SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Ldp
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Import-Module
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
2. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
3. GPO setting to prevent all users from running an application
Software Restriction Polices
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Add George to the Domain Admins group.
Implement a domain-based DFS namespace that uses replication
4. To ensure that a file on a file server do not leave the organization you must implement this.
Disable Site Link Bridging from the IP properties
AD RMS
Get-ADUser cmdlet
Raise the DFL to Windows Server 2008 R2.
5. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
PDC emulator with w32tm.exe
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Purchase one additional Enterprise License
6. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Configure folder redirection
Configure authorization rules for Web developers on each web server
A relying party trust should be created.
Active Directory Domains and Trusts
7. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Microsoft Desktop Optimization Pack (MDOP)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Install the RSAT tool on their workstation to provide for more efficient network management
Repadmin
8. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
IIS Chared Configuration
Your machine and remote desktops
Configure caching on the shared folder and configure offline files to use encryption
Raise the DFL to Windows Server 2008 R2.
9. DFL is...
Implement a domain-based DFS namespace that uses replication
Win2000 Native
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Then configure GlobalNames zones on each domain controller.
10. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Share and Storage Management
Install From Media IFM
The Group Policy Management Console
Configure offline files and enable manual caching
11. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Modify the schema of LDSInst1
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
WSUS server in the branch office in replica mode.
12. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Ntfrsutil
Microsoft Desktop Optimization Pack (MDOP)
New ACCOUNT STORE should be added and configured
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
13. Can be used to install the Windows RE on existing servers
DFL needs to be Windows Server 2008
WDS
Windows XP Mode
Create an e-mail account in AD DS for your RMS users.
14. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
The Group Policy Management Console
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Windows System Resource Manager (WSRM)
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
15. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Autonomous mode...This allows the local administrator to approve their own updates.
Disable Site Link Bridging from the IP properties
Attach VHD file created by Windows server backup
16. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Domain based Distributed File System (DFS) will reduce network traffic
Domain based DFS namespace and configure a DFS replication group
Deploy a failover cluster that contains one node in each office.
17. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Disable Site Link Bridging from the IP properties
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
18. 4 steps to perform authoritative restore of a deleted OU...
Configure offline files and enable manual caching
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
19. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Use CISCO IP Helper command to configure.
Then use on install image file that contains a single install image.
20. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Incoming external trust
21. When one needs to audit files - folders - printers and the registry enable
Modify the local policy to point to the Internal WSUS server
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Registry on users computer needs to be modified
22. Tool to change Directory Services Restore Mode password on Domain Controller...
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
ntdsutil
Authorization Manager
23. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Active Directory snapshots and Tombstone reanimation
24. What utility is used to see what accounts cached on RODC?
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Active Directory Users and Computers
Deploy a failover cluster that contains one node in each office.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
25. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Group Policy Preferences
NOT be able to store that data on an iSCSI SAN
26. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Use CISCO IP Helper command to configure.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
27. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
NOT be able to store that data on an iSCSI SAN
28. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Configure Audit Special Logon and define Special Groups
New ACCOUNT STORE should be added and configured
Use CISCO IP Helper command to configure.
Create an Active Directory-Integrated zone.
29. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Create a new Password Settings Object (PSO) for the IT users.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Implement one LUN for the quorum and another LUN for the data
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
30. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Storage manager for SANs
Configure Firewall Group Policies and link them at the Domain level
Windows Server 2003
31. to increase the reliability of the print server - configure...
Printer driver isolation
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Disable Site Link Bridging from the IP properties
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
32. New password settings object (PSO) created and needs to be applied to user
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Restore-ADObject cmdlet
Properties of PSO need modified
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
33. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Event Log Subscriptions
Microsoft SharePoint Foundation 2010
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Implement Windows System Resource Manager (WSRM)
34. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Windows BitLocker Drive Encryption (Bit Locker)
WSUS server in the branch office in replica mode.
Dsmgmt
FFL Windows Server 2008 R2
35. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Implement Shadow Copies
Improve the performance of File Servers
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Enable - ADoptionalFeature cmdlet
36. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Add George to the Domain Admins group.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Assign the application to computers in the PC OU
Enable Credential Roaming
37. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Microsoft System Center Data Protection Manager
IIS Chared Configuration
The Group Policy Management console
An Active Directory subnet object needs to be created.
38. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
39. You need to recommend a BitLocker recovery method you should recommend this.
Recommend GPT and basic disks
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Data Recovery Agent
Attach VHD file created by Windows server backup
40. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Deploy a failover cluster that uses Node and File Share Disk Majority
41. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Create a MEDV workspace
42. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement Windows System Resource Manager (WSRM) and configure user policies
Then configure auto enrollment of certificates and Credential Roaming.
Windows XP Mode
43. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
Deploy Microsoft System Center Operations Manager (SCOM)
Event Subscriptions
Upgrading DFS to Windows Server 2008 R2
44. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure event log subscriptions
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
45. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Test-AppLockerPolicy
Then use on install image file that contains a single install image.
Implement Windows System Resource Manager (WSRM) and configure user policies
46. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Deploy the Root CA certificate to the external computers.
Incoming external trust
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Domain based Distributed File System (DFS) namespace and DFS Replication.
47. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Creating a data collector set that kick off a scritp that either move or delete files.
Domain based DFS namespace and configure a DFS replication group
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement the Windows Search Service.
48. To defragment and AD database...
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
net stop ntds
Multipath I/O feature
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
49. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Basic Authentication and SSL
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install Windows Server Backup and modify the Windows firewall settings
DSMOD
50. If you need to minimize the bandwidth for installation
Then use Windows Deployment Services (WDS) on DHCP1.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Utilize IFM (Install From Media)
Multipath I/O feature
