SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install Hyper-V role and convert physical machines into virtual machines
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
net stop ntds
2. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Create an Active Directory-Integrated zone.
Authorization Manager
MEDV to deploy virtual desktops
Implement Windows System Resource Manager (WSRM) and configure user policies
3. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Install From Media IFM
An Active Directory subnet object needs to be created.
4. When recommending a monitoring solution for an application so that it's events can be stored in a central
Test-AppLockerPolicy
Event Subscriptions
Enable - ADoptionalFeature cmdlet
Configure Audit Special Logon and define Special Groups
5. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Deploy Microsoft System Center Operations Manager (SCOM)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
6. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Distributed File System (DFS) Replication
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
8. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Create a new Password Settings Object (PSO) for the IT users.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
djoin /requesteodj from internal server - djoin /provision from outside server/PC
9. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
ntdsutil
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
10. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
DFL needs to be Windows Server 2008
Implement the Windows Search Service.
11. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Windows System Resource Manager (WSRM)
Active Directory Domains and Trusts
Authorization Manager
Create a Network Load Balancing cluster.
12. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
13. You need to recommend a BitLocker recovery method you should recommend this.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Data Recovery Agent
Assign the application to computers in the PC OU
14. What utility is used to see what accounts cached on RODC?
Autonomous mode...This allows the local administrator to approve their own updates.
Active Directory Users and Computers
Add the user to the Domain Admins global group
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
15. To recover objects deleted from Active Directory you should recommend
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Active Directory snapshots and Tombstone reanimation
16. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Configure separate application pools for each application
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Deploy a failover cluster that contains one node in each office.
Create an Active Directory-Integrated zone.
17. To create AD Domain Services snapshot
Domain based Distributed File System (DFS) will reduce network traffic
Ldp
Ntdsutil
Role Separation
18. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Implement Windows BitLocker Drive Encryption (BitLocker)
Service user account for AD LDS
Modify zone transfer settings for company.com zone on DCA
Modify the local policy to point to the Internal WSUS server
19. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Install and share a printer on a server and then enable printer pooling.
Increase the tombstone lifetime for the forest.
Then configure GlobalNames zones on each domain controller.
20. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Configure the zone as an Activde Directory-Integrated zone.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement a Remote Desktop Connection Broker (RD Connection Broker)
21. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Refresh the zone on DNS2
Registry on users computer needs to be modified
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
22. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Site
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
23. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Create an Active Directory-Integrated zone.
Configure the zone as an Activde Directory-Integrated zone.
Storage manager for SANs
WDS
24. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
dnscmd
Encrypting File System (EFS). This can be enabled locally or through a GPO.
MEDV to deploy virtual desktops
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
25. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
FFL Windows Server 2008 R2
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Passive file screens
Deploy a GPO for the Sales OU
26. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Network Load Balancing (NLB) cluster
Storage manager for SANs
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
27. To configure AD FS so tokens contain information from Active Directory domain...
Configure Firewall Group Policies and link them at the Domain level
New ACCOUNT STORE should be added and configured
Improve the performance of File Servers
djoin /requesteodj from internal server - djoin /provision from outside server/PC
28. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Share and Storage Management
IIS Manager user account
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
29. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Modify zone transfer settings for company.com zone on DCA
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
30. Tools to view contents of an OU in an AD snapshot...
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Domain based Distributed File System (DFS) namespace and DFS Replication.
Modify properties of RODC server computer account.
dsa.msc - dsamain.exe - ntdsutil.exe
31. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Install Hyper-V role and convert physical machines into virtual machines
Raise the DFL to Windows Server 2008 R2.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
32. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Storage manager for SANs
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Network Load Balancing (NLB) cluster
From Server A - run Create Basic Task Wizard
33. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Dfsrdiag
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
34. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Administrative Role Separation
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Test-AppLockerPolicy
35. Need to access some resources in another domain that is part of another forest...What trust is created?
Configure caching on the shared folder and configure offline files to use encryption
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
From Server A - run Create Basic Task Wizard
Incoming external trust
36. To enable the AD Recycle Bin
Microsoft Desktop Optimization Pack (MDOP) to your company
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Use Netsh tool from administrator's computer.
Enable - ADoptionalFeature cmdlet
37. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Basic Authentication and SSL
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Administrative Role Separation
38. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Event Log Subscriptions
Printer driver isolation
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
39. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Then use Windows Deployment Services (WDS) on DHCP1.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Windows XP Mode
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
40. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
Upgrading DFS to Windows Server 2008 R2
Create a standard secondary of domain and create standard secondary of other domain.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
41. If users complain that it is hard to find the shared folders on the network implement
AD Domains and Trusts
Active Directory Right Management Services (AD RMS)
Additional DFS Targets
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
42. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Modify the local policy to point to the Internal WSUS server
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
DISABLE slow link detection in the GPO
43. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Dsmgmt
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Then configure auto enrollment of certificates and Credential Roaming.
Then use on install image file that contains a single install image.
44. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Creating a data collector set that kick off a scritp that either move or delete files.
View properties of %systemroot%ntdsntds.dit
802.1.x NAP
45. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Refresh the zone on DNS2
Disable Site Link Bridging from the IP properties
Add the Windows Server Backup feature and Windows System Image recovery.
46. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Test-AppLockerPolicy
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
From Server A - run Create Basic Task Wizard
47. You need to relocate an AD LDS instance from C: Drive to D: Drive
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Group Policy Preferences
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
48. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
CAPublishGP group should have the Manage CA permission.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
AD Rights Management Services
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
49. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Windows Deployment Services (WDS)
50. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Configure RODC for Administrator Role Separation
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
