SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If users complain that it is hard to find the shared folders on the network implement
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Create and deploy a logon script that runs Auditpol.
Additional DFS Targets
2. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Modify zone transfer settings for company.com zone on DCA
Active Directory snapshots and Tombstone reanimation
Win2000
3. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Group Policy Preferences
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Then use on install image file that contains a single install image.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
4. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure caching on the shared folder and configure offline files to use encryption
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
5. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Disable Site Link Bridging from IP Properties
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Microsoft System Center Data Protection Manager
6. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Incoming external trust
Run adprep /forestprep and adprep /domainprep
Data Recovery Agent
7. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Test-AppLockerPolicy
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
8. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
View properties of %systemroot%ntdsntds.dit
Utilize IFM (Install From Media)
9. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Service user account for AD LDS
Properties of PSO need modified
Enable Windows Remote Management (WinRM) on each server.
The Group Policy Management console
10. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Back up to an external USB drive by using Windows Server Backup
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Microsoft System Center Data Protection Manager
Incoming external trust
11. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
PDC emulator with w32tm.exe
Deploy it by using Group Policy Software Installation method
12. When deploying an application using the Group Policy distribution method assign the...
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Modify zone transfer settings for company.com zone on DCA
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
13. To compact AD database...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
FILES option within Ntdsutil
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Create a MEDV workspace
14. What GPO setting should be configured to prevent all users from running an application?
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Software Restriction Polices
Ntdsutil
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
15. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Domain based DFS namespace and configure a DFS replication group
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
16. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Configure Audit Special Logon and define Special Groups
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Data Recovery Agent
Recommend GPT and basic disks
17. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Add the new UPN suffix to the forest.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Basic Authentication and SSL
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
18. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Jill came down with 2.50.
Certificate Templates
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Create a MEDV workspace
19. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Modify the local policy to point to the Internal WSUS server
Ntdsutil
20. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Microsoft Desktop Optimization Pack (MDOP)
Create a new Password Settings Object (PSO) for the IT users.
Implement one LUN for the quorum and another LUN for the data
21. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Modify the schema of LDSInst1
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Upgrading DFS to Windows Server 2008 R2
Add-ADFineGrainedPasswordPolicySubject cmdlet
22. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Zone transfer settings
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement Shadow Copies
Run adprep /forestprep and adprep /domainprep
23. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Recommend Group Policy preferences
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
IIS Chared Configuration
24. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Properties of PSO need modified
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
25. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Winrm quickconfig
Active Directory Users and Computers
Certificate Templates
Implement the Windows Search Service.
26. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Winrm quickconfig
Then configure GlobalNames zones on each domain controller.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Jill came down with 2.50.
27. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
An Active Directory subnet object needs to be created.
Add George to the Domain Admins group.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Windows Server 2003
28. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Dynamically expanding VHD's
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy the Root CA certificate to the external computers.
Deploy a GPO to the WebSrvOU
29. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Configure offline files and enable manual caching
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Properties of PSO need modified
30. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Then configure auto enrollment of certificates and Credential Roaming.
Windows BitLocker Drive Encryption (Bit Locker)
Use a GPO to configure device installation restrictions
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
32. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Configure the zone as an Activde Directory-Integrated zone.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy Microsoft System Center Operations Manager (SCOM)
33. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Properties of PSO need modified
Assign the application to computers in the PC OU
Your machine and remote desktops
Create a new Password Settings Object (PSO) for the IT users.
34. 2 ways to relocate user and computer accounts to different OUs
Group Policy Preferences
New ACCOUNT STORE should be added and configured
Winrm quickconfig
DSMOD - ADUC
35. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Configure Firewall Group Policies and link them at the Domain level
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Install and share a printer on a server and then enable printer pooling.
36. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Domain based Distributed File System (DFS) will reduce network traffic
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
37. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Windows Server 2003
Attach VHD file created by Windows server backup
Active Directory Domains and Trusts
Dfsrdiag
38. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Administrators is the minimum group membership required to complete this procedure.
Create an e-mail account in AD DS for your RMS users.
39. New Password Policy needs to be created for OU different from domain password policy
CAPublishGP group should have the Manage CA permission.
Configure folder redirection
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Then install new Server 2008 R2 Enterprise subordinate CA.
40. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Event Subscriptions
ntdsutil
IIS Chared Configuration
fsconfig on FSSrv2
41. You need to allow a user to add a single computer to a domain - without any additional rights...
Perform an authoritative restore
FFL Windows Server 2008 R2
Modify the local policy to point to the Internal WSUS server
Prestage the computer account in AD
42. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Backup operator's domain local group
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
43. If you need to delegate control of server to remote admins group
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
FILES option within Ntdsutil
Configure RODC for Administrator Role Separation
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
44. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Add the user to the Domain Admins global group
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Implement Network Access Protection (NAP)
45. When one needs to audit files - folders - printers and the registry enable
Microsoft Application Virtualization (AppV)
Dsmgmt
Install Hyper-V role and convert physical machines into virtual machines
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
46. To build a highly secure server cluster with a reduced attack surface area
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Active Directory Users and Computers
File Server Resource Manager (FSRM) quotas and file screens
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
47. New password settings object (PSO) created and needs to be applied to user
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Properties of PSO need modified
Event Log Subscriptions
Add the user to the Domain Admins global group
48. You need a solution that meets policy while minimizing hardware and software costs
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create a new Password Settings Object (PSO) for the IT users.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
49. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Administrative Role Separation
Recommend Group Policy preferences
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Modify properties of RODC server computer account.
50. 4 steps to perform offline Defragmentation of AD database...
View properties of %systemroot%ntdsntds.dit
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install Windows Server Backup and modify the Windows firewall settings
