SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Repadmin
Incoming external trust
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
2. To make deploying the custom Word dictionary easy
Windows BitLocker Drive Encryption (Bit Locker)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Recommend Group Policy preferences
Dfsrdiag
3. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Install Windows Server Backup and modify the Windows firewall settings
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Windows Deployment Services (WDS)
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
4. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
CAPublishGP group should have the Manage CA permission.
5. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure block inheritance on the IT OU
Install Hyper-V role and convert physical machines into virtual machines
6. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Test-AppLockerPolicy
Ldp
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
7. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Active Directory Users and Computers utility
Windows BitLocker Drive Encryption (Bit Locker)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy a failover cluster that contains one node in each office.
8. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Microsoft System Center Data Protection Manager
Configure caching on the shared folder and configure offline files to use encryption
Install the RSAT tool on their workstation to provide for more efficient network management
9. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Test-AppLockerPolicy
Windows BitLocker Drive Encryption (Bit Locker)
Backup operator's domain local group
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
10. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Deploy a failover cluster that uses Node and File Share Disk Majority
11. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Registry on users computer needs to be modified
DSMOD
12. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Install and share a printer on a server and then enable printer pooling.
13. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
A relying party trust should be created.
Event Log Subscriptions
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Implement Shadow Copies
14. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Implement Windows System Resource Manager (WSRM)
Add the new UPN suffix to the forest.
Windows Deployment Services (WDS)
15. Ensure password length for a group set to 12 characters long while others keep password policy
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Ntfrsutil
Add-ADFineGrainedPasswordPolicySubject cmdlet
16. To minimize the amount of storage required you should recommend
Share and Storage Management
Enable Windows Remote Management (WinRM) on each server.
Configure event log subscriptions
Install Hyper-V role and convert physical machines into virtual machines
17. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Enable Credential Roaming
Printer driver isolation
18. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Deploy a failover cluster that uses Node and File Share Disk Majority
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Raise the DFL to Windows Server 2008 R2.
19. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Use a GPO to configure device installation restrictions
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Administrative Role Separation
20. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Configure folder redirection
Deploy a GPO to the WebSrvOU
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
21. You need to recommend a BitLocker recovery method you should recommend this.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add the new UPN suffix to the forest.
Data Recovery Agent
Configure offline files and enable manual caching
22. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure Firewall Group Policies and link them at the Domain level
Site
Incoming external trust
Microsoft SharePoint Foundation 2010
23. If you need to ensure that data is protected by BitLocker then you will...
DSMOD - ADUC
DISABLE slow link detection in the GPO
Event Log Subscriptions
NOT be able to store that data on an iSCSI SAN
24. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Configure block inheritance on the IT OU
Implement a GPO for each domain
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
25. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Use CISCO IP Helper command to configure.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Enable Windows Remote Management (WinRM) on the servers.
26. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
NOT be able to store that data on an iSCSI SAN
Modify zone transfer settings for company.com zone on DCA
27. To restore deleted user account from AD Recycle Bin...
NOT be able to store that data on an iSCSI SAN
Active Directory Right Management Services (AD RMS)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Restore-ADObject cmdlet
28. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Administrative Role Separation
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Network Load Balancing (NLB) cluster
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
29. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Utilize IFM (Install From Media)
Create a Central Store
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Use a GPO to configure device installation restrictions
30. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
From Server A - run Create Basic Task Wizard
Add the Windows Server Backup feature and Windows System Image recovery.
Configure event log subscriptions
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
31. What shold be done to configure AD RMS so users can protect their data?
Deploy the Root CA certificate to the external computers.
Create an e-mail account in AD DS for your RMS users
Configure Firewall Group Policies and link them at the Domain level
Implement the Windows Search Service.
32. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Properties of PSO need modified
33. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Configure the zone as an Activde Directory-Integrated zone.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
34. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Role Separation
Add George to the Domain Admins group.
Microsoft System Center Data Protection Manager
Additional DFS Targets
35. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Assign the application to all client computers by using a GPO.
From Server A - run Create Basic Task Wizard
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
36. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
DFL needs to be Windows Server 2008
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
37. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Enable Windows Remote Management (WinRM) on the servers.
dsa.msc - dsamain.exe - ntdsutil.exe
38. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
39. Need to ensure users receive updated template within five days...
Registry on users computer needs to be modified
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
40. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Then use Windows BitLocker Drive Encryption
Modify the GPO to include folder redirection
Assign the application to all client computers by using a GPO.
41. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Administrators is the minimum group membership required to complete this procedure.
Then configure auto enrollment of certificates and Credential Roaming.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Service user account for AD LDS
42. To create AD Domain Services snapshot
Recommend Active Directory delegation
Ntdsutil
Deploy a failover cluster that uses Node and File Share Disk Majority
Windows XP Mode
43. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Recommend Group Policy preferences
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Implement File Server Resource Manager (FSRM) quotas on the desired servers
View properties of %systemroot%ntdsntds.dit
44. To restore previous version of script without taking up too much of time...
Group Policy Preferences
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Attach VHD file created by Windows server backup
Ntfrsutil
45. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
dnscmd
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create an e-mail account in AD DS for your RMS users
46. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Recommend GPT and basic disks
Get-ADUser cmdlet
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
47. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Ntfrsutil
Win2000
Offline domain join
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
48. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Attach VHD file created by Windows server backup
Import-Module
49. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Basic Authentication and SSL
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
50. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Enable Windows Remote Management (WinRM) on the servers.
Subnet object needs to be created
Windows Deployment Services (WDS)
