SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Authorization Manager
Then install new Server 2008 R2 Enterprise subordinate CA.
Create a MEDV workspace
2. In order to ensure highly available Windows Update servers you should create this.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
View properties of %systemroot%ntdsntds.dit
Win2000 Native
3. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Add-ADFineGrainedPasswordPolicySubject cmdlet
Modify the GPO to include folder redirection
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure offline files and enable manual caching
4. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Microsoft Desktop Optimization Pack (MDOP)
Then configure auto enrollment of certificates and Credential Roaming.
Use a GPO to configure device installation restrictions
View properties of %systemroot%ntdsntds.dit
5. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Recommend Group Policy preferences
Deploy the Root CA certificate to the external computers.
Deploy a failover cluster that contains one node in each office.
6. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Use the Local Roles options with dsmgmt.
Windows Deployment Services (WDS)
7. Capture all replication errors from all your DCs to a central location...
Network Load Balancing (NLB)
Jill came down with 2.50.
Configure event log subscriptions
Event Log Subscriptions
8. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Install and share a printer on a server and then enable printer pooling.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Site
Then install new Server 2008 R2 Enterprise subordinate CA.
9. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Microsoft Desktop Optimization Pack (MDOP)
Offline domain join
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
10. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Administrative Role Separation
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
11. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
IIS Manager user account
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Ntfrsutil
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
12. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Group Policy Preferences
Deploy a GPO for the Sales OU
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Implement Windows System Resource Manager (WSRM)
13. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Repadmin
Raise the DFL to Windows Server 2008 R2.
Configure the zone as an Activde Directory-Integrated zone.
14. Enables you to receive emails when domain users locked out of accounts...
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Microsoft Application Virtualization (AppV)
Event Viewer
15. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Use local roles options within "dsmgmt"
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Active Directory snapshots and Tombstone reanimation
16. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Include a server that runs Microsoft Office SharePoint Server 2010
Back up to an external USB drive by using Windows Server Backup
17. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Install Windows Server Backup and modify the Windows firewall settings
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Ntfrsutil
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
18. To ensure that a file on a file server do not leave the organization you must implement this.
Get-ADUser cmdlet
AD RMS
Disable Site Link Bridging from IP Properties
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
19. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
An Active Directory subnet object needs to be created.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Dsmgmt
Ntdsutil
20. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Win2000 Native
Modify the local policy to point to the Internal WSUS server
Modify the GPO to include folder redirection
Add the new UPN suffix to the forest.
21. What should be done to ensure changes made to AD objects can be logged?
Dfsrdiag
Deploy Microsoft System Center Operations Manager (SCOM)
Domain based Distributed File System (DFS) will reduce network traffic
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
22. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Recommend GPT and basic disks
Backup operator's domain local group
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
File Server Resource Manager (FSRM) quotas and file screens
23. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Shadow Copies
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
24. To deploy templates across the organization
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
DISABLE slow link detection in the GPO
25. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Assign the application to computers in the PC OU
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
WSUS server in the branch office in replica mode.
26. If subnets are connected by CISCO router that is RFC-1542 compliant
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Active Directory Users and Computers utility
Use CISCO IP Helper command to configure.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
27. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
28. When one needs to audit files - folders - printers and the registry enable
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Dfsrdiag
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
29. To allow connection to a 256 Kbps ISDN...
Implement the Windows Search Service.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Use the Local Roles options with dsmgmt.
DISABLE slow link detection in the GPO
30. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Implement one LUN for the quorum and another LUN for the data
Create an Active Directory-Integrated zone.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
31. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Active Directory Domains and Trusts
Administrative Role Separation
32. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Create an e-mail account in AD DS for your RMS users.
Import-Module
dsa.msc - dsamain.exe - ntdsutil.exe
33. to make shares at a remote location available to users you should implement this.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Active Directory Domains and Trusts
Backup operator's domain local group
Domain based Distributed File System (DFS) namespace and DFS Replication.
34. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Your machine and remote desktops
Create a new Password Settings Object (PSO) for the IT users.
Implement a domain-based DFS namespace that uses replication
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
35. 2 ways to relocate user and computer accounts to different OUs
Create a new Password Settings Object (PSO) for the IT users.
Storage manager for SANs
DSMOD - ADUC
Administrators is the minimum group membership required to complete this procedure.
36. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Refresh the zone on DNS2
Distributed File System (DFS) Replication
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Folder redirection. Folder redirection is also useful when using roamin profiles.
37. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Use local roles options within "dsmgmt"
Enable Credential Roaming
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Event Log Subscriptions
38. File that contains the last logon time and custom attributes values for each user in your forest.
Use CISCO IP Helper command to configure.
Get-ADUser cmdlet
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
39. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Raise the DFL to Windows Server 2008 R2.
Utilize IFM (Install From Media)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
40. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Software Restriction Polices
dsa.msc - dsamain.exe - ntdsutil.exe
Run adprep /forestprep and adprep /domainprep
41. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Install Windows Server Backup and modify the Windows firewall settings
Improve the performance of File Servers
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
42. To backup Virtual Machines
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
dsa.msc - dsamain.exe - ntdsutil.exe
43. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Create an e-mail account in AD DS for your RMS users
Increase the tombstone lifetime for the forest.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement Windows System Resource Manager (WSRM) and configure user policies
44. Auditing the deletion of Registry keys on all Domain Controllers
Configure block inheritance on the IT OU
Win2000 Native
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
45. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Configure separate application pools for each application
Restore-ADObject cmdlet
Site
46. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Deploy a failover cluster that uses Node and File Share Disk Majority
Dfsrdiag
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
47. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
DSMOD - ADUC
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Windows Deployment Services (WDS)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
48. To identify users who bypass the new corporate security policy -
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Configure Audit Special Logon and define Special Groups
49. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Assign the application to computers in the PC OU
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Test-AppLockerPolicy
IIS Chared Configuration
50. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Implement a GPO for each domain
Microsoft Desktop Optimization Pack (MDOP)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Windows XP Mode
