SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
WDS
View properties of %systemroot%ntdsntds.dit
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
2. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
From Server1 - run the Create Basic Task Wizard
Configure separate application pools for each application
3. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Group Policy Preferences
Add George to the Domain Admins group.
Implement Windows BitLocker Drive Encryption (BitLocker)
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
4. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Authorization Manager
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Import-Module
5. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Zone transfer settings
Deploy a GPO to the WebSrvOU
Storage manager for SANs
6. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Software Restriction Polices
Create a Central Store
MEDV to deploy virtual desktops
Administrative Role Separation
7. What utility is used to see what accounts cached on RODC?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Include a server that runs Microsoft Office SharePoint Server 2010
Active Directory Users and Computers
8. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Create and deploy a logon script that runs Auditpol.
9. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Create an e-mail account in AD DS for your RMS users
10. To restore previous version of script without taking up too much of time...
File Server Resource Manager (FSRM) quotas and file screens
Attach VHD file created by Windows server backup
Authorization Manager
fsconfig on FSSrv2
11. To minimize the amount of storage required you should recommend
Share and Storage Management
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
PowerShell 2.0
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
12. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Implement Network Access Protection (NAP)
Install and share a printer on a server and then enable printer pooling.
13. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Certificate Templates
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Role Separation
14. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Distributed File System (DFS) Replication
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
15. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
dnscmd
New ACCOUNT STORE should be added and configured
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
16. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
FILES option within Ntdsutil
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Microsoft SharePoint Foundation 2010
17. Enables you to receive emails when domain users locked out of accounts...
Properties of PSO need modified
Event Viewer
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Modify properties of RODC server computer account.
18. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
From Server1 - run the Create Basic Task Wizard
Winrm quickconfig
19. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Certificate Templates
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy a failover cluster that contains one node in each office.
20. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
AD Rights Management Services
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
PDC emulator with w32tm.exe
21. If you want to allow single-label name resolution
Then configure GlobalNames zones on each domain controller.
Active Directory Domains and Trusts
Modify the GPO to include folder redirection
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
22. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Purchase one additional Enterprise License
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
23. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Create an Active Directory-Integrated zone.
Certificate Templates
Ldp
24. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
Jill came down with 2.50.
Use local roles options within "dsmgmt"
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
25. In order to ensure highly available Windows Update servers you should create this.
Then use Windows BitLocker Drive Encryption
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Event Log Subscriptions
Create a Network Load Balancing cluster.
26. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Service user account for AD LDS
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
27. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Zone transfer settings
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
DSMOD - ADUC
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
28. For the users that work remotely that need access to files from the corporate office you should...
Your machine and remote desktops
Then use Windows Deployment Services (WDS)
Refresh the zone on DNS2
Recommend Offline Files
29. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
fsconfig on FSSrv2
Assign the application to computers in the PC OU
Dfsrdiag
30. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Registry on users computer needs to be modified
Passive file screens
Create a Central Store
Software Restriction Polices
31. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Recommend GPT and basic disks
Deploy a failover cluster that uses Node and File Share Disk Majority
Administrative Role Separation
IIS Manager user account
32. To deploy templates across the organization
Ldp
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Refresh the zone on DNS2
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
33. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add the new UPN suffix to the forest.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
34. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Configure Firewall Group Policies and link them at the Domain level
DFL needs to be Windows Server 2008
Configure caching on the shared folder and configure offline files to use encryption
35. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
DSMOD
Configure event log subscriptions
Use Netsh tool from administrator's computer.
36. Capture all replication errors from all your DCs to a central location...
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure event log subscriptions
Create a Network Load Balancing cluster.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
37. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Group Policy Preferences
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
38. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Configure Firewall Group Policies and link them at the Domain level
39. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Microsoft System Center Data Protection Manager 2010
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
40. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Then use Windows Deployment Services (WDS) on DHCP1.
Site
41. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement File Server Resource Manager (FSRM) quotas on the desired servers
42. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Assign the application to all client computers by using a GPO.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
43. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Set-ADServiceAccount cmdlet
Windows Server 2003
44. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Recommend GPT and basic disks
Deploy Microsoft System Center Operations Manager (SCOM)
45. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Then use Windows BitLocker Drive Encryption
Implement Network Access Protection (NAP) that uses 802.1x enforcement
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Distributed File System Replication (DFSR) on both servers
46. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Administrators is the minimum group membership required to complete this procedure.
Changed manually
Add the new UPN Suffix to the forest
47. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Dsmgmt
Enable Windows Remote Management (WinRM) on the servers.
48. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
49. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
DISABLE slow link detection in the GPO
Configure folder redirection
50. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Deploy a failover cluster that contains one node in each office.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Deploy the Root CA certificate to the external computers.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
