SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Configure block inheritance on the IT OU
Modify the GPO to include folder redirection
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Modify the local policy to point to the Internal WSUS server
2. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Active Directory Right Management Services (AD RMS)
Passive file screens
Import-Module
Deploy the Root CA certificate to the external computers.
3. If users complain that it is hard to find the shared folders on the network implement
Test-AppLockerPolicy
Then use Windows Deployment Services (WDS) on DHCP1.
Additional DFS Targets
Configure the zone as an Activde Directory-Integrated zone.
4. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Active Directory Right Management Services (AD RMS)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Jill came down with 2.50.
5. To help restrict access to Windows 7 computer in the event that it gets stolen implement
View properties of %systemroot%ntdsntds.dit
Active Directory Right Management Services (AD RMS)
Subnet object needs to be created
Windows BitLocker Drive Encryption (Bit Locker)
6. To allow connection to a 256 Kbps ISDN...
Dynamically expanding VHD's
DISABLE slow link detection in the GPO
Modify the local policy to point to the Internal WSUS server
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
7. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
WSUS server in the branch office in replica mode.
Then use on install image file that contains a single install image.
Windows System Resource Manager (WSRM)
Refresh the zone on DNS2
8. To be able to manage all the corporate servers from a workstation - you must install the
Folder redirection. Folder redirection is also useful when using roamin profiles.
AD Domains and Trusts
Recommend Active Directory delegation
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
9. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implement Windows System Resource Manager (WSRM)
10. PowerShell script to create user accounts with passwords from a file called password.csv
Windows Deployment Services (WDS)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
11. If subnets are connected by CISCO router that is RFC-1542 compliant
Enable Credential Roaming
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Use CISCO IP Helper command to configure.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
12. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Active Directory Users and Computers
Implement Windows System Resource Manager (WSRM)
Add the new UPN suffix to the forest.
13. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Modify zone transfer settings for company.com zone on DCA
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
AD Domains and Trusts
14. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Role Separation
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
16. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Network Load Balancing (NLB)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
17. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Create a MEDV workspace
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Jill came down with 2.50.
Zone transfer settings
18. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Recommend Offline Files
Increase the tombstone lifetime for the forest.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Raise the DFL to Windows Server 2008 R2.
19. To compact AD database...
Raise the DFL to Windows Server 2008 R2.
Software Restriction Polices
FILES option within Ntdsutil
CAPublishGP group should have the Manage CA permission.
20. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Create a Network Load Balancing cluster.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
21. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Group Policy Preferences
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
fsconfig on FSSrv2
New ACCOUNT STORE should be added and configured
22. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
AD Domains and Trusts
Deploy a failover cluster that uses Node and File Share Disk Majority
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Use Netsh tool from administrator's computer.
23. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Assign the application to computers in the PC OU
24. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
ntdsutil
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
25. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
26. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Windows Deployment Services (WDS)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
27. To configure AD FS so tokens contain information from Active Directory domain...
Include a server that runs Microsoft Office SharePoint Server 2010
Use a GPO to configure device installation restrictions
New ACCOUNT STORE should be added and configured
Implement a GPO for each domain
28. to prevent VMs from receiving updats from a group policy
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Back up to an external USB drive by using Windows Server Backup
29. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
30. To ensure that recovery is possible if a file on a file server is deleted accidentally
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Implement Shadow Copies
Create a Central Store
31. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
dnscmd tool
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Jill came down with 2.50.
Run the Delegation of Control Wizard on the Staff OU
32. To prevent account password from being cached on RODC server...
Role Separation
Enable Windows Remote Management (WinRM) on the servers.
Modify properties of RODC server computer account.
Disable Site Link Bridging from IP Properties
33. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Configure block inheritance on the IT OU
The Group Policy Management console
Active Directory Users and Computers utility
34. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Configure the zone as an Activde Directory-Integrated zone.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
35. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Create an Active Directory-Integrated zone.
Subnet object needs to be created
Install From Media IFM
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
36. You need to allow a user to add a single computer to a domain - without any additional rights...
Deploy a failover cluster that uses Node and File Share Disk Majority
Prestage the computer account in AD
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Service user account for AD LDS
37. The strongest form of NAP is
Add the new UPN suffix to the forest.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement a domain-based DFS namespace that uses replication
38. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Offline domain join
Jill came down with 2.50.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
39. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Raise the DFL to Windows Server 2008 R2.
Event Subscriptions
40. DFL is...
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Win2000 Native
Administrative Role Separation
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
41. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. You need to relocate an AD LDS instance from C: Drive to D: Drive
Use a GPO to configure device installation restrictions
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
43. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Ntfrsutil
Upgrading DFS to Windows Server 2008 R2
Refresh the zone on DNS2
Install and share a printer on a server and then enable printer pooling.
44. Auditing the deletion of Registry keys on all Domain Controllers
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Software Restriction Polices
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
45. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Raise the DFL to Windows Server 2008 R2.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Recommend GPT and basic disks
46. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Create a Network Load Balancing cluster.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
47. What shold be done to configure AD RMS so users can protect their data?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Changed manually
Create an e-mail account in AD DS for your RMS users
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
48. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
dnscmd tool
Configure caching on the shared folder (offline files)
49. When recommending a monitoring solution for an application so that it's events can be stored in a central
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Event Subscriptions
Active Directory Domains and Trusts
50. You need to recommend a BitLocker recovery method you should recommend this.
Data Recovery Agent
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Perform an authoritative restore
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
