SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Basic Authentication and SSL
Install Hyper-V role and convert physical machines into virtual machines
Win2000
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
2. If you want to implement BitLocker and store recovery informaiton in a central location
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
From Server A - run Create Basic Task Wizard
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
3. UPN Suffix xxxx.com needs to be available for user accounts...
Winrm quickconfig
Refresh the zone on DNS2
Registry on users computer needs to be modified
Add the new UPN Suffix to the forest
4. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Winrm quickconfig
5. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
802.1.x NAP
DFL needs to be Windows Server 2008
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
6. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
A Distributed File System (DFS) namespace
7. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
MEDV to deploy virtual desktops
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Data Recovery Agent
Jill came down with 2.50.
9. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Microsoft SharePoint Foundation 2010
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Domain based Distributed File System (DFS) will reduce network traffic
10. To be able to manage all the corporate servers from a workstation - you must install the
Assign the application to all client computers by using a GPO.
AD RMS
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Domain based DFS namespace and configure a DFS replication group
11. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Add the Windows Server Backup feature and Windows System Image recovery.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Implement Distributed File System Replication (DFSR) on both servers
12. To defragment and AD database...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
net stop ntds
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
13. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Event Log Subscriptions
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Administrators is the minimum group membership required to complete this procedure.
14. To deploy templates across the organization
Then use Windows Deployment Services (WDS)
Implement a GPO for each domain
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
15. If you want to allow single-label name resolution
Enable Windows Remote Management (WinRM) on the servers.
Then configure GlobalNames zones on each domain controller.
IIS Chared Configuration
Active Directory Right Management Services (AD RMS)
16. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
View properties of %systemroot%ntdsntds.dit
Recommend GPT and basic disks
17. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Run the Delegation of Control Wizard on the Staff OU
Windows System Resource Manager (WSRM)
Then use Windows Deployment Services (WDS) on DHCP1.
18. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
A relying party trust should be created.
Zone transfer settings
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Dsmgmt
19. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Dfsrdiag
Create a Network Load Balancing cluster.
FFL Windows Server 2008 R2
Implement the Windows Search Service.
20. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Dfsrdiag
Create a Central Store
DSMOD
Authorization Manager role assignment
21. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Authorization Manager
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
22. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Registry on users computer needs to be modified
23. If subnets are connected by CISCO router that is RFC-1542 compliant
Authorization Manager role assignment
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Execute the Set-ADServiceAccount cmdlet
Use CISCO IP Helper command to configure.
24. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Raise the DFL to Windows Server 2008 R2.
Execute the Set-ADServiceAccount cmdlet
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
25. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
NOT be able to store that data on an iSCSI SAN
Assign the application to all client computers by using a GPO.
Raise the DFL to Windows Server 2008 R2.
26. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Configure Audit Special Logon and define Special Groups
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Then configure auto enrollment of certificates and Credential Roaming.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
27. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Windows Server 2003
New ACCOUNT STORE should be added and configured
28. To add a server with AD FS 2.0 role to an existing AD FS farm...
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement Windows BitLocker Drive Encryption (BitLocker)
fsconfig on FSSrv2
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
29. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
View properties of %systemroot%ntdsntds.dit
Network Load Balancing (NLB) cluster
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Software Restriction Polices
30. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Refresh the zone on DNS2
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a MEDV workspace
Create an e-mail account in AD DS for your RMS users.
31. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Purchase one additional Enterprise License
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
32. New password settings object (PSO) created and needs to be applied to user
Repadmin
Properties of PSO need modified
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Dsmgmt
33. To join a server/PC outside of the domain to the network...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure caching on the shared folder (offline files)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Dfsrdiag
34. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Dfsrdiag
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
35. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
MEDV to deploy virtual desktops
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure Firewall Group Policies and link them at the Domain level
Incoming external trust
36. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
dsa.msc - dsamain.exe - ntdsutil.exe
FILES option within Ntdsutil
37. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
FFL Windows Server 2008 R2
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement GPO for all client computers
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
38. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Install Hyper-V role and convert physical machines into virtual machines
Increase the tombstone lifetime for the forest.
39. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
MEDV to deploy virtual desktops
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Dfsrdiag
40. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Create a Network Load Balancing cluster.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Assign the application to all client computers by using a GPO.
41. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
42. In order to ensure highly available Windows Update servers you should create this.
Implement the Windows Search Service.
Then use Windows BitLocker Drive Encryption
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
43. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Install From Media IFM
Increase the tombstone lifetime for the forest.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Administrative Role Separation
44. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Printer driver isolation
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Improve the performance of File Servers
Role Separation
45. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
AD RMS
IIS Manager user account
Modify the GPO to include folder redirection
46. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Add the new UPN suffix to the forest.
Event Viewer
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
47. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
The Group Policy Management Console
Enable Windows Remote Management (WinRM) on each server.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
48. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Configure folder redirection
View properties of %systemroot%ntdsntds.dit
Active Directory Domains and Trusts
49. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Disable Site Link Bridging from IP Properties
Administrators is the minimum group membership required to complete this procedure.
Implement a GPO for each domain
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
50. You need to deploy a sales application that only the sales users must have access to
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure event log subscriptions
Deploy a GPO for the Sales OU
Raise the DFL to Windows Server 2008 R2.
