SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Assign the application to computers in the PC OU
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Folder redirection. Folder redirection is also useful when using roamin profiles.
2. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Deploy a failover cluster that contains one node in each office.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Use Netsh tool from administrator's computer.
Configure caching on the shared folder and configure offline files to use encryption
3. What should be done to ensure changes made to AD objects can be logged?
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Windows Server 2003
4. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Create a Central Store
Microsoft Desktop Optimization Pack (MDOP) to your company
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Windows XP Mode
5. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
6. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Ntfrsutil
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
7. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Certificate Templates
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Microsoft Application Virtualization (AppV)
8. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Then use Windows BitLocker Drive Encryption
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Add the user to the Domain Admins global group
9. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Get-ADUser cmdlet
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
10. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Site
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
From Server1 - run the Create Basic Task Wizard
An Active Directory subnet object needs to be created.
11. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install Hyper-V role and convert physical machines into virtual machines
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
12. When service account passwords need to be changed for SQL they should be...
Configure Firewall Group Policies and link them at the Domain level
DSMOD
Changed manually
Then install new Server 2008 R2 Enterprise subordinate CA.
13. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
DSMOD - ADUC
Improve the performance of File Servers
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Windows BitLocker Drive Encryption (Bit Locker)
14. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
AD RMS
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Import-Module
Recommend GPT and basic disks
15. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Active Directory snapshots and Tombstone reanimation
Implement Distributed File System Replication (DFSR) on both servers
16. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
The Group Policy Management Console
Encrypting File System (EFS). This can be enabled locally or through a GPO.
An Active Directory subnet object needs to be created.
Dfsrdiag
17. You need a solution that meets policy while minimizing hardware and software costs
Event Log Subscriptions
Create a new Password Settings Object (PSO) for the IT users.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Then use Windows Deployment Services (WDS) on DHCP1.
18. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
FILES option within Ntdsutil
Refresh the zone on DNS2
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
19. To enable the AD Recycle Bin
Create an Active Directory-Integrated zone.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Enable - ADoptionalFeature cmdlet
FFL Windows Server 2008 R2
20. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Configure offline files and enable manual caching
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
21. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
AD RMS
Configure caching on the shared folder and configure offline files to use encryption
Network Load Balancing (NLB) cluster
File Server Resource Manager (FSRM) quotas and file screens
22. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
Share and Storage Management
Network Load Balancing (NLB)
Modify the local policy to point to the Internal WSUS server
23. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Then use on install image file that contains a single install image.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Perform an authoritative restore
FILES option within Ntdsutil
24. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
dsa.msc - dsamain.exe - ntdsutil.exe
A relying party trust should be created.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure block inheritance on the IT OU
25. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure Firewall Group Policies and link them at the Domain level
26. Tools to view contents of an OU in an AD snapshot...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Raise the DFL to Windows Server 2008 R2.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
dsa.msc - dsamain.exe - ntdsutil.exe
27. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Network Load Balancing (NLB)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
28. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Recommend GPT and basic disks
Upgrading DFS to Windows Server 2008 R2
29. To restore previous version of script without taking up too much of time...
Ldp
From Server A - run Create Basic Task Wizard
Import-Module
Attach VHD file created by Windows server backup
30. Need to access some resources in another domain that is part of another forest...What trust is created?
Modify the GPO to include folder redirection
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Incoming external trust
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
31. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement Windows System Resource Manager (WSRM)
Utilize IFM (Install From Media)
Install the RSAT tool on their workstation to provide for more efficient network management
32. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Attach VHD file created by Windows server backup
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Subnet object needs to be created
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
33. If a file server reaches 15% free disk space - you could free up some disk space by
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Creating a data collector set that kick off a scritp that either move or delete files.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Configure an audit policy by editing the default domain policy and configure Event Forwarding
34. The Computer Management snap-in allows you to create shares both on...
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Create a Network Load Balancing cluster.
Your machine and remote desktops
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
35. What should be done to resolve names by using GlobalNames zone?
Windows Deployment Services (WDS)
Deploy Microsoft System Center Operations Manager (SCOM)
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
dnscmd tool
36. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Domain based Distributed File System (DFS) namespace and DFS Replication.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
DFL needs to be Windows Server 2008
37. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Configure event log subscriptions
Authorization Manager
PowerShell 2.0
Recommend Offline Files
38. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify zone transfer settings for company.com zone on DCA
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
39. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Use Netsh tool from administrator's computer.
Implement a domain-based DFS namespace that uses replication
40. To compact AD database...
FILES option within Ntdsutil
dsa.msc - dsamain.exe - ntdsutil.exe
Recommend Group Policy preferences
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
41. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Storage manager for SANs
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
42. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Administrative Role Separation
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
43. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Network Load Balancing (NLB)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Offline domain join
44. In order to manage websites without having to logon you can use
Basic Authentication and SSL
Modify the local policy to point to the Internal WSUS server
PowerShell 2.0
Create and deploy a logon script that runs Auditpol.
45. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
WDS
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Domain based DFS namespace and configure a DFS replication group
An Active Directory subnet object needs to be created.
46. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Deploy a failover cluster that uses Node and File Share Disk Majority
Configure caching on the shared folder (offline files)
Additional DFS Targets
ntdsutil
47. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Create a MEDV workspace
Authorization Manager
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
48. To backup GPO's in domain and minimize bakcup...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
The Group Policy Management Console
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Implement GPO for all client computers
49. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
50. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Incoming external trust
File Server Resource Manager (FSRM) quotas and file screens
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Implement folder redirection by using GPO. Then backup the folder redirection target.