SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Subnet object needs to be created
dnscmd tool
Active Directory Right Management Services (AD RMS)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
2. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Subnet object needs to be created
Use local roles options within "dsmgmt"
Perform an authoritative restore
Windows Deployment Services (WDS)
3. To identify users who bypass the new corporate security policy -
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Configure caching on the shared folder and configure offline files to use encryption
Configure Audit Special Logon and define Special Groups
4. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
The Group Policy Management console
net stop ntds
Add the user to the Domain Admins global group
5. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Configure folder redirection
Implement GPO for all client computers
Create a Central Store
6. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Printer driver isolation
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
7. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Implement GPO for all client computers
Domain based DFS namespace and configure a DFS replication group
8. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Ntfrsutil
Authorization Manager
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
9. You need to ensure that the guest account on all servers is disabled to
MEDV to deploy virtual desktops
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
dsa.msc - dsamain.exe - ntdsutil.exe
Discover the run Microsoft Baseline Security Analyzer (MBSA)
10. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Implement GPO for all client computers
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
A Distributed File System (DFS) namespace
11. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Assign the application to computers in the PC OU
Disable Site Link Bridging from the IP properties
View properties of %systemroot%ntdsntds.dit
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
12. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Set-ADServiceAccount cmdlet
Perform an authoritative restore
Modify zone transfer settings for company.com zone on DCA
dsa.msc - dsamain.exe - ntdsutil.exe
13. To restore deleted user account from AD Recycle Bin...
Incoming external trust
Your machine and remote desktops
AD Rights Management Services
Restore-ADObject cmdlet
14. Need to ensure users receive updated template within five days...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Changed manually
Registry on users computer needs to be modified
Ntfrsutil
15. For the users that work remotely that need access to files from the corporate office you should...
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
PowerShell 2.0
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Recommend Offline Files
16. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Incoming external trust
Deploy Microsoft System Center Operations Manager (SCOM)
The Group Policy Management Console
17. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
An Active Directory subnet object needs to be created.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Refresh the zone on DNS2
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
18. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Dsmgmt
Properties of PSO need modified
Windows Deployment Services (WDS)
19. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Create a standard secondary of domain and create standard secondary of other domain.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement a domain-based DFS namespace that uses replication
20. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
WSUS server in the branch office in replica mode.
Configure caching on the shared folder and configure offline files to use encryption
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
21. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Import-Module
Microsoft System Center Data Protection Manager
Install Windows Server Backup and modify the Windows firewall settings
22. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Your machine and remote desktops
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Microsoft Desktop Optimization Pack (MDOP) to your company
23. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Active Directory delegation
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Printer driver isolation
WDS
24. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Recommend Offline Files
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Storage manager for SANs
25. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Implement GPO for all client computers
dsa.msc - dsamain.exe - ntdsutil.exe
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
26. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Attach VHD file created by Windows server backup
27. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Ntfrsutil
PDC emulator with w32tm.exe
Enable Credential Roaming
28. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Implement Distributed File System Replication (DFSR) on both servers
Create a Central Store
Add the user to the Domain Admins global group
Offline domain join
29. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Ntfrsutil
Attach VHD file created by Windows server backup
Implement Windows System Resource Manager (WSRM) and configure user policies
30. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Zone transfer settings
31. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Domain based Distributed File System (DFS) will reduce network traffic
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Create an e-mail account in AD DS for your RMS users.
32. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Site
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
33. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Changed manually
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Include a server that runs Microsoft Office SharePoint Server 2010
Winrm quickconfig
34. Tools to view contents of an OU in an AD snapshot...
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
dsa.msc - dsamain.exe - ntdsutil.exe
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
FILES option within Ntdsutil
35. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Active Directory Domains and Trusts
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Share and Storage Management
36. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Execute the Set-ADServiceAccount cmdlet
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
37. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Administrative Role Separation
38. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Win2000
fsconfig on FSSrv2
Authorization Manager
39. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Then configure auto enrollment of certificates and Credential Roaming.
Winrm quickconfig
40. Striped volumes
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement Windows BitLocker Drive Encryption (BitLocker)
Event Viewer
Improve the performance of File Servers
41. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Implement a domain-based DFS namespace that uses replication
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure RODC for Administrator Role Separation
42. To build a highly secure server cluster with a reduced attack surface area
Windows BitLocker Drive Encryption (Bit Locker)
Incoming external trust
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
43. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Install Hyper-V role and convert physical machines into virtual machines
44. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Domain based DFS namespace and configure a DFS replication group
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
DSMOD - ADUC
45. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Microsoft System Center Data Protection Manager 2010
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Restore-ADObject cmdlet
46. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Windows XP Mode
Implement File Server Resource Manager (FSRM) quotas on the desired servers
47. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement one LUN for the quorum and another LUN for the data
Then configure auto enrollment of certificates and Credential Roaming.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
48. To delegate authority to users to manage only certain areas in Hyper-V use the
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Authorization Manager role assignment
49. New password settings object (PSO) created and needs to be applied to user
Create a Network Load Balancing cluster.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Properties of PSO need modified
50. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Dsmgmt
Implement one LUN for the quorum and another LUN for the data
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
