SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Create a MEDV workspace
Distributed File System (DFS) Replication
IIS Chared Configuration
NOT be able to store that data on an iSCSI SAN
2. What should be done to ensure changes made to AD objects can be logged?
Back up to an external USB drive by using Windows Server Backup
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Execute the Set-ADServiceAccount cmdlet
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
3. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
AD Domains and Trusts
Then use Windows Deployment Services (WDS) on DHCP1.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
4. If a file server reaches 15% free disk space - you could free up some disk space by
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Site
Use CISCO IP Helper command to configure.
Creating a data collector set that kick off a scritp that either move or delete files.
5. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Deploy Microsoft System Center Operations Manager (SCOM)
Folder redirection. Folder redirection is also useful when using roamin profiles.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Upgrading DFS to Windows Server 2008 R2
6. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Microsoft System Center Data Protection Manager
Create a Central Store
7. To restore deleted user account from AD Recycle Bin...
Configure event log subscriptions
Restore-ADObject cmdlet
FILES option within Ntdsutil
DSMOD
8. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
net stop ntds
Create a MEDV workspace
Create a standard secondary of domain and create standard secondary of other domain.
9. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Then use Windows Deployment Services (WDS)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
10. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Upgrading DFS to Windows Server 2008 R2
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Basic Authentication and SSL
Install and share a printer on a server and then enable printer pooling.
11. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Active Directory snapshots and Tombstone reanimation
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Then use Windows Deployment Services (WDS)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
12. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Modify properties of RODC server computer account.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Configure authorization rules for Web developers on each web server
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
13. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
The Group Policy Management console
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Use a GPO to configure device installation restrictions
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
14. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Dsmgmt
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
15. In order to manage websites without having to logon you can use
PowerShell 2.0
Run adprep /forestprep and adprep /domainprep
Registry on users computer needs to be modified
Administrators is the minimum group membership required to complete this procedure.
16. To update ADRMS password...
AD Rights Management Services
Configure Audit Special Logon and define Special Groups
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Winrm quickconfig
17. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
18. To allow a user to administer Active Directory
Improve the performance of File Servers
From Server A - run Create Basic Task Wizard
Raise the DFL to Windows Server 2008 R2.
Add the user to the Domain Admins global group
19. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Run the Delegation of Control Wizard on the Staff OU
From Server A - run Create Basic Task Wizard
Ntdsutil
AD RMS
20. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Network Load Balancing (NLB)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Dsmgmt
21. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Create a MEDV workspace
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
AD RMS
22. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Multipath I/O feature
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Raise the DFL to Windows Server 2008 R2.
23. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
PDC emulator with w32tm.exe
Configure the zone as an Activde Directory-Integrated zone.
MEDV to deploy virtual desktops
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
24. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Create an e-mail account in AD DS for your RMS users.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Disable Site Link Bridging from IP Properties
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
25. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Create a Central Store
Use CISCO IP Helper command to configure.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
The Group Policy Management Console
26. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
IIS Manager user account
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Network Load Balancing (NLB) cluster
27. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Raise the DFL to Windows Server 2008 R2.
Winrm quickconfig
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
28. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Implement GPO for all client computers
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Event Log Subscriptions
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
29. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Assign the application to all client computers by using a GPO.
Implement Shadow Copies
Install and share a printer on a server and then enable printer pooling.
30. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Refresh the zone on DNS2
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Dfsrdiag
31. You need to relocate an AD LDS instance from C: Drive to D: Drive
Disable Site Link Bridging from IP Properties
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
32. Need to access some resources in another domain that is part of another forest...What trust is created?
Test-AppLockerPolicy
Add the new UPN Suffix to the forest
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Incoming external trust
33. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
IIS Manager user account
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Improve the performance of File Servers
Windows System Resource Manager (WSRM)
34. to protect file servers and hard disks that may be at risk of being accessed or stolen
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement Windows BitLocker Drive Encryption (BitLocker)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
35. Striped volumes
Install Hyper-V role and convert physical machines into virtual machines
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Active Directory Users and Computers
Improve the performance of File Servers
36. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Import-Module
Add the new UPN suffix to the forest.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
37. To configure Administrator Role Separation for an RODC
Configure an audit policy by editing the default domain policy and configure Event Forwarding
New ACCOUNT STORE should be added and configured
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
A relying party trust should be created.
38. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Test-AppLockerPolicy
Create ADMX and ADML files. Configure the GPO and link it to the domain.
AD Domains and Trusts
Administrative Role Separation
39. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Microsoft SharePoint Foundation 2010
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Run the Delegation of Control Wizard on the Staff OU
40. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
Administrators is the minimum group membership required to complete this procedure.
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure event log subscriptions
41. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Data Recovery Agent
Win2000
Incoming external trust
Deploy the Root CA certificate to the external computers.
43. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Deploy a GPO for the Sales OU
Install the RSAT tool on their workstation to provide for more efficient network management
Basic Authentication and SSL
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
44. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Win2000 Native
Configure folder redirection
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Raise the DFL to Windows Server 2008 R2.
45. What shold be done to configure AD RMS so users can protect their data?
Restore-ADObject cmdlet
Active Directory Users and Computers
Create an e-mail account in AD DS for your RMS users
Windows Server 2003
46. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Attach VHD file created by Windows server backup
Software Restriction Polices
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Group Policy Preferences
47. FFL is...
Win2000
Configure Firewall Group Policies and link them at the Domain level
Software Restriction Polices
Implement a GPO for each domain
48. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Use CISCO IP Helper command to configure.
Ntdsutil
49. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Subnet object needs to be created
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
50. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
WSUS server in the branch office in replica mode.