SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Administrative Role Separation
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
2. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Add the Windows Server Backup feature and Windows System Image recovery.
Then use Windows Deployment Services (WDS)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
3. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Modify zone transfer settings for company.com zone on DCA
Dsmgmt
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Upgrading DFS to Windows Server 2008 R2
4. To defragment and AD database...
NOT be able to store that data on an iSCSI SAN
net stop ntds
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
5. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Create an e-mail account in AD DS for your RMS users.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Dfsrdiag
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
6. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
dnscmd tool
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
7. File that contains the last logon time and custom attributes values for each user in your forest.
MEDV to deploy virtual desktops
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Then use Windows BitLocker Drive Encryption
Get-ADUser cmdlet
8. You need a solution that meets policy while minimizing hardware and software costs
An Active Directory subnet object needs to be created.
Network Load Balancing (NLB) cluster
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create a new Password Settings Object (PSO) for the IT users.
9. To backup to tape/robotic tape and to backup VMs you must use...
Import-Module
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure authorization rules for Web developers on each web server
Microsoft System Center Data Protection Manager 2010
10. To minimize the amount of storage required you should recommend
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Share and Storage Management
Creating a data collector set that kick off a scritp that either move or delete files.
Software Restriction Polices
11. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Event Log Subscriptions
Improve the performance of File Servers
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
12. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Create an e-mail account in AD DS for your RMS users
Microsoft System Center Data Protection Manager
13. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Microsoft System Center Data Protection Manager
Configure separate application pools for each application
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Create and deploy a logon script that runs Auditpol.
14. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
MEDV to deploy virtual desktops
Implement the Windows Search Service.
15. What should be done to ensure changes made to AD objects can be logged?
Administrative Role Separation
Then configure auto enrollment of certificates and Credential Roaming.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure RODC for Administrator Role Separation
16. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
PDC emulator with w32tm.exe
Run adprep /forestprep and adprep /domainprep
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy the Root CA certificate to the external computers.
17. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
WDS
Configure RODC for Administrator Role Separation
Zone transfer settings
Create ADMX and ADML files. Configure the GPO and link it to the domain.
18. If subnets are connected by CISCO router that is RFC-1542 compliant
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Configure caching on the shared folder and configure offline files to use encryption
Use CISCO IP Helper command to configure.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
19. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Distributed File System (DFS) Replication
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Ldp
Create an e-mail account in AD DS for your RMS users.
20. If a file server reaches 15% free disk space - you could free up some disk space by
Windows BitLocker Drive Encryption (Bit Locker)
Creating a data collector set that kick off a scritp that either move or delete files.
Add George to the Domain Admins group.
Distributed File System (DFS) Replication
21. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
802.1.x NAP
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Modify the local policy to point to the Internal WSUS server
22. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Administrators is the minimum group membership required to complete this procedure.
Configure caching on the shared folder (offline files)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then use Windows Deployment Services (WDS) on DHCP1.
23. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Distributed File System (DFS) Replication
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Microsoft Desktop Optimization Pack (MDOP) to your company
DSMOD
24. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
WSUS server in the branch office in replica mode.
Share and Storage Management
DISABLE slow link detection in the GPO
Implement GPO for all client computers
25. To determine size of AD database file...
The Group Policy Management Console
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
View properties of %systemroot%ntdsntds.dit
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
26. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Ldp
Run the Delegation of Control Wizard on the Staff OU
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
27. You need to design your WSUS infrastructure so that updates are highly available. To do so
Configure the zone as an Activde Directory-Integrated zone.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
28. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Assign the application to all client computers by using a GPO.
An Active Directory subnet object needs to be created.
Site
29. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Domain based Distributed File System (DFS) namespace and DFS Replication.
AD RMS
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
30. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Back up to an external USB drive by using Windows Server Backup
Configure caching on the shared folder (offline files)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
31. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Site
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Refresh the zone on DNS2
32. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Dsmgmt
Active Directory Right Management Services (AD RMS)
Implement Shadow Copies
Disable Site Link Bridging from the IP properties
33. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
A relying party trust should be created.
Then use Windows Deployment Services (WDS)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
34. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Administrative Role Separation
Active Directory Domains and Trusts
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
35. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create a Central Store
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
36. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The Group Policy Management console
NOT be able to store that data on an iSCSI SAN
Then use Windows BitLocker Drive Encryption
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
37. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Dsmgmt
Jill came down with 2.50.
Basic Authentication and SSL
38. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Win2000
Enable Windows Remote Management (WinRM) on the servers.
Windows Deployment Services (WDS)
Configure Firewall Group Policies and link them at the Domain level
39. The Computer Management snap-in allows you to create shares both on...
Use Netsh tool from administrator's computer.
Your machine and remote desktops
Include a server that runs Microsoft Office SharePoint Server 2010
WSUS server in the branch office in replica mode.
40. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Recommend GPT and basic disks
Dfsrdiag
41. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Microsoft System Center Data Protection Manager 2010
Implement Windows System Resource Manager (WSRM) and configure user policies
NOT be able to store that data on an iSCSI SAN
Windows XP Mode
42. Can be used to install the Windows RE on existing servers
Test-AppLockerPolicy
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
WDS
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
43. If you need to encrypt all data on all disks
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Enable - ADoptionalFeature cmdlet
Implement GPO for all client computers
Then use Windows BitLocker Drive Encryption
44. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
DISABLE slow link detection in the GPO
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Windows Server 2003
45. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Purchase one additional Enterprise License
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
New ACCOUNT STORE should be added and configured
46. To enable the AD Recycle Bin
Software Restriction Polices
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Enable - ADoptionalFeature cmdlet
Create a new Password Settings Object (PSO) for the IT users.
47. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Backup operator's domain local group
Install Hyper-V role and convert physical machines into virtual machines
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
48. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add the new UPN Suffix to the forest
Share and Storage Management
49. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
NOT be able to store that data on an iSCSI SAN
Modify the schema of LDSInst1
Restore-ADObject cmdlet
Then use Windows Deployment Services (WDS) on DHCP1.
50. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Then configure auto enrollment of certificates and Credential Roaming.
Assign the application to computers in the PC OU
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.