SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
PDC emulator with w32tm.exe
Run net stop ntds
Discover the run Microsoft Baseline Security Analyzer (MBSA)
2. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Add the user to the Domain Admins global group
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
fsconfig on FSSrv2
Import-Module
3. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
FFL Windows Server 2008 R2
4. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
Then install new Server 2008 R2 Enterprise subordinate CA.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Distributed File System (DFS) Replication
5. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create a standard secondary of domain and create standard secondary of other domain.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
6. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Install From Media IFM
8. To restore deleted user account from AD Recycle Bin...
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Certificate Templates
net stop ntds
Restore-ADObject cmdlet
9. If you need to minimize the bandwidth for installation
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Utilize IFM (Install From Media)
Improve the performance of File Servers
View properties of %systemroot%ntdsntds.dit
10. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Microsoft Desktop Optimization Pack (MDOP) to your company
Create a standard secondary of domain and create standard secondary of other domain.
11. If you need to ensure that data is protected by BitLocker then you will...
Test-AppLockerPolicy
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
NOT be able to store that data on an iSCSI SAN
Microsoft Desktop Optimization Pack (MDOP) to your company
12. Striped volumes
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Improve the performance of File Servers
Assign the application to all client computers by using a GPO.
Ldp
13. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Implement Windows BitLocker Drive Encryption (BitLocker)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Get-ADUser cmdlet
14. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Group Policy Preferences
Dfsrdiag
Get-ADUser cmdlet
15. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Use Netsh tool from administrator's computer.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
16. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
An Active Directory subnet object needs to be created.
Multipath I/O feature
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
17. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Create a new Password Settings Object (PSO) for the IT users.
Implement Windows System Resource Manager (WSRM)
Ntfrsutil
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
18. To backup GPO's in domain and minimize bakcup...
A Distributed File System (DFS) namespace
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
The Group Policy Management Console
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
19. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploy a failover cluster that uses Node and File Share Disk Majority
20. If you need to allow an external partner's computer to access internal network resources by using SSTP
The Group Policy Management console
Domain based DFS namespace and configure a DFS replication group
Deploy the Root CA certificate to the external computers.
Configure folder redirection
21. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Recommend Group Policy preferences
FILES option within Ntdsutil
22. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Basic Authentication and SSL
Configure Audit Special Logon and define Special Groups
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
23. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Microsoft System Center Data Protection Manager 2010
Recommend Offline Files
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure separate application pools for each application
24. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Improve the performance of File Servers
New ACCOUNT STORE should be added and configured
From Server1 - run the Create Basic Task Wizard
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
25. To defragment and AD database...
Create a Central Store
Active Directory snapshots and Tombstone reanimation
Then install new Server 2008 R2 Enterprise subordinate CA.
net stop ntds
26. To prevent account password from being cached on RODC server...
WSUS server in the branch office in replica mode.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Modify properties of RODC server computer account.
Recommend Active Directory delegation
27. To add a server with AD FS 2.0 role to an existing AD FS farm...
Domain based Distributed File System (DFS) namespace and DFS Replication.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
A relying party trust should be created.
fsconfig on FSSrv2
28. To be able to manage all the corporate servers from a workstation - you must install the
IIS Manager user account
Microsoft Desktop Optimization Pack (MDOP) to your company
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install the RSAT tool on their workstation to provide for more efficient network management
29. An AD LDS instance needs to be replicated from one server to another...
Attach VHD file created by Windows server backup
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploy a GPO for the Sales OU
Service user account for AD LDS
30. You need to design your WSUS infrastructure so that updates are highly available. To do so
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
31. FFL is...
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Ntdsutil
Win2000
32. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Network Load Balancing (NLB) cluster
Microsoft Desktop Optimization Pack (MDOP) to your company
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
33. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
34. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Printer driver isolation
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Use a GPO to configure device installation restrictions
35. You need a solution that meets policy while minimizing hardware and software costs
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Create a new Password Settings Object (PSO) for the IT users.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
36. To create and additional AD LDS applicaiton directory partition in existing instance...
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Certificate Templates
Implement Windows System Resource Manager (WSRM) and configure user policies
Ldp
37. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Get-ADUser cmdlet
39. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Import-Module
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Offline domain join
Win2000
40. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Network Load Balancing (NLB) cluster
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Then configure auto enrollment of certificates and Credential Roaming.
41. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
42. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Data Recovery Agent
802.1.x NAP
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Site
43. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
DFL needs to be Windows Server 2008
An Active Directory subnet object needs to be created.
fsconfig on FSSrv2
44. GPO setting to prevent all users from running an application
dsa.msc - dsamain.exe - ntdsutil.exe
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Software Restriction Polices
A relying party trust should be created.
45. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
IIS Chared Configuration
46. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Install Windows Server Backup and modify the Windows firewall settings
Include a server that runs Microsoft Office SharePoint Server 2010
Configure caching on the shared folder (offline files)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
47. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
WSUS server in the branch office in replica mode.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
48. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
From Server A - run Create Basic Task Wizard
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Ntfrsutil
49. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Configure block inheritance on the IT OU
A Distributed File System (DFS) namespace
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
50. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Distributed File System Replication (DFSR) on both servers
Service user account for AD LDS
