SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Group Policy Preferences
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
2. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Enable - ADoptionalFeature cmdlet
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure separate application pools for each application
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
3. To restore deleted user account from AD Recycle Bin...
Configure RODC for Administrator Role Separation
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Restore-ADObject cmdlet
MEDV to deploy virtual desktops
4. FFL is...
net stop ntds
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Use CISCO IP Helper command to configure.
Win2000
5. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Basic Authentication and SSL
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
MEDV to deploy virtual desktops
6. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
MEDV to deploy virtual desktops
FILES option within Ntdsutil
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
IIS Chared Configuration
7. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Install and share a printer on a server and then enable printer pooling.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Domain based Distributed File System (DFS) namespace and DFS Replication.
8. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
MEDV to deploy virtual desktops
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
9. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement one LUN for the quorum and another LUN for the data
Configure separate application pools for each application
Enable Windows Remote Management (WinRM) on the servers.
10. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
11. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Modify the local policy to point to the Internal WSUS server
Microsoft System Center Data Protection Manager 2010
Network Load Balancing (NLB)
12. When recommending a monitoring solution for an application so that it's events can be stored in a central
Configure block inheritance on the IT OU
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Event Subscriptions
13. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Add George to the Domain Admins group.
Modify properties of RODC server computer account.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Winrm quickconfig
14. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Create a Central Store
Modify the schema of LDSInst1
Install the RSAT tool on their workstation to provide for more efficient network management
Then use Windows Deployment Services (WDS) on DHCP1.
15. Ensure password length for a group set to 12 characters long while others keep password policy
Deploy the Root CA certificate to the external computers.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Ensure your account - or the group is a member of the local Administrators group for that specific server.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
16. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Distributed File System (DFS) Replication
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Run adprep /forestprep and adprep /domainprep
17. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
A relying party trust should be created.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Purchase one additional Enterprise License
Site
18. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Repadmin
Use CISCO IP Helper command to configure.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
19. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Windows System Resource Manager (WSRM)
Your machine and remote desktops
Implement Network Access Protection (NAP)
20. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
DSMOD - ADUC
Configure caching on the shared folder (offline files)
21. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Changed manually
Modify the GPO to include folder redirection
Dsmgmt
Dfsrdiag
22. Tools to view contents of an OU in an AD snapshot...
From Server A - run Create Basic Task Wizard
Implement a GPO for each domain
dsa.msc - dsamain.exe - ntdsutil.exe
Assign the application to computers in the PC OU
23. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Implement Distributed File System Replication (DFSR) on both servers
Enable Windows Remote Management (WinRM) on each server.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
24. To compact AD database...
Implement one LUN for the quorum and another LUN for the data
Install Windows Server Backup and modify the Windows firewall settings
Ntfrsutil
FILES option within Ntdsutil
25. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Disable Site Link Bridging from the IP properties
MEDV to deploy virtual desktops
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Create a Central Store
26. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
AD Domains and Trusts
Incoming external trust
Windows BitLocker Drive Encryption (Bit Locker)
27. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Create a Central Store
From Server A - run Create Basic Task Wizard
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
ntdsutil
28. To delegate authority to users to manage only certain areas in Hyper-V use the
dnscmd
Implement Windows System Resource Manager (WSRM)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Authorization Manager role assignment
29. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
DFL needs to be Windows Server 2008
30. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Disable Site Link Bridging from the IP properties
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Windows System Resource Manager (WSRM)
Event Subscriptions
31. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Deploy it by using Group Policy Software Installation method
Modify zone transfer settings for company.com zone on DCA
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
32. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Enable Credential Roaming
IIS Manager user account
Microsoft Desktop Optimization Pack (MDOP)
33. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Create an e-mail account in AD DS for your RMS users
Windows System Resource Manager (WSRM)
Autonomous mode...This allows the local administrator to approve their own updates.
Dynamically expanding VHD's
34. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Assign the application to computers in the PC OU
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add the new UPN Suffix to the forest
35. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Implement Windows System Resource Manager (WSRM)
Implement one LUN for the quorum and another LUN for the data
Zone transfer settings
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
36. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
37. When one needs to audit files - folders - printers and the registry enable
Enable Windows Remote Management (WinRM) on each server.
Distributed File System (DFS) Replication
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Raise the DFL to Windows Server 2008 R2.
38. In order to ensure highly available Windows Update servers you should create this.
Configure Audit Special Logon and define Special Groups
Repadmin
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Changed manually
39. What should be done to resolve names by using GlobalNames zone?
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
dnscmd tool
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Enable Windows Remote Management (WinRM) on the servers.
40. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Win2000
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
41. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Windows XP Mode
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Ntdsutil
42. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy a GPO to the WebSrvOU
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Implement folder redirection by using GPO. Then backup the folder redirection target.
43. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Offline domain join
44. The Computer Management snap-in allows you to create shares both on...
Then use Windows Deployment Services (WDS)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Your machine and remote desktops
45. To backup Virtual Machines
Run adprep /forestprep and adprep /domainprep
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
View properties of %systemroot%ntdsntds.dit
DFL needs to be Windows Server 2008
46. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Printer driver isolation
Deploy a failover cluster that uses Node and File Share Disk Majority
Upgrading DFS to Windows Server 2008 R2
47. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. You need a solution that meets policy while minimizing hardware and software costs
Install From Media IFM
Modify properties of RODC server computer account.
Create a new Password Settings Object (PSO) for the IT users.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
49. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Create a Central Store
Raise the DFL to Windows Server 2008 R2.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
50. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Windows Deployment Services (WDS)
Use a GPO to configure device installation restrictions
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
