SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Win2000
The Group Policy Management console
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
2. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Purchase one additional Enterprise License
Increase the tombstone lifetime for the forest.
Then use Windows Deployment Services (WDS) on DHCP1.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
3. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Install From Media IFM
Deploy the Root CA certificate to the external computers.
Deploy a GPO for the Sales OU
4. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Enable Credential Roaming
Windows XP Mode
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install Windows Server Backup and modify the Windows firewall settings
5. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Modify zone transfer settings for company.com zone on DCA
Properties of PSO need modified
Then configure GlobalNames zones on each domain controller.
6. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Modify zone transfer settings for company.com zone on DCA
WSUS server in the branch office in replica mode.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
7. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Authorization Manager role assignment
Disable Site Link Bridging from IP Properties
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
8. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
The Group Policy Management console
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Active Directory Users and Computers
9. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
DFL needs to be Windows Server 2008
From Server A - run Create Basic Task Wizard
PowerShell 2.0
10. To build a highly secure server cluster with a reduced attack surface area
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Create a standard secondary of domain and create standard secondary of other domain.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Run adprep /forestprep and adprep /domainprep
11. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Windows BitLocker Drive Encryption (Bit Locker)
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement a domain-based DFS namespace that uses replication
12. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
An Active Directory subnet object needs to be created.
NOT be able to store that data on an iSCSI SAN
Refresh the zone on DNS2
13. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Implement Network Access Protection (NAP)
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Disable Site Link Bridging from the IP properties
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
14. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
AD Rights Management Services
Add the new UPN suffix to the forest.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
15. When one needs to audit files - folders - printers and the registry enable
Use a GPO to configure device installation restrictions
Use local roles options within "dsmgmt"
Windows BitLocker Drive Encryption (Bit Locker)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
16. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Authorization Manager
Use a GPO to configure device installation restrictions
Add the Windows Server Backup feature and Windows System Image recovery.
Use local roles options within "dsmgmt"
17. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Upgrading DFS to Windows Server 2008 R2
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
18. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Test-AppLockerPolicy
Enable Windows Remote Management (WinRM) on each server.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
19. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
20. To prevent account password from being cached on RODC server...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Improve the performance of File Servers
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Modify properties of RODC server computer account.
21. To allow a user to administer Active Directory
Active Directory Domains and Trusts
Add the user to the Domain Admins global group
Modify properties of RODC server computer account.
Upgrading DFS to Windows Server 2008 R2
22. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Use a GPO to configure device installation restrictions
File Server Resource Manager (FSRM) quotas and file screens
23. To minimize the amount of storage required you should recommend
Winrm quickconfig
Share and Storage Management
Event Log Subscriptions
Site
24. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Enable Credential Roaming
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
25. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Then use Windows Deployment Services (WDS) on DHCP1.
Basic Authentication and SSL
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
26. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Windows System Resource Manager (WSRM)
Ntdsutil
Refresh the zone on DNS2
27. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Enable Credential Roaming
Implement a domain-based DFS namespace that uses replication
Install Windows Server Backup and modify the Windows firewall settings
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
28. To backup Virtual Machines
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Recommend Active Directory delegation
NOT be able to store that data on an iSCSI SAN
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
29. To add a new UPN for all user accounts...
Implement GPO for all client computers
Recommend Active Directory delegation
AD Domains and Trusts
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
30. GPO setting to prevent all users from running an application
MEDV to deploy virtual desktops
Software Restriction Polices
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement folder redirection by using GPO. Then backup the folder redirection target.
31. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Upgrading DFS to Windows Server 2008 R2
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
32. Tool to change Directory Services Restore Mode password on Domain Controller...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
ntdsutil
Improve the performance of File Servers
Storage manager for SANs
33. For the users that work remotely that need access to files from the corporate office you should...
Test-AppLockerPolicy
Then configure auto enrollment of certificates and Credential Roaming.
Recommend Offline Files
Modify properties of RODC server computer account.
34. What utility is used to see what accounts cached on RODC?
Modify the GPO to include folder redirection
Dynamically expanding VHD's
Configure folder redirection
Active Directory Users and Computers
35. If you need to be able to create shared folders on Server 2008 R2
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Recommend Group Policy preferences
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
36. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Microsoft Application Virtualization (AppV)
Basic Authentication and SSL
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
37. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Active Directory snapshots and Tombstone reanimation
Service user account for AD LDS
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Execute the Set-ADServiceAccount cmdlet
38. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Implement GPO for all client computers
Event Viewer
Deploy a GPO for the Sales OU
39. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Dsmgmt
MEDV to deploy virtual desktops
CAPublishGP group should have the Manage CA permission.
40. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Autonomous mode...This allows the local administrator to approve their own updates.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Configure separate application pools for each application
Create a Network Load Balancing cluster.
41. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Refresh the zone on DNS2
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy a GPO to the WebSrvOU
42. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement folder redirection by using GPO. Then backup the folder redirection target.
File Server Resource Manager (FSRM) quotas and file screens
43. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
View properties of %systemroot%ntdsntds.dit
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
44. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Recommend Group Policy preferences
FFL Windows Server 2008 R2
DFL needs to be Windows Server 2008
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
46. What role to keep same time as an external server?
Add the user to the Domain Admins global group
PDC emulator with w32tm.exe
Deploy the Root CA certificate to the external computers.
Assign the application to all client computers by using a GPO.
47. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Create an Active Directory-Integrated zone.
Administrative Role Separation
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
48. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
PowerShell 2.0
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Add the new UPN suffix to the forest.
49. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Ldp
50. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
net stop ntds
Create a MEDV workspace
Then install new Server 2008 R2 Enterprise subordinate CA.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
