SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To deploy templates across the organization
net stop ntds
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
2. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement the Windows Search Service.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
3. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Run net stop ntds
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
4. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Modify properties of RODC server computer account.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Winrm quickconfig
Distributed File System (DFS) Replication
5. To backup Virtual Machines
Winrm quickconfig
Use local roles options within "dsmgmt"
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
6. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Network Load Balancing (NLB)
Upgrading DFS to Windows Server 2008 R2
Refresh the zone on DNS2
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
7. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Microsoft Application Virtualization (AppV)
Deploy the Root CA certificate to the external computers.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
8. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Execute the Set-ADServiceAccount cmdlet
Create an Active Directory-Integrated zone.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
9. to increase the reliability of the print server - configure...
Modify the GPO to include folder redirection
Printer driver isolation
Modify the local policy to point to the Internal WSUS server
Import-Module
10. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
MEDV to deploy virtual desktops
Configure authorization rules for Web developers on each web server
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Refresh the zone on DNS2
11. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Create an e-mail account in AD DS for your RMS users.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
From Server1 - run the Create Basic Task Wizard
WSUS server in the branch office in replica mode.
12. FFL is...
AD RMS
WDS
Win2000
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
13. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Properties of PSO need modified
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
14. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Deploy a GPO to the WebSrvOU
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
15. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
AD Domains and Trusts
Recommend Offline Files
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Create a Central Store
16. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Site
Run the Delegation of Control Wizard on the Staff OU
Dsmgmt
17. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Autonomous mode...This allows the local administrator to approve their own updates.
18. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Run the Delegation of Control Wizard on the Staff OU
Purchase one additional Enterprise License
19. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Domain based Distributed File System (DFS) will reduce network traffic
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Refresh the zone on DNS2
20. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
21. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Implement a GPO for each domain
Authorization Manager
Implement GPO for all client computers
Execute the Set-ADServiceAccount cmdlet
22. To ensure that recovery is possible if a file on a file server is deleted accidentally
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Refresh the zone on DNS2
Implement Shadow Copies
Modify zone transfer settings for company.com zone on DCA
23. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Properties of PSO need modified
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
A relying party trust should be created.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
24. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Zone transfer settings
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Enable Windows Remote Management (WinRM) on each server.
25. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
DSMOD - ADUC
Implement GPO for all client computers
Windows Deployment Services (WDS)
Then configure auto enrollment of certificates and Credential Roaming.
26. When one needs to audit files - folders - printers and the registry enable
Implement GPO for all client computers
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
27. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
View properties of %systemroot%ntdsntds.dit
A Distributed File System (DFS) namespace
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
28. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Authorization Manager
Deploy Microsoft System Center Operations Manager (SCOM)
Set-ADServiceAccount cmdlet
29. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Use CISCO IP Helper command to configure.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
30. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Then use Windows BitLocker Drive Encryption
Install Hyper-V role and convert physical machines into virtual machines
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Data Recovery Agent
31. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Add the Windows Server Backup feature and Windows System Image recovery.
Administrative Role Separation
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
32. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Recommend Offline Files
Zone transfer settings
Disable Site Link Bridging from the IP properties
Refresh the zone on DNS2
33. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Dynamically expanding VHD's
Active Directory Right Management Services (AD RMS)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Disable Site Link Bridging from the IP properties
34. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
From Server1 - run the Create Basic Task Wizard
Configure folder redirection
Incoming external trust
Ntfrsutil
35. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Configure Firewall Group Policies and link them at the Domain level
Use CISCO IP Helper command to configure.
The Group Policy Management Console
36. In order to manage websites without having to logon you can use
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
PowerShell 2.0
37. To update ADRMS password...
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
AD Rights Management Services
PowerShell 2.0
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
38. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Recommend Group Policy preferences
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Deploy the Root CA certificate to the external computers.
dnscmd tool
39. You need to allow a user to add a single computer to a domain - without any additional rights...
Add the new UPN suffix to the forest.
Prestage the computer account in AD
Offline domain join
Properties of PSO need modified
40. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Incoming external trust
Configure caching on the shared folder (offline files)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
41. When recommending a monitoring solution for an application so that it's events can be stored in a central
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Event Subscriptions
Increase the tombstone lifetime for the forest.
42. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Enable Credential Roaming
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
43. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Jill came down with 2.50.
Disable Site Link Bridging from IP Properties
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
44. To delegate authority to users to manage only certain areas in Hyper-V use the
Implement Network Access Protection (NAP)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Authorization Manager role assignment
NOT be able to store that data on an iSCSI SAN
45. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
New ACCOUNT STORE should be added and configured
AD Rights Management Services
Implement one LUN for the quorum and another LUN for the data
46. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Dfsrdiag
47. What GPO setting should be configured to prevent all users from running an application?
Recommend Group Policy preferences
Software Restriction Polices
Ldp
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
48. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Implement one LUN for the quorum and another LUN for the data
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Raise the DFL to Windows Server 2008 R2.
49. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Jill came down with 2.50.
Configure authorization rules for Web developers on each web server
Configure block inheritance on the IT OU
50. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Windows Deployment Services (WDS)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Test-AppLockerPolicy
Improve the performance of File Servers
