SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Add-ADFineGrainedPasswordPolicySubject cmdlet
Recommend GPT and basic disks
Deploy Microsoft System Center Operations Manager (SCOM)
2. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
3. If you need to delegate control of server to remote admins group
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Upgrading DFS to Windows Server 2008 R2
Configure RODC for Administrator Role Separation
4. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
Create an e-mail account in AD DS for your RMS users.
Event Viewer
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
5. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Dsmgmt
A relying party trust should be created.
Configure caching on the shared folder and configure offline files to use encryption
6. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure Firewall Group Policies and link them at the Domain level
DFL needs to be Windows Server 2008
7. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Execute the Set-ADServiceAccount cmdlet
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Passive file screens
8. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Printer driver isolation
Configure offline files and enable manual caching
9. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
10. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Software Restriction Polices
Include a server that runs Microsoft Office SharePoint Server 2010
Domain based DFS namespace and configure a DFS replication group
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
11. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
DFL needs to be Windows Server 2008
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
12. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Implement Network Access Protection (NAP)
Configure folder redirection
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Create a Network Load Balancing cluster.
13. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
14. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Event Subscriptions
Microsoft Desktop Optimization Pack (MDOP)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Properties of PSO need modified
15. What should be done first to defragment the AD database?
Enable Credential Roaming
Create a standard secondary of domain and create standard secondary of other domain.
Run net stop ntds
Create an Active Directory-Integrated zone.
16. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Zone transfer settings
Create a new Password Settings Object (PSO) for the IT users.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Create and deploy a logon script that runs Auditpol.
17. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Add George to the Domain Admins group.
18. To back up your Hyper-VMs and the Hyper-V host; for each VM -
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
The Group Policy Management Console
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
19. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Incoming external trust
Raise the DFL to Windows Server 2008 R2.
Get-ADUser cmdlet
Use Netsh tool from administrator's computer.
20. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Run adprep /forestprep and adprep /domainprep
Create a Network Load Balancing cluster.
Folder redirection. Folder redirection is also useful when using roamin profiles.
21. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement GPO for all client computers
Perform an authoritative restore
22. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create and deploy a logon script that runs Auditpol.
23. to protect file servers and hard disks that may be at risk of being accessed or stolen
Add the new UPN suffix to the forest.
Configure authorization rules for Web developers on each web server
Implement Windows BitLocker Drive Encryption (BitLocker)
Recommend Group Policy preferences
24. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Create a new Password Settings Object (PSO) for the IT users.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
New ACCOUNT STORE should be added and configured
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
25. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
26. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Microsoft Desktop Optimization Pack (MDOP)
Create a MEDV workspace
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
27. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Install From Media IFM
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
The Group Policy Management Console
Windows System Resource Manager (WSRM)
28. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Incoming external trust
Implement Windows BitLocker Drive Encryption (BitLocker)
29. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Dsmgmt
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
30. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Modify the GPO to include folder redirection
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Deploy a failover cluster that contains one node in each office.
Disable Site Link Bridging from the IP properties
31. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Dfsrdiag
32. Tool to change Directory Services Restore Mode password on Domain Controller...
dnscmd tool
Upgrading DFS to Windows Server 2008 R2
Incoming external trust
ntdsutil
33. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Implement a domain-based DFS namespace that uses replication
An Active Directory subnet object needs to be created.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
34. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Microsoft Desktop Optimization Pack (MDOP)
Execute the Set-ADServiceAccount cmdlet
Include a server that runs Microsoft Office SharePoint Server 2010
Use Netsh tool from administrator's computer.
35. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Use a GPO to configure device installation restrictions
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Winrm quickconfig
36. What shold be done to configure AD RMS so users can protect their data?
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Group Policy Preferences
Network Load Balancing (NLB)
Create an e-mail account in AD DS for your RMS users
37. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Configure RODC for Administrator Role Separation
Backup operator's domain local group
Encrypting File System (EFS). This can be enabled locally or through a GPO.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
38. To backup GPO's in domain and minimize bakcup...
Microsoft Application Virtualization (AppV)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Configure Audit Special Logon and define Special Groups
The Group Policy Management Console
39. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
FFL Windows Server 2008 R2
Configure offline files and enable manual caching
CAPublishGP group should have the Manage CA permission.
40. 4 steps to perform authoritative restore of a deleted OU...
Domain based DFS namespace and configure a DFS replication group
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Prestage the computer account in AD
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
41. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
File Server Resource Manager (FSRM) quotas and file screens
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
42. To restore previous version of script without taking up too much of time...
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Attach VHD file created by Windows server backup
Create a MEDV workspace
43. If users complain that it is hard to find the shared folders on the network implement
Modify properties of RODC server computer account.
Additional DFS Targets
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Then configure auto enrollment of certificates and Credential Roaming.
44. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Active Directory Domains and Trusts
Implement Network Access Protection (NAP) that uses 802.1x enforcement
45. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement Distributed File System Replication (DFSR) on both servers
Implement a Remote Desktop Connection Broker (RD Connection Broker)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
46. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Network Load Balancing (NLB)
Utilize IFM (Install From Media)
DSMOD - ADUC
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
47. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Configure Firewall Group Policies and link them at the Domain level
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
48. to make shares at a remote location available to users you should implement this.
NOT be able to store that data on an iSCSI SAN
Then configure GlobalNames zones on each domain controller.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
49. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Windows XP Mode
Implement GPO for all client computers
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
The Group Policy Management console
50. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Subnet object needs to be created
