SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Subnet object needs to be created
Printer driver isolation
Add George to the Domain Admins group.
2. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure folder redirection
3. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Passive file screens
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Domain based DFS namespace and configure a DFS replication group
4. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
WSUS server in the branch office in replica mode.
Assign the application to computers in the PC OU
Utilize IFM (Install From Media)
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
5. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
dnscmd
Restore-ADObject cmdlet
Changed manually
6. Tools to view contents of an OU in an AD snapshot...
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
dsa.msc - dsamain.exe - ntdsutil.exe
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
7. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Enable Windows Remote Management (WinRM) on each server.
8. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
PowerShell 2.0
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure the zone as an Activde Directory-Integrated zone.
Then install new Server 2008 R2 Enterprise subordinate CA.
9. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Then use Windows BitLocker Drive Encryption
Implement a domain-based DFS namespace that uses replication
NOT be able to store that data on an iSCSI SAN
10. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. To allow connection to a 256 Kbps ISDN...
Event Log Subscriptions
Active Directory Users and Computers utility
Add the new UPN Suffix to the forest
DISABLE slow link detection in the GPO
12. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Execute the Set-ADServiceAccount cmdlet
Create a Central Store
Create a new Password Settings Object (PSO) for the IT users.
dsa.msc - dsamain.exe - ntdsutil.exe
13. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
NOT be able to store that data on an iSCSI SAN
14. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Test-AppLockerPolicy
Deploy a failover cluster that uses Node and File Share Disk Majority
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
15. To restore previous version of script without taking up too much of time...
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Active Directory Users and Computers
Attach VHD file created by Windows server backup
16. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
From Server A - run Create Basic Task Wizard
Refresh the zone on DNS2
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
17. To determine size of AD database file...
Implement Windows System Resource Manager (WSRM)
Changed manually
View properties of %systemroot%ntdsntds.dit
Raise the DFL to Windows Server 2008 R2.
18. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Configure block inheritance on the IT OU
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
dnscmd
Create and deploy a logon script that runs Auditpol.
19. What should be done first to defragment the AD database?
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Windows Server 2003
Run net stop ntds
Set-ADServiceAccount cmdlet
20. When one needs to audit files - folders - printers and the registry enable
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Software Restriction Polices
21. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Utilize IFM (Install From Media)
DSMOD
Folder redirection. Folder redirection is also useful when using roamin profiles.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
22. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Administrative Role Separation
Enable Windows Remote Management (WinRM) on each server.
Implement Network Access Protection (NAP)
23. Striped volumes
Role Separation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Improve the performance of File Servers
MEDV to deploy virtual desktops
24. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Then install new Server 2008 R2 Enterprise subordinate CA.
Ntfrsutil
25. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Deploy a GPO for the Sales OU
Event Viewer
Configure RODC for Administrator Role Separation
Windows BitLocker Drive Encryption (Bit Locker)
26. 2 ways to relocate user and computer accounts to different OUs
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
AD RMS
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
DSMOD - ADUC
27. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
DFL needs to be Windows Server 2008
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
28. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Event Viewer
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure caching on the shared folder and configure offline files to use encryption
Administrators is the minimum group membership required to complete this procedure.
29. What role to keep same time as an external server?
PDC emulator with w32tm.exe
Configure authorization rules for Web developers on each web server
Modify zone transfer settings for company.com zone on DCA
Ntfrsutil
30. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
31. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Incoming external trust
Active Directory Domains and Trusts
32. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
33. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
WSUS server in the branch office in replica mode.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Configure Firewall Group Policies and link them at the Domain level
34. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Dsmgmt
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Disable Site Link Bridging from the IP properties
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
35. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Improve the performance of File Servers
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
36. You need to deploy a sales application that only the sales users must have access to
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Import-Module
Dsmgmt
Deploy a GPO for the Sales OU
37. If users complain that it is hard to find the shared folders on the network implement
Additional DFS Targets
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Create a Central Store
38. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
ntdsutil
Enable Windows Remote Management (WinRM) on each server.
39. Need to ensure users receive updated template within five days...
Back up to an external USB drive by using Windows Server Backup
Create a Central Store
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Registry on users computer needs to be modified
40. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Dsmgmt
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Changed manually
42. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Install and share a printer on a server and then enable printer pooling.
Then use Windows Deployment Services (WDS)
Service user account for AD LDS
43. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
44. New Password Policy needs to be created for OU different from domain password policy
Windows System Resource Manager (WSRM)
Use CISCO IP Helper command to configure.
Raise the DFL to Windows Server 2008 R2.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
45. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Recommend Group Policy preferences
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
46. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Get-ADUser cmdlet
Discover the run Microsoft Baseline Security Analyzer (MBSA)
47. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
CAPublishGP group should have the Manage CA permission.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
48. You need to recommend a BitLocker recovery method you should recommend this.
Modify the local policy to point to the Internal WSUS server
Incoming external trust
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Data Recovery Agent
49. GPO setting to prevent all users from running an application
Jill came down with 2.50.
Properties of PSO need modified
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Software Restriction Polices
50. If you need to be able to create shared folders on Server 2008 R2
Deploy a failover cluster that uses Node and File Share Disk Majority
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
