SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To identify users who bypass the new corporate security policy -
Run adprep /forestprep and adprep /domainprep
Authorization Manager role assignment
Configure Audit Special Logon and define Special Groups
Install Windows Server Backup and modify the Windows firewall settings
2. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Domain based Distributed File System (DFS) will reduce network traffic
DSMOD
Active Directory Domains and Trusts
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
3. An AD LDS instance needs to be replicated from one server to another...
Configure separate application pools for each application
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Service user account for AD LDS
4. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Create a MEDV workspace
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Modify the local policy to point to the Internal WSUS server
Test-AppLockerPolicy
5. To build a highly secure server cluster with a reduced attack surface area
Zone transfer settings
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Data Recovery Agent
6. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Winrm quickconfig
Ntdsutil
Back up to an external USB drive by using Windows Server Backup
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
7. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Share and Storage Management
Active Directory Domains and Trusts
Run the Delegation of Control Wizard on the Staff OU
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
8. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
The Group Policy Management console
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
9. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Enable Windows Remote Management (WinRM) on the servers.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
10. To make deploying the custom Word dictionary easy
Use the Local Roles options with dsmgmt.
Recommend Group Policy preferences
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
11. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
NOT be able to store that data on an iSCSI SAN
Deploy Microsoft System Center Operations Manager (SCOM)
Group Policy Preferences
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
12. To minimize the amount of storage required you should recommend
Share and Storage Management
Win2000
A relying party trust should be created.
Configure Audit Special Logon and define Special Groups
13. What GPO setting should be configured to prevent all users from running an application?
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Disable Site Link Bridging from IP Properties
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Software Restriction Polices
14. When service account passwords need to be changed for SQL they should be...
Folder redirection. Folder redirection is also useful when using roamin profiles.
Zone transfer settings
Changed manually
Configure Firewall Group Policies and link them at the Domain level
15. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
A Distributed File System (DFS) namespace
Windows System Resource Manager (WSRM)
Assign the application to all client computers by using a GPO.
Incoming external trust
16. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement one LUN for the quorum and another LUN for the data
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
17. To compact AD database...
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
FILES option within Ntdsutil
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
18. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Subnet object needs to be created
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Modify the GPO to include folder redirection
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
19. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Configure separate application pools for each application
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Include a server that runs Microsoft Office SharePoint Server 2010
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
20. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Multipath I/O feature
Add the new UPN suffix to the forest.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
21. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Purchase one additional Enterprise License
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Recommend GPT and basic disks
22. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Implement Windows System Resource Manager (WSRM)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Windows XP Mode
23. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
ntdsutil
Purchase one additional Enterprise License
Create ADMX and ADML files. Configure the GPO and link it to the domain.
PDC emulator with w32tm.exe
24. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement Shadow Copies
Create a Network Load Balancing cluster.
25. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Upgrading DFS to Windows Server 2008 R2
26. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
27. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Modify the schema of LDSInst1
Autonomous mode...This allows the local administrator to approve their own updates.
28. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Configure Firewall Group Policies and link them at the Domain level
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
MEDV to deploy virtual desktops
30. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Multipath I/O feature
Implement a Remote Desktop Connection Broker (RD Connection Broker)
NOT be able to store that data on an iSCSI SAN
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
31. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Distributed File System (DFS) Replication
Microsoft Desktop Optimization Pack (MDOP)
Multipath I/O feature
FFL Windows Server 2008 R2
32. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Offline domain join
Windows Server 2003
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
33. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Incoming external trust
Windows BitLocker Drive Encryption (Bit Locker)
Create an Active Directory-Integrated zone.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
34. Striped volumes
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
AD RMS
Improve the performance of File Servers
Add the new UPN suffix to the forest.
35. For the users that work remotely that need access to files from the corporate office you should...
Configure separate application pools for each application
Role Separation
Recommend Offline Files
Microsoft Application Virtualization (AppV)
36. If you need to encrypt all data on all disks
Use the Local Roles options with dsmgmt.
Configure block inheritance on the IT OU
Enable - ADoptionalFeature cmdlet
Then use Windows BitLocker Drive Encryption
37. You need a solution that meets policy while minimizing hardware and software costs
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
802.1.x NAP
Create a new Password Settings Object (PSO) for the IT users.
38. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Ldp
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
39. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Incoming external trust
Deploy a failover cluster that contains one node in each office.
Deploy a GPO to the WebSrvOU
Autonomous mode...This allows the local administrator to approve their own updates.
40. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add George to the Domain Admins group.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
41. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Increase the tombstone lifetime for the forest.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
42. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Raise the DFL to Windows Server 2008 R2.
Use a GPO to configure device installation restrictions
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Create an e-mail account in AD DS for your RMS users.
43. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
PowerShell 2.0
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
44. To backup to tape/robotic tape and to backup VMs you must use...
Incoming external trust
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Configure offline files and enable manual caching
Microsoft System Center Data Protection Manager 2010
45. To defragment and AD database...
net stop ntds
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
CAPublishGP group should have the Manage CA permission.
Configure event log subscriptions
46. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Run auditpol and then configure the Security settings of the Domain Controllers OU.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy a failover cluster that uses Node and File Share Disk Majority
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
47. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Modify properties of RODC server computer account.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
49. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. New password settings object (PSO) created and needs to be applied to user
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Properties of PSO need modified
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
