SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install the RSAT tool on their workstation to provide for more efficient network management
2. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
IIS Manager user account
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Add George to the Domain Admins group.
3. File that contains the last logon time and custom attributes values for each user in your forest.
DISABLE slow link detection in the GPO
Jill came down with 2.50.
Deploy Microsoft System Center Operations Manager (SCOM)
Get-ADUser cmdlet
4. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
FFL Windows Server 2008 R2
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Include a server that runs Microsoft Office SharePoint Server 2010
5. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
6. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Data Recovery Agent
7. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Deploy it by using Group Policy Software Installation method
Configure Firewall Group Policies and link them at the Domain level
dsa.msc - dsamain.exe - ntdsutil.exe
9. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
dsa.msc - dsamain.exe - ntdsutil.exe
Microsoft Application Virtualization (AppV)
Windows Deployment Services (WDS)
Add the user to the Domain Admins global group
10. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
AD Rights Management Services
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
11. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Authorization Manager
Get-ADUser cmdlet
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
12. UPN Suffix xxxx.com needs to be available for user accounts...
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add the new UPN Suffix to the forest
Enable Credential Roaming
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
13. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Then install new Server 2008 R2 Enterprise subordinate CA.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Ldp
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
14. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
802.1.x NAP
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
DSMOD - ADUC
15. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Add George to the Domain Admins group.
Windows Server 2003
Assign the application to computers in the PC OU
Use a GPO to configure device installation restrictions
16. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Dfsrdiag
DFL needs to be Windows Server 2008
Microsoft Application Virtualization (AppV)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
17. If you need to ensure that data is protected by BitLocker then you will...
Passive file screens
NOT be able to store that data on an iSCSI SAN
Create a Central Store
Install the RSAT tool on their workstation to provide for more efficient network management
18. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Domain based Distributed File System (DFS) will reduce network traffic
Recommend Group Policy preferences
19. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure authorization rules for Web developers on each web server
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Utilize IFM (Install From Media)
20. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
New ACCOUNT STORE should be added and configured
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Create a MEDV workspace
21. To minimize the amount of storage required you should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Install From Media IFM
Share and Storage Management
Configure caching on the shared folder and configure offline files to use encryption
22. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Dfsrdiag
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Perform an authoritative restore
23. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Win2000 Native
24. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Dsmgmt
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
25. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy a failover cluster that contains one node in each office.
Windows XP Mode
Run net stop ntds
26. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Enable Windows Remote Management (WinRM) on each server.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure RODC for Administrator Role Separation
27. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install Hyper-V role and convert physical machines into virtual machines
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Creating a data collector set that kick off a scritp that either move or delete files.
28. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Implement Windows System Resource Manager (WSRM) and configure user policies
Offline domain join
Improve the performance of File Servers
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
29. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Dsmgmt
Active Directory Domains and Trusts
30. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
AD Rights Management Services
Repadmin
31. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
WSUS server in the branch office in replica mode.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Distributed File System (DFS) Replication
32. The strongest form of NAP is
Site
Run auditpol and then configure the Security settings of the Domain Controllers OU.
ntdsutil
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
33. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Event Viewer
Configure folder redirection
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement Distributed File System Replication (DFSR) on both servers
34. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Include a server that runs Microsoft Office SharePoint Server 2010
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
35. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Dsmgmt
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
36. To enable the AD Recycle Bin
Windows Server 2003
Software Restriction Polices
Enable - ADoptionalFeature cmdlet
Back up to an external USB drive by using Windows Server Backup
37. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Utilize IFM (Install From Media)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
38. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
Implement a GPO for each domain
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Purchase one additional Enterprise License
39. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Test-AppLockerPolicy
40. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
PDC emulator with w32tm.exe
New ACCOUNT STORE should be added and configured
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
42. New Password Policy needs to be created for OU different from domain password policy
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
From Server A - run Create Basic Task Wizard
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
43. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Assign the application to all client computers by using a GPO.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Install and share a printer on a server and then enable printer pooling.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
44. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Ldp
Utilize IFM (Install From Media)
dnscmd tool
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
46. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
IIS Manager user account
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
A relying party trust should be created.
47. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Domain based DFS namespace and configure a DFS replication group
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Add the new UPN Suffix to the forest
48. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Back up to an external USB drive by using Windows Server Backup
Perform an authoritative restore
Use local roles options within "dsmgmt"
Implement GPO for all client computers
49. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Dsmgmt
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Passive file screens
Administrators is the minimum group membership required to complete this procedure.
50. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Test-AppLockerPolicy
Offline domain join
