SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Enable Windows Remote Management (WinRM) on each server.
Create an Active Directory-Integrated zone.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
2. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Deploy a GPO to the WebSrvOU
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Import-Module
Windows XP Mode
3. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
FFL Windows Server 2008 R2
Create an Active Directory-Integrated zone.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
4. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Refresh the zone on DNS2
Microsoft SharePoint Foundation 2010
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
5. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Perform an authoritative restore
CAPublishGP group should have the Manage CA permission.
Include a server that runs Microsoft Office SharePoint Server 2010
6. To backup GPO's in domain and minimize bakcup...
Install and share a printer on a server and then enable printer pooling.
Dfsrdiag
Install Windows Server Backup and modify the Windows firewall settings
The Group Policy Management Console
7. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Create a Central Store
Add the Windows Server Backup feature and Windows System Image recovery.
Administrators is the minimum group membership required to complete this procedure.
8. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Basic Authentication and SSL
9. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
From Server1 - run the Create Basic Task Wizard
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement one LUN for the quorum and another LUN for the data
Group Policy Preferences
10. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Printer driver isolation
Service user account for AD LDS
Event Log Subscriptions
11. to protect file servers and hard disks that may be at risk of being accessed or stolen
A relying party trust should be created.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement Windows BitLocker Drive Encryption (BitLocker)
DSMOD
12. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Folder redirection. Folder redirection is also useful when using roamin profiles.
Recommend Offline Files
Use local roles options within "dsmgmt"
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
13. To deploy templates across the organization
Run the Delegation of Control Wizard on the Staff OU
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Implement folder redirection by using GPO. Then backup the folder redirection target.
14. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Run adprep /forestprep and adprep /domainprep
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
15. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Configure Audit Special Logon and define Special Groups
Configure Firewall Group Policies and link them at the Domain level
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
16. Ensure password length for a group set to 12 characters long while others keep password policy
Import-Module
Add-ADFineGrainedPasswordPolicySubject cmdlet
Use CISCO IP Helper command to configure.
dsa.msc - dsamain.exe - ntdsutil.exe
17. An AD LDS instance needs to be replicated from one server to another...
Implement a GPO for each domain
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Service user account for AD LDS
18. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
FILES option within Ntdsutil
Authorization Manager
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
19. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Run the Delegation of Control Wizard on the Staff OU
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
20. Need to ensure users receive updated template within five days...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Registry on users computer needs to be modified
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
21. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
22. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Utilize IFM (Install From Media)
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
23. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
DFL needs to be Windows Server 2008
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure authorization rules for Web developers on each web server
24. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Configure caching on the shared folder and configure offline files to use encryption
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
AD Rights Management Services
25. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Configure folder redirection
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Printer driver isolation
26. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Administrators is the minimum group membership required to complete this procedure.
dsa.msc - dsamain.exe - ntdsutil.exe
Microsoft System Center Data Protection Manager 2010
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
27. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Execute the Set-ADServiceAccount cmdlet
Your machine and remote desktops
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
28. To add a new UPN for all user accounts...
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
AD Domains and Trusts
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
29. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Purchase one additional Enterprise License
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
30. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
The Group Policy Management Console
31. 4 steps to perform offline Defragmentation of AD database...
Configure Firewall Group Policies and link them at the Domain level
Configure caching on the shared folder (offline files)
File Server Resource Manager (FSRM) quotas and file screens
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
32. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Basic Authentication and SSL
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
33. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Recommend Active Directory delegation
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Win2000
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
34. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Jill came down with 2.50.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Creating a data collector set that kick off a scritp that either move or delete files.
Restore-ADObject cmdlet
35. 4 steps to perform authoritative restore of a deleted OU...
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure RODC for Administrator Role Separation
36. In order to manage websites without having to logon you can use
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Active Directory snapshots and Tombstone reanimation
PowerShell 2.0
37. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then install new Server 2008 R2 Enterprise subordinate CA.
FILES option within Ntdsutil
Create an Active Directory-Integrated zone.
38. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Modify the local policy to point to the Internal WSUS server
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Network Load Balancing (NLB) cluster
Then install new Server 2008 R2 Enterprise subordinate CA.
39. To create AD Domain Services snapshot
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement one LUN for the quorum and another LUN for the data
Ldp
Ntdsutil
40. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
DSMOD
Recommend GPT and basic disks
Install the RSAT tool on their workstation to provide for more efficient network management
ntdsutil
41. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Create an Active Directory-Integrated zone.
Add the new UPN Suffix to the forest
Use a GPO to configure device installation restrictions
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
42. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement one LUN for the quorum and another LUN for the data
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
FILES option within Ntdsutil
43. DFL is...
Win2000 Native
Run the Delegation of Control Wizard on the Staff OU
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Configure caching on the shared folder and configure offline files to use encryption
44. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Network Load Balancing (NLB)
Software Restriction Polices
Import-Module
Implement Network Access Protection (NAP)
45. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Network Load Balancing (NLB) cluster
Recommend Offline Files
Jill came down with 2.50.
46. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
AD RMS
Modify zone transfer settings for company.com zone on DCA
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
47. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Subnet object needs to be created
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure authorization rules for Web developers on each web server
Perform an authoritative restore
48. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Recommend Group Policy preferences
49. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
PowerShell 2.0
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
50. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Event Viewer
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Run adprep /forestprep and adprep /domainprep
