SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To be able to manage all the corporate servers from a workstation - you must install the
Site
Jill came down with 2.50.
net stop ntds
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
2. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run net stop ntds
Run the Delegation of Control Wizard on the Staff OU
Multipath I/O feature
Execute the Set-ADServiceAccount cmdlet
3. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Then use Windows Deployment Services (WDS) on DHCP1.
Create a MEDV workspace
Implement Network Access Protection (NAP)
Prestage the computer account in AD
4. To add a new UPN for all user accounts...
AD Domains and Trusts
Deploy Microsoft System Center Operations Manager (SCOM)
Use local roles options within "dsmgmt"
Software Restriction Polices
5. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Configure block inheritance on the IT OU
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
DFL needs to be Windows Server 2008
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
6. If users complain that it is hard to find the shared folders on the network implement
Certificate Templates
Additional DFS Targets
Recommend Active Directory delegation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
7. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Data Recovery Agent
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Install Windows Server Backup and modify the Windows firewall settings
Back up to an external USB drive by using Windows Server Backup
8. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Create a standard secondary of domain and create standard secondary of other domain.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Windows XP Mode
9. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Windows Deployment Services (WDS)
Add George to the Domain Admins group.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Install and share a printer on a server and then enable printer pooling.
10. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Deploy it by using Group Policy Software Installation method
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Test-AppLockerPolicy
11. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Active Directory Users and Computers utility
Data Recovery Agent
AD RMS
Offline domain join
12. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Group Policy Preferences
Authorization Manager
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
13. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Upgrading DFS to Windows Server 2008 R2
Share and Storage Management
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Modify zone transfer settings for company.com zone on DCA
14. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
Improve the performance of File Servers
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Raise the DFL to Windows Server 2008 R2.
15. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install Windows Server Backup and modify the Windows firewall settings
Domain based Distributed File System (DFS) will reduce network traffic
16. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy the Root CA certificate to the external computers.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Recommend GPT and basic disks
17. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Properties of PSO need modified
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
18. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Dfsrdiag
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
19. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Network Load Balancing (NLB) cluster
DSMOD
Modify zone transfer settings for company.com zone on DCA
20. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure RODC for Administrator Role Separation
Zone transfer settings
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
21. 2 ways to relocate user and computer accounts to different OUs
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
DSMOD - ADUC
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
22. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Then configure auto enrollment of certificates and Credential Roaming.
Create a standard secondary of domain and create standard secondary of other domain.
Use a GPO to configure device installation restrictions
23. To allow a specifc user or group to manage the address information for the user accounts...
Win2000 Native
Recommend Active Directory delegation
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement Shadow Copies
24. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
NOT be able to store that data on an iSCSI SAN
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
25. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Configure caching on the shared folder and configure offline files to use encryption
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
26. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Role Separation
Modify the schema of LDSInst1
27. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Configure folder redirection
Configure offline files and enable manual caching
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
28. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Printer driver isolation
Event Subscriptions
Passive file screens
Distributed File System (DFS) Replication
29. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
IIS Chared Configuration
Multipath I/O feature
Windows System Resource Manager (WSRM)
30. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Event Subscriptions
Assign the application to computers in the PC OU
Create an e-mail account in AD DS for your RMS users.
31. You need to allow a user to add a single computer to a domain - without any additional rights...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Prestage the computer account in AD
Microsoft System Center Data Protection Manager 2010
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
32. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
CAPublishGP group should have the Manage CA permission.
Jill came down with 2.50.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Microsoft SharePoint Foundation 2010
33. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
dnscmd
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
DFL needs to be Windows Server 2008
34. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Windows Server 2003
Role Separation
Modify the local policy to point to the Internal WSUS server
35. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Autonomous mode...This allows the local administrator to approve their own updates.
Implement Windows System Resource Manager (WSRM) and configure user policies
Enable Credential Roaming
36. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Win2000
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Microsoft Desktop Optimization Pack (MDOP)
37. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Create an Active Directory-Integrated zone.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
PDC emulator with w32tm.exe
38. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Administrators is the minimum group membership required to complete this procedure.
Share and Storage Management
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
39. What should be done so application does not fail after 30 days while still keeping password policy in mind?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure event log subscriptions
Create and deploy a logon script that runs Auditpol.
Set-ADServiceAccount cmdlet
40. To recover objects deleted from Active Directory you should recommend
Microsoft System Center Data Protection Manager
Active Directory snapshots and Tombstone reanimation
Enable - ADoptionalFeature cmdlet
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
41. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Win2000
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
NOT be able to store that data on an iSCSI SAN
42. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
DISABLE slow link detection in the GPO
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
The Group Policy Management Console
43. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
44. To enable the AD Recycle Bin
Enable Windows Remote Management (WinRM) on each server.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Enable - ADoptionalFeature cmdlet
FILES option within Ntdsutil
45. To ensure that a file on a file server do not leave the organization you must implement this.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
AD RMS
Ntfrsutil
Enable Windows Remote Management (WinRM) on the servers.
46. To allow a user to administer Active Directory
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Win2000 Native
Add the user to the Domain Admins global group
dnscmd
47. When deploying an application using the Group Policy distribution method assign the...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
48. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Subnet object needs to be created
Create a Central Store
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
From Server A - run Create Basic Task Wizard
49. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy Microsoft System Center Operations Manager (SCOM)
Implement Distributed File System Replication (DFSR) on both servers
Use CISCO IP Helper command to configure.
A Distributed File System (DFS) namespace
50. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Implement the Windows Search Service.
Storage manager for SANs
Add the user to the Domain Admins global group
