SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Deploy a failover cluster that uses Node and File Share Disk Majority
Purchase one additional Enterprise License
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
2. Striped volumes
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Improve the performance of File Servers
3. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Ntdsutil
Attach VHD file created by Windows server backup
Offline domain join
4. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Event Log Subscriptions
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
From Server A - run Create Basic Task Wizard
Add George to the Domain Admins group.
5. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Recommend Offline Files
FILES option within Ntdsutil
Group Policy Preferences
6. 4 steps to perform offline Defragmentation of AD database...
Configure RODC for Administrator Role Separation
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Use Netsh tool from administrator's computer.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
7. To allow connection to a 256 Kbps ISDN...
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
DISABLE slow link detection in the GPO
fsconfig on FSSrv2
Configure an audit policy by editing the default domain policy and configure Event Forwarding
8. You need to recommend a BitLocker recovery method you should recommend this.
Then use on install image file that contains a single install image.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Data Recovery Agent
802.1.x NAP
9. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Run net stop ntds
Network Load Balancing (NLB) cluster
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Microsoft Desktop Optimization Pack (MDOP)
10. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
DISABLE slow link detection in the GPO
Enable Windows Remote Management (WinRM) on each server.
Recommend Active Directory delegation
Administrators is the minimum group membership required to complete this procedure.
11. Ensure password length for a group set to 12 characters long while others keep password policy
Use a GPO to configure device installation restrictions
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Assign the application to computers in the PC OU
Add-ADFineGrainedPasswordPolicySubject cmdlet
12. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
File Server Resource Manager (FSRM) quotas and file screens
Group Policy Preferences
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
13. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
PowerShell 2.0
14. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
15. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure block inheritance on the IT OU
Implement a domain-based DFS namespace that uses replication
Windows XP Mode
16. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
NOT be able to store that data on an iSCSI SAN
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
dnscmd
17. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
IIS Chared Configuration
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
18. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Enable Windows Remote Management (WinRM) on the servers.
Configure caching on the shared folder (offline files)
Create an Active Directory-Integrated zone.
19. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Get-ADUser cmdlet
20. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Create a Central Store
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Folder redirection. Folder redirection is also useful when using roamin profiles.
21. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add the new UPN Suffix to the forest
22. What shold be done to configure AD RMS so users can protect their data?
Enable - ADoptionalFeature cmdlet
Create an e-mail account in AD DS for your RMS users
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
23. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
dsa.msc - dsamain.exe - ntdsutil.exe
Create a new Password Settings Object (PSO) for the IT users.
Implement one LUN for the quorum and another LUN for the data
24. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Group Policy Preferences
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
25. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
MEDV to deploy virtual desktops
26. To defragment and AD database...
Active Directory Domains and Trusts
net stop ntds
IIS Chared Configuration
NOT be able to store that data on an iSCSI SAN
27. What should be done first to defragment the AD database?
Implement a GPO for each domain
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Execute the Set-ADServiceAccount cmdlet
Run net stop ntds
28. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Authorization Manager
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement Network Access Protection (NAP) that uses 802.1x enforcement
29. If you need to encrypt all data on all disks
Modify the schema of LDSInst1
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Then use Windows BitLocker Drive Encryption
30. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
Then use Windows Deployment Services (WDS) on DHCP1.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
31. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
The Group Policy Management Console
Prestage the computer account in AD
IIS Chared Configuration
Recommend Group Policy preferences
32. Capture all replication errors from all your DCs to a central location...
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Configure event log subscriptions
Properties of PSO need modified
DISABLE slow link detection in the GPO
33. To be able to user an application from one AD FS with authentication server to another...
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Install the RSAT tool on their workstation to provide for more efficient network management
A relying party trust should be created.
34. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Disable Site Link Bridging from IP Properties
dsa.msc - dsamain.exe - ntdsutil.exe
Disable Site Link Bridging from the IP properties
35. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Active Directory Users and Computers utility
Win2000
An Active Directory subnet object needs to be created.
36. To update ADRMS password...
AD Rights Management Services
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Configure the zone as an Activde Directory-Integrated zone.
File Server Resource Manager (FSRM) quotas and file screens
37. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Administrative Role Separation
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement GPO for all client computers
38. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Enable - ADoptionalFeature cmdlet
Share and Storage Management
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
39. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
dnscmd tool
Restore-ADObject cmdlet
Storage manager for SANs
40. To create AD Domain Services snapshot
FFL Windows Server 2008 R2
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Ntdsutil
41. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Create a standard secondary of domain and create standard secondary of other domain.
42. Jack and Jill go up the hill - both with a buck and a quarter
File Server Resource Manager (FSRM) quotas and file screens
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Jill came down with 2.50.
43. You need to ensure that the guest account on all servers is disabled to
Win2000
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Active Directory Users and Computers
Discover the run Microsoft Baseline Security Analyzer (MBSA)
44. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Modify the schema of LDSInst1
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
45. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Incoming external trust
Creating a data collector set that kick off a scritp that either move or delete files.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
46. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Windows XP Mode
Network Load Balancing (NLB) cluster
Configure an audit policy by editing the default domain policy and configure Event Forwarding
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
47. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Implement Distributed File System Replication (DFSR) on both servers
Certificate Templates
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
48. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Software Restriction Polices
NOT be able to store that data on an iSCSI SAN
49. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Additional DFS Targets
Group Policy Preferences
50. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
Administrators is the minimum group membership required to complete this procedure.
Add the Windows Server Backup feature and Windows System Image recovery.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
