SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. FFL is...
Win2000
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Additional DFS Targets
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
2. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
PDC emulator with w32tm.exe
3. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Install and share a printer on a server and then enable printer pooling.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
4. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Additional DFS Targets
PowerShell 2.0
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
5. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then use on install image file that contains a single install image.
Raise the DFL to Windows Server 2008 R2.
Role Separation
6. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Increase the tombstone lifetime for the forest.
Enable Credential Roaming
Implement File Server Resource Manager (FSRM) quotas on the desired servers
7. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
A Distributed File System (DFS) namespace
Back up to an external USB drive by using Windows Server Backup
Active Directory Right Management Services (AD RMS)
PDC emulator with w32tm.exe
8. To be able to user an application from one AD FS with authentication server to another...
Implement Windows BitLocker Drive Encryption (BitLocker)
A relying party trust should be created.
Microsoft SharePoint Foundation 2010
DFL needs to be Windows Server 2008
9. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
CAPublishGP group should have the Manage CA permission.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Assign the application to all client computers by using a GPO.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
10. to make shares at a remote location available to users you should implement this.
Implement Distributed File System Replication (DFSR) on both servers
Assign the application to computers in the PC OU
Implement Windows System Resource Manager (WSRM)
Domain based Distributed File System (DFS) namespace and DFS Replication.
11. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Implement Windows BitLocker Drive Encryption (BitLocker)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Domain based DFS namespace and configure a DFS replication group
12. Can be used to install the Windows RE on existing servers
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure caching on the shared folder and configure offline files to use encryption
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
WDS
13. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Recommend Active Directory delegation
14. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Assign the application to all client computers by using a GPO.
DSMOD
15. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Folder redirection. Folder redirection is also useful when using roamin profiles.
Windows XP Mode
Share and Storage Management
16. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Configure caching on the shared folder (offline files)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
17. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Create a standard secondary of domain and create standard secondary of other domain.
Offline domain join
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
18. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Raise the DFL to Windows Server 2008 R2.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Deploy it by using Group Policy Software Installation method
Install Windows Server Backup and modify the Windows firewall settings
19. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
Configure Firewall Group Policies and link them at the Domain level
Back up to an external USB drive by using Windows Server Backup
Add the Windows Server Backup feature and Windows System Image recovery.
20. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install From Media IFM
Active Directory Right Management Services (AD RMS)
21. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Changed manually
Active Directory Users and Computers
Add the new UPN suffix to the forest.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
22. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
An Active Directory subnet object needs to be created.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Event Subscriptions
23. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Implement Shadow Copies
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
24. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
AD Rights Management Services
Distributed File System (DFS) Replication
25. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement a GPO for each domain
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Prestage the computer account in AD
26. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Zone transfer settings
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Prestage the computer account in AD
27. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Install From Media IFM
Upgrading DFS to Windows Server 2008 R2
Data Recovery Agent
28. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Windows XP Mode
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Execute the Set-ADServiceAccount cmdlet
Administrators is the minimum group membership required to complete this procedure.
29. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
30. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Network Load Balancing (NLB) cluster
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
31. To defragment and AD database...
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Implement one LUN for the quorum and another LUN for the data
net stop ntds
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
32. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Install Windows Server Backup and modify the Windows firewall settings
fsconfig on FSSrv2
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
33. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Modify the local policy to point to the Internal WSUS server
Deploy a GPO to the WebSrvOU
34. To configure AD FS so tokens contain information from Active Directory domain...
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
New ACCOUNT STORE should be added and configured
35. You need to allow a user to add a single computer to a domain - without any additional rights...
Deploy the Root CA certificate to the external computers.
Install Hyper-V role and convert physical machines into virtual machines
Prestage the computer account in AD
An Active Directory subnet object needs to be created.
36. If users complain that it is hard to find the shared folders on the network implement
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Additional DFS Targets
Raise the DFL to Windows Server 2008 R2.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
37. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Attach VHD file created by Windows server backup
Microsoft System Center Data Protection Manager 2010
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
38. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. 2 ways to relocate user and computer accounts to different OUs
Configure the zone as an Activde Directory-Integrated zone.
Win2000 Native
DSMOD - ADUC
Autonomous mode...This allows the local administrator to approve their own updates.
40. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Your machine and remote desktops
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Assign the application to all client computers by using a GPO.
41. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Winrm quickconfig
Install Hyper-V role and convert physical machines into virtual machines
Network Load Balancing (NLB)
Win2000
42. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Implement a GPO for each domain
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Then use Windows Deployment Services (WDS) on DHCP1.
Windows Server 2003
43. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Deploy a GPO for the Sales OU
Raise the DFL to Windows Server 2008 R2.
Your machine and remote desktops
DSMOD
44. What shold be done to configure AD RMS so users can protect their data?
New ACCOUNT STORE should be added and configured
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Create an e-mail account in AD DS for your RMS users
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
45. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Create a Network Load Balancing cluster.
Group Policy Preferences
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
46. You need to ensure that the guest account on all servers is disabled to
Microsoft Desktop Optimization Pack (MDOP) to your company
Additional DFS Targets
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Discover the run Microsoft Baseline Security Analyzer (MBSA)
47. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Event Log Subscriptions
48. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure caching on the shared folder and configure offline files to use encryption
Implement Windows System Resource Manager (WSRM)
Recommend Offline Files
49. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Deploy the Root CA certificate to the external computers.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Configure caching on the shared folder and configure offline files to use encryption
50. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Enable Windows Remote Management (WinRM) on each server.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Run net stop ntds
Active Directory Domains and Trusts
