SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Active Directory Domains and Trusts
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement one LUN for the quorum and another LUN for the data
2. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Configure caching on the shared folder (offline files)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement GPO for all client computers
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
3. Striped volumes
Ntfrsutil
Test-AppLockerPolicy
Improve the performance of File Servers
DSMOD
4. To defragment and AD database...
net stop ntds
Restore-ADObject cmdlet
Utilize IFM (Install From Media)
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
5. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Modify the schema of LDSInst1
Enable Credential Roaming
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
6. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Repadmin
New ACCOUNT STORE should be added and configured
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Add the Windows Server Backup feature and Windows System Image recovery.
7. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
MEDV to deploy virtual desktops
Backup operator's domain local group
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
8. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
ntdsutil
FFL Windows Server 2008 R2
Then configure auto enrollment of certificates and Credential Roaming.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
9. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Create a Central Store
Distributed File System (DFS) Replication
Administrative Role Separation
Discover the run Microsoft Baseline Security Analyzer (MBSA)
10. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
11. You need to deploy a sales application that only the sales users must have access to
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy a GPO for the Sales OU
Then use on install image file that contains a single install image.
Active Directory snapshots and Tombstone reanimation
12. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Service user account for AD LDS
IIS Manager user account
Implement Windows System Resource Manager (WSRM) and configure user policies
13. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Add-ADFineGrainedPasswordPolicySubject cmdlet
Site
14. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
Configure authorization rules for Web developers on each web server
Data Recovery Agent
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
15. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Then use Windows Deployment Services (WDS)
Network Load Balancing (NLB)
File Server Resource Manager (FSRM) quotas and file screens
Configure event log subscriptions
16. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implement Windows BitLocker Drive Encryption (BitLocker)
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
17. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Then install new Server 2008 R2 Enterprise subordinate CA.
Add the user to the Domain Admins global group
Ensure your account - or the group is a member of the local Administrators group for that specific server.
18. GPO setting to prevent all users from running an application
Software Restriction Polices
Attach VHD file created by Windows server backup
Implement the Windows Search Service.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
19. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Dsmgmt
Dynamically expanding VHD's
PDC emulator with w32tm.exe
20. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Use the Local Roles options with dsmgmt.
Passive file screens
Deploy a failover cluster that uses Node and File Share Disk Majority
Microsoft System Center Data Protection Manager 2010
21. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
DSMOD - ADUC
Import-Module
Use the Local Roles options with dsmgmt.
22. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
FFL Windows Server 2008 R2
Administrative Role Separation
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Configure folder redirection
23. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Upgrading DFS to Windows Server 2008 R2
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
24. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Changed manually
The Group Policy Management console
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
25. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
Modify properties of RODC server computer account.
Subnet object needs to be created
WDS
26. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Microsoft Application Virtualization (AppV)
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
fsconfig on FSSrv2
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
27. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
28. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
AD RMS
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
From Server A - run Create Basic Task Wizard
Then install new Server 2008 R2 Enterprise subordinate CA.
29. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Basic Authentication and SSL
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Authorization Manager role assignment
30. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Zone transfer settings
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
WDS
31. To configure Administrator Role Separation for an RODC
Configure Audit Special Logon and define Special Groups
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Enable - ADoptionalFeature cmdlet
Deploy a GPO for the Sales OU
32. To enable the AD Recycle Bin
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Enable - ADoptionalFeature cmdlet
Properties of PSO need modified
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
33. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Enable - ADoptionalFeature cmdlet
34. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Enable Windows Remote Management (WinRM) on the servers.
Microsoft SharePoint Foundation 2010
35. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Disable Site Link Bridging from IP Properties
Active Directory Users and Computers utility
Enable Windows Remote Management (WinRM) on the servers.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
36. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Then use Windows Deployment Services (WDS)
Raise the DFL to Windows Server 2008 R2.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
37. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Import-Module
38. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Jill came down with 2.50.
Implement the Windows Search Service.
WSUS server in the branch office in replica mode.
39. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Attach VHD file created by Windows server backup
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Use a GPO to configure device installation restrictions
41. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Restore-ADObject cmdlet
IIS Chared Configuration
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Purchase one additional Enterprise License
42. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Incoming external trust
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
43. Can be used to install the Windows RE on existing servers
Deploy a GPO for the Sales OU
WDS
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
44. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Enable Windows Remote Management (WinRM) on the servers.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Get-ADUser cmdlet
Run the Delegation of Control Wizard on the Staff OU
45. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Add the Windows Server Backup feature and Windows System Image recovery.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
A Distributed File System (DFS) namespace
46. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Configure folder redirection
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
47. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Active Directory Domains and Trusts
Install Windows Server Backup and modify the Windows firewall settings
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Network Load Balancing (NLB) cluster
48. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Upgrading DFS to Windows Server 2008 R2
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Storage manager for SANs
49. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Printer driver isolation
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
50. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Domain based DFS namespace and configure a DFS replication group
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Set-ADServiceAccount cmdlet
Add-ADFineGrainedPasswordPolicySubject cmdlet
