SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Windows XP Mode
Disable Site Link Bridging from IP Properties
Raise the DFL to Windows Server 2008 R2.
CAPublishGP group should have the Manage CA permission.
2. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
3. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Windows BitLocker Drive Encryption (Bit Locker)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
PowerShell 2.0
The Group Policy Management Console
4. You need a solution that meets policy while minimizing hardware and software costs
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement Network Access Protection (NAP)
Deploy a failover cluster that uses Node and File Share Disk Majority
Create a new Password Settings Object (PSO) for the IT users.
5. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Purchase one additional Enterprise License
Install and share a printer on a server and then enable printer pooling.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
6. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Active Directory Users and Computers utility
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Execute the Set-ADServiceAccount cmdlet
7. For the users that work remotely that need access to files from the corporate office you should...
Site
Recommend Offline Files
Network Load Balancing (NLB)
Microsoft System Center Data Protection Manager 2010
8. Jack and Jill go up the hill - both with a buck and a quarter
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Jill came down with 2.50.
Event Subscriptions
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
9. To configure AD FS so tokens contain information from Active Directory domain...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
New ACCOUNT STORE should be added and configured
Then use on install image file that contains a single install image.
Implement Windows BitLocker Drive Encryption (BitLocker)
10. To allow connection to a 256 Kbps ISDN...
Create a Network Load Balancing cluster.
Active Directory snapshots and Tombstone reanimation
DISABLE slow link detection in the GPO
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
11. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Administrative Role Separation
net stop ntds
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Additional DFS Targets
12. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Microsoft System Center Data Protection Manager
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
802.1.x NAP
13. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Run adprep /forestprep and adprep /domainprep
Configure block inheritance on the IT OU
From Server A - run Create Basic Task Wizard
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
14. If a file server reaches 15% free disk space - you could free up some disk space by
dsa.msc - dsamain.exe - ntdsutil.exe
Active Directory Users and Computers
Test-AppLockerPolicy
Creating a data collector set that kick off a scritp that either move or delete files.
15. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Dsmgmt
16. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Autonomous mode...This allows the local administrator to approve their own updates.
Authorization Manager role assignment
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
17. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Offline domain join
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
18. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Modify the schema of LDSInst1
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
File Server Resource Manager (FSRM) quotas and file screens
19. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
fsconfig on FSSrv2
Install the RSAT tool on their workstation to provide for more efficient network management
Run net stop ntds
20. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
MEDV to deploy virtual desktops
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Install From Media IFM
dsa.msc - dsamain.exe - ntdsutil.exe
21. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Deploy a failover cluster that uses Node and File Share Disk Majority
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
22. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Domain based DFS namespace and configure a DFS replication group
23. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Add the new UPN suffix to the forest.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
24. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
25. In order to manage websites without having to logon you can use
Use Netsh tool from administrator's computer.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
PowerShell 2.0
PDC emulator with w32tm.exe
26. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft System Center Data Protection Manager
Storage manager for SANs
Microsoft SharePoint Foundation 2010
Modify the GPO to include folder redirection
27. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use the Local Roles options with dsmgmt.
Event Viewer
Configure separate application pools for each application
28. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Implement the Windows Search Service.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
New ACCOUNT STORE should be added and configured
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
29. To prevent account password from being cached on RODC server...
Implement Windows System Resource Manager (WSRM)
Modify properties of RODC server computer account.
Repadmin
Ensure your account - or the group is a member of the local Administrators group for that specific server.
30. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Use a GPO to configure device installation restrictions
Network Load Balancing (NLB)
Implement a GPO for each domain
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
31. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Active Directory Domains and Trusts
Microsoft SharePoint Foundation 2010
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
32. To allow a specifc user or group to manage the address information for the user accounts...
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Recommend Active Directory delegation
Active Directory Users and Computers utility
View properties of %systemroot%ntdsntds.dit
33. To protect all computers on the network from unwanted access and to ensure a consistent configuration
AD RMS
Incoming external trust
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Configure Firewall Group Policies and link them at the Domain level
34. You need to ensure that the guest account on all servers is disabled to
Modify the local policy to point to the Internal WSUS server
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
35. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Winrm quickconfig
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
36. To minimize the amount of storage required you should recommend
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Share and Storage Management
Active Directory Domains and Trusts
Then use Windows Deployment Services (WDS) on DHCP1.
37. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
New ACCOUNT STORE should be added and configured
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Create a new Password Settings Object (PSO) for the IT users.
Disable Site Link Bridging from the IP properties
38. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
Dynamically expanding VHD's
Install and share a printer on a server and then enable printer pooling.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
40. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Configure caching on the shared folder (offline files)
Windows Deployment Services (WDS)
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
41. When service account passwords need to be changed for SQL they should be...
Changed manually
PowerShell 2.0
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
42. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Folder redirection. Folder redirection is also useful when using roamin profiles.
File Server Resource Manager (FSRM) quotas and file screens
Deploy a failover cluster that uses Node and File Share Disk Majority
43. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Win2000 Native
Active Directory snapshots and Tombstone reanimation
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
45. To backup Virtual Machines
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Add-ADFineGrainedPasswordPolicySubject cmdlet
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
46. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Add the new UPN suffix to the forest.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Modify zone transfer settings for company.com zone on DCA
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
47. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Deploy a failover cluster that uses Node and File Share Disk Majority
Active Directory Right Management Services (AD RMS)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
49. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Upgrading DFS to Windows Server 2008 R2
Get-ADUser cmdlet
Implement Windows System Resource Manager (WSRM)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
50. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Create a Central Store
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
802.1.x NAP
dsa.msc - dsamain.exe - ntdsutil.exe
