts...
Modify properties of RODC server computer account.
Implement Network Access Protection (NAP)
Event Viewer
ntdsutil
