SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
2. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Then configure GlobalNames zones on each domain controller.
An Active Directory subnet object needs to be created.
Deploy it by using Group Policy Software Installation method
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
3. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Subnet object needs to be created
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Windows BitLocker Drive Encryption (Bit Locker)
Zone transfer settings
4. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Implement Windows System Resource Manager (WSRM) and configure user policies
Test-AppLockerPolicy
Winrm quickconfig
5. To restore previous version of script without taking up too much of time...
Run adprep /forestprep and adprep /domainprep
Ldp
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Attach VHD file created by Windows server backup
6. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
WSUS server in the branch office in replica mode.
Then use Windows Deployment Services (WDS) on DHCP1.
Then use Windows Deployment Services (WDS)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
7. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Upgrading DFS to Windows Server 2008 R2
Zone transfer settings
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Windows Server 2003
8. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Deploy Microsoft System Center Operations Manager (SCOM)
Perform an authoritative restore
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
9. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Purchase one additional Enterprise License
10. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Use Netsh tool from administrator's computer.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
11. You need to recommend a BitLocker recovery method you should recommend this.
Create and deploy a logon script that runs Auditpol.
Data Recovery Agent
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Authorization Manager role assignment
12. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Ntfrsutil
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
13. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
net stop ntds
Windows Server 2003
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
14. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Microsoft Desktop Optimization Pack (MDOP)
Raise the DFL to Windows Server 2008 R2.
Administrative Role Separation
Dsmgmt
15. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Add George to the Domain Admins group.
Role Separation
Configure Firewall Group Policies and link them at the Domain level
16. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Authorization Manager
Modify the schema of LDSInst1
17. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Windows XP Mode
MEDV to deploy virtual desktops
Site
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
18. File that contains the last logon time and custom attributes values for each user in your forest.
Event Viewer
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Get-ADUser cmdlet
Modify the local policy to point to the Internal WSUS server
19. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Role Separation
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Deploy Microsoft System Center Operations Manager (SCOM)
Refresh the zone on DNS2
20. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
21. 2 ways to relocate user and computer accounts to different OUs
Microsoft Desktop Optimization Pack (MDOP) to your company
Event Subscriptions
CAPublishGP group should have the Manage CA permission.
DSMOD - ADUC
22. If you need secure method to verify validity of individual certificates and minimize network bandwidth
The Group Policy Management console
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Create an e-mail account in AD DS for your RMS users
23. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
IIS Manager user account
Modify the GPO to include folder redirection
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
24. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Group Policy Preferences
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Network Load Balancing (NLB)
Windows XP Mode
25. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
26. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Microsoft Desktop Optimization Pack (MDOP)
Then configure GlobalNames zones on each domain controller.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
27. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
DSMOD - ADUC
Utilize IFM (Install From Media)
28. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Ldp
Distributed File System (DFS) Replication
Deploy Microsoft System Center Operations Manager (SCOM)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
29. If you need to encrypt all data on all disks
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Then use Windows BitLocker Drive Encryption
30. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Add the new UPN suffix to the forest.
Dynamically expanding VHD's
Microsoft SharePoint Foundation 2010
Implement Windows System Resource Manager (WSRM) and configure user policies
31. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Microsoft Application Virtualization (AppV)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Recommend Group Policy preferences
32. To allow a user to administer Active Directory
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
PDC emulator with w32tm.exe
Add the user to the Domain Admins global group
33. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Multipath I/O feature
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
34. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Deploy the Root CA certificate to the external computers.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Share and Storage Management
35. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
New ACCOUNT STORE should be added and configured
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Implement Network Access Protection (NAP) that uses 802.1x enforcement
36. What utility is used to see what accounts cached on RODC?
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Active Directory Users and Computers
Incoming external trust
37. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Utilize IFM (Install From Media)
WSUS server in the branch office in replica mode.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
38. To allow a specifc user or group to manage the address information for the user accounts...
Enable - ADoptionalFeature cmdlet
Create an Active Directory-Integrated zone.
Active Directory Domains and Trusts
Recommend Active Directory delegation
39. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
dnscmd
Add the new UPN Suffix to the forest
Raise the DFL to Windows Server 2008 R2.
40. In order to ensure highly available Windows Update servers you should create this.
Changed manually
Share and Storage Management
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Dfsrdiag
41. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Repadmin
Windows Deployment Services (WDS)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
42. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Configure Firewall Group Policies and link them at the Domain level
DISABLE slow link detection in the GPO
Incoming external trust
Ntfrsutil
43. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Zone transfer settings
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
44. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Autonomous mode...This allows the local administrator to approve their own updates.
Increase the tombstone lifetime for the forest.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure authorization rules for Web developers on each web server
45. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
46. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Incoming external trust
Ntfrsutil
47. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Then configure auto enrollment of certificates and Credential Roaming.
Microsoft System Center Data Protection Manager 2010
AD RMS
Create ADMX and ADML files. Configure the GPO and link it to the domain.
48. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Add the new UPN Suffix to the forest
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
49. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Dfsrdiag
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Prestage the computer account in AD
Microsoft System Center Data Protection Manager 2010
50. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Create a Central Store
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
