SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Microsoft Desktop Optimization Pack (MDOP) to your company
An Active Directory subnet object needs to be created.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
2. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Implement a domain-based DFS namespace that uses replication
Test-AppLockerPolicy
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
3. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Win2000
Active Directory Users and Computers utility
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
4. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Increase the tombstone lifetime for the forest.
Then use on install image file that contains a single install image.
Event Log Subscriptions
Disable Site Link Bridging from the IP properties
5. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Implement GPO for all client computers
Subnet object needs to be created
Win2000 Native
Run adprep /forestprep and adprep /domainprep
6. Jack and Jill go up the hill - both with a buck and a quarter
Set-ADServiceAccount cmdlet
Windows BitLocker Drive Encryption (Bit Locker)
Win2000
Jill came down with 2.50.
7. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Deploy it by using Group Policy Software Installation method
Back up to an external USB drive by using Windows Server Backup
8. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Use CISCO IP Helper command to configure.
Modify the GPO to include folder redirection
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
9. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Role Separation
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Incoming external trust
10. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Network Load Balancing (NLB)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
11. To join a server/PC outside of the domain to the network...
Win2000 Native
Subnet object needs to be created
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
12. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Refresh the zone on DNS2
Install the RSAT tool on their workstation to provide for more efficient network management
Then configure GlobalNames zones on each domain controller.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
13. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Deploy a failover cluster that uses Node and File Share Disk Majority
Then use Windows BitLocker Drive Encryption
Create a new Password Settings Object (PSO) for the IT users.
14. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Administrators is the minimum group membership required to complete this procedure.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Role Separation
Configure an audit policy by editing the default domain policy and configure Event Forwarding
15. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Event Viewer
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
A relying party trust should be created.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
16. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Ntfrsutil
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
17. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Enable Windows Remote Management (WinRM) on the servers.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
CAPublishGP group should have the Manage CA permission.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
18. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Configure RODC for Administrator Role Separation
Include a server that runs Microsoft Office SharePoint Server 2010
Domain based DFS namespace and configure a DFS replication group
AD Rights Management Services
19. You need to deploy a sales application that only the sales users must have access to
Install From Media IFM
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Deploy a GPO for the Sales OU
20. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Configure caching on the shared folder (offline files)
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Assign the application to computers in the PC OU
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
21. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
net stop ntds
Network Load Balancing (NLB)
Administrators is the minimum group membership required to complete this procedure.
22. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Create a Network Load Balancing cluster.
New ACCOUNT STORE should be added and configured
23. In order to ensure highly available Windows Update servers you should create this.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Add the new UPN Suffix to the forest
DSMOD - ADUC
24. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
WSUS server in the branch office in replica mode.
Then install new Server 2008 R2 Enterprise subordinate CA.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Repadmin
25. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Configure caching on the shared folder (offline files)
fsconfig on FSSrv2
Implement the Windows Search Service.
26. to prevent VMs from receiving updats from a group policy
dnscmd tool
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
27. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
View properties of %systemroot%ntdsntds.dit
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
28. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure Firewall Group Policies and link them at the Domain level
Create an e-mail account in AD DS for your RMS users.
Windows System Resource Manager (WSRM)
29. What should be done to ensure changes made to AD objects can be logged?
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Incoming external trust
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
30. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Storage manager for SANs
Windows BitLocker Drive Encryption (Bit Locker)
net stop ntds
Then use Windows Deployment Services (WDS)
31. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Configure Firewall Group Policies and link them at the Domain level
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
32. If you need to minimize the bandwidth for installation
802.1.x NAP
File Server Resource Manager (FSRM) quotas and file screens
Utilize IFM (Install From Media)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
33. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Configure Audit Special Logon and define Special Groups
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Create an e-mail account in AD DS for your RMS users.
34. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Microsoft Desktop Optimization Pack (MDOP) to your company
Basic Authentication and SSL
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
35. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
36. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
ntdsutil
Domain based Distributed File System (DFS) will reduce network traffic
Execute the Set-ADServiceAccount cmdlet
Active Directory Domains and Trusts
37. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement one LUN for the quorum and another LUN for the data
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
38. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
File Server Resource Manager (FSRM) quotas and file screens
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Event Viewer
dnscmd
39. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Deploy a GPO for the Sales OU
Create ADMX and ADML files. Configure the GPO and link it to the domain.
40. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
41. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
DSMOD
Install From Media IFM
42. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
43. To be able to manage all the corporate servers from a workstation - you must install the
Assign the application to all client computers by using a GPO.
Deploy a failover cluster that contains one node in each office.
Windows BitLocker Drive Encryption (Bit Locker)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
44. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Create an e-mail account in AD DS for your RMS users
Implement Windows System Resource Manager (WSRM)
DFL needs to be Windows Server 2008
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
45. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Microsoft Desktop Optimization Pack (MDOP)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Microsoft Desktop Optimization Pack (MDOP) to your company
46. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
47. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
net stop ntds
Event Log Subscriptions
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Recommend Offline Files
48. A specific application requires registry modifications to be in place before installing; you should use
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Group Policy Preferences
AD RMS
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
49. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
WSUS server in the branch office in replica mode.
Service user account for AD LDS
Winrm quickconfig
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
50. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
DISABLE slow link detection in the GPO
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Microsoft Application Virtualization (AppV)
