SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Attach VHD file created by Windows server backup
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
2. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Install Windows Server Backup and modify the Windows firewall settings
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
3. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Include a server that runs Microsoft Office SharePoint Server 2010
DSMOD
Create and deploy a logon script that runs Auditpol.
4. To backup to tape/robotic tape and to backup VMs you must use...
Repadmin
802.1.x NAP
DFL needs to be Windows Server 2008
Microsoft System Center Data Protection Manager 2010
5. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Modify zone transfer settings for company.com zone on DCA
Microsoft Desktop Optimization Pack (MDOP)
Install Hyper-V role and convert physical machines into virtual machines
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
6. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Multipath I/O feature
Then use Windows Deployment Services (WDS)
Run net stop ntds
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
7. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
Group Policy Preferences
Active Directory snapshots and Tombstone reanimation
Create a new Password Settings Object (PSO) for the IT users.
8. The strongest form of NAP is
Run the Delegation of Control Wizard on the Staff OU
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
9. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Implement the Windows Search Service.
Storage manager for SANs
From Server1 - run the Create Basic Task Wizard
Purchase one additional Enterprise License
10. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
A relying party trust should be created.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
WSUS server in the branch office in replica mode.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
11. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Microsoft SharePoint Foundation 2010
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Add George to the Domain Admins group.
Incoming external trust
12. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
WDS
Include a server that runs Microsoft Office SharePoint Server 2010
Configure authorization rules for Web developers on each web server
Active Directory Right Management Services (AD RMS)
13. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Include a server that runs Microsoft Office SharePoint Server 2010
14. To backup GPO's in domain and minimize bakcup...
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
The Group Policy Management Console
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
15. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Windows System Resource Manager (WSRM)
Repadmin
Add George to the Domain Admins group.
Configure the zone as an Activde Directory-Integrated zone.
16. To deploy templates across the organization
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
17. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure separate application pools for each application
Microsoft Desktop Optimization Pack (MDOP)
Active Directory Right Management Services (AD RMS)
18. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Basic Authentication and SSL
Test-AppLockerPolicy
Deploy it by using Group Policy Software Installation method
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
19. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Add the user to the Domain Admins global group
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
20. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Configure offline files and enable manual caching
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
21. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Winrm quickconfig
22. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add the Windows Server Backup feature and Windows System Image recovery.
Modify zone transfer settings for company.com zone on DCA
Use Netsh tool from administrator's computer.
23. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Enable Windows Remote Management (WinRM) on the servers.
Create and deploy a logon script that runs Auditpol.
Microsoft Desktop Optimization Pack (MDOP)
24. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy a GPO for the Sales OU
MEDV to deploy virtual desktops
25. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Utilize IFM (Install From Media)
26. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Include a server that runs Microsoft Office SharePoint Server 2010
27. Enables you to receive emails when domain users locked out of accounts...
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Event Viewer
Create an e-mail account in AD DS for your RMS users.
Storage manager for SANs
28. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Utilize IFM (Install From Media)
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Certificate Templates
29. UPN Suffix xxxx.com needs to be available for user accounts...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Microsoft System Center Data Protection Manager 2010
Add the new UPN Suffix to the forest
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
30. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Dsmgmt
Create a new Password Settings Object (PSO) for the IT users.
31. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Use Netsh tool from administrator's computer.
AD Domains and Trusts
Event Viewer
Configure an audit policy by editing the default domain policy and configure Event Forwarding
32. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Back up to an external USB drive by using Windows Server Backup
Run the Delegation of Control Wizard on the Staff OU
fsconfig on FSSrv2
33. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Create a Network Load Balancing cluster.
Create a standard secondary of domain and create standard secondary of other domain.
34. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
IIS Chared Configuration
Import-Module
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the user to the Domain Admins global group
35. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Windows Server 2003
Add the new UPN suffix to the forest.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
36. When deploying an application using the Group Policy distribution method assign the...
Include a server that runs Microsoft Office SharePoint Server 2010
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Microsoft Desktop Optimization Pack (MDOP)
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
37. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
DISABLE slow link detection in the GPO
Implement Shadow Copies
Configure authorization rules for Web developers on each web server
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
38. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Upgrading DFS to Windows Server 2008 R2
39. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Get-ADUser cmdlet
Authorization Manager role assignment
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Add the new UPN Suffix to the forest
40. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Active Directory Right Management Services (AD RMS)
41. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Install and share a printer on a server and then enable printer pooling.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy a GPO to the WebSrvOU
Add the Windows Server Backup feature and Windows System Image recovery.
42. To enable the AD Recycle Bin
Configure folder redirection
Prestage the computer account in AD
Enable Windows Remote Management (WinRM) on the servers.
Enable - ADoptionalFeature cmdlet
43. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Multipath I/O feature
Create a standard secondary of domain and create standard secondary of other domain.
Microsoft Application Virtualization (AppV)
44. To create AD Domain Services snapshot
Enable Windows Remote Management (WinRM) on the servers.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Create a MEDV workspace
Ntdsutil
45. When service account passwords need to be changed for SQL they should be...
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Changed manually
Certificate Templates
Event Subscriptions
46. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Install Hyper-V role and convert physical machines into virtual machines
net stop ntds
47. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Back up to an external USB drive by using Windows Server Backup
Restore-ADObject cmdlet
Authorization Manager
Purchase one additional Enterprise License
48. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
IIS Chared Configuration
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Creating a data collector set that kick off a scritp that either move or delete files.
49. An AD LDS instance needs to be replicated from one server to another...
Registry on users computer needs to be modified
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Service user account for AD LDS
Implement folder redirection by using GPO. Then backup the folder redirection target.
50. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Configure separate application pools for each application
Offline domain join
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
