SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Create a MEDV workspace
Run net stop ntds
Utilize IFM (Install From Media)
2. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Multipath I/O feature
DFL needs to be Windows Server 2008
Authorization Manager role assignment
3. UPN Suffix xxxx.com needs to be available for user accounts...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Add the new UPN Suffix to the forest
Test-AppLockerPolicy
Microsoft Desktop Optimization Pack (MDOP) to your company
4. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy it by using Group Policy Software Installation method
5. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
WSUS server in the branch office in replica mode.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Winrm quickconfig
Properties of PSO need modified
6. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Implement one LUN for the quorum and another LUN for the data
From Server A - run Create Basic Task Wizard
Repadmin
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
7. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Storage manager for SANs
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
New ACCOUNT STORE should be added and configured
Role Separation
8. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Then install new Server 2008 R2 Enterprise subordinate CA.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
9. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Assign the application to computers in the PC OU
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Get-ADUser cmdlet
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
10. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Improve the performance of File Servers
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Use CISCO IP Helper command to configure.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
11. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
12. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
13. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
A relying party trust should be created.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
15. When service account passwords need to be changed for SQL they should be...
Changed manually
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
16. When recommending a monitoring solution for an application so that it's events can be stored in a central
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Event Subscriptions
NOT be able to store that data on an iSCSI SAN
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
17. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Configure block inheritance on the IT OU
Recommend Group Policy preferences
Enable Credential Roaming
Event Subscriptions
18. You need to relocate an AD LDS instance from C: Drive to D: Drive
Implement folder redirection by using GPO. Then backup the folder redirection target.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Active Directory Users and Computers utility
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
19. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Active Directory Users and Computers utility
Implement folder redirection by using GPO. Then backup the folder redirection target.
Event Subscriptions
Configure separate application pools for each application
20. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Assign the application to computers in the PC OU
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
21. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
DSMOD - ADUC
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
22. To be able to manage all the corporate servers from a workstation - you must install the
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
NOT be able to store that data on an iSCSI SAN
Implement Network Access Protection (NAP)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
23. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
An Active Directory subnet object needs to be created.
Incoming external trust
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Run auditpol and then configure the Security settings of the Domain Controllers OU.
25. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
26. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure caching on the shared folder and configure offline files to use encryption
Disable Site Link Bridging from the IP properties
Incoming external trust
27. To restore previous version of script without taking up too much of time...
Install the RSAT tool on their workstation to provide for more efficient network management
Attach VHD file created by Windows server backup
Share and Storage Management
Implement the Windows Search Service.
28. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Enable Windows Remote Management (WinRM) on each server.
Site
AD RMS
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
29. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Run the Delegation of Control Wizard on the Staff OU
802.1.x NAP
30. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
A relying party trust should be created.
Implement Windows System Resource Manager (WSRM) and configure user policies
Then use on install image file that contains a single install image.
Attach VHD file created by Windows server backup
31. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Recommend GPT and basic disks
32. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Utilize IFM (Install From Media)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
33. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Modify zone transfer settings for company.com zone on DCA
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Microsoft Desktop Optimization Pack (MDOP)
Active Directory Domains and Trusts
34. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Test-AppLockerPolicy
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure event log subscriptions
Modify the schema of LDSInst1
35. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Dsmgmt
Create a Central Store
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Deploy a failover cluster that contains one node in each office.
36. Ensure password length for a group set to 12 characters long while others keep password policy
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Deploy Microsoft System Center Operations Manager (SCOM)
Add-ADFineGrainedPasswordPolicySubject cmdlet
37. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
IIS Chared Configuration
Group Policy Preferences
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
38. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
ntdsutil
FFL Windows Server 2008 R2
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
39. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Share and Storage Management
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
40. To defragment and AD database...
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
net stop ntds
Deploy a failover cluster that uses Node and File Share Disk Majority
41. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Get-ADUser cmdlet
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
42. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Test-AppLockerPolicy
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
43. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Run adprep /forestprep and adprep /domainprep
dnscmd
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
44. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Configure the zone as an Activde Directory-Integrated zone.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
45. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Recommend Offline Files
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
46. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement a Remote Desktop Connection Broker (RD Connection Broker)
A relying party trust should be created.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
47. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Basic Authentication and SSL
Create an Active Directory-Integrated zone.
48. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Then use Windows Deployment Services (WDS) on DHCP1.
IIS Manager user account
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Storage manager for SANs
49. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
50. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Domain based DFS namespace and configure a DFS replication group
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Test-AppLockerPolicy
