SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
2. To configure AD FS so tokens contain information from Active Directory domain...
Microsoft Desktop Optimization Pack (MDOP)
New ACCOUNT STORE should be added and configured
PDC emulator with w32tm.exe
An Active Directory subnet object needs to be created.
3. To defragment and AD database...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Configure the zone as an Activde Directory-Integrated zone.
net stop ntds
WDS
4. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Ldp
Add the Windows Server Backup feature and Windows System Image recovery.
Increase the tombstone lifetime for the forest.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
5. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Event Log Subscriptions
Implement one LUN for the quorum and another LUN for the data
Your machine and remote desktops
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
6. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Import-Module
Autonomous mode...This allows the local administrator to approve their own updates.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Microsoft System Center Data Protection Manager 2010
7. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Authorization Manager
From Server1 - run the Create Basic Task Wizard
Create a Network Load Balancing cluster.
Test-AppLockerPolicy
8. Need to access some resources in another domain that is part of another forest...What trust is created?
Enable Credential Roaming
Incoming external trust
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Use a GPO to configure device installation restrictions
9. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Disable Site Link Bridging from the IP properties
From Server A - run Create Basic Task Wizard
Backup operator's domain local group
Distributed File System (DFS) Replication
10. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
FFL Windows Server 2008 R2
Add the new UPN Suffix to the forest
Autonomous mode...This allows the local administrator to approve their own updates.
11. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement Shadow Copies
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
12. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Configure RODC for Administrator Role Separation
Then configure auto enrollment of certificates and Credential Roaming.
Administrators is the minimum group membership required to complete this procedure.
13. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
DFL needs to be Windows Server 2008
14. FFL is...
Software Restriction Polices
Win2000
Raise the DFL to Windows Server 2008 R2.
From Server1 - run the Create Basic Task Wizard
15. If you need to be able to create shared folders on Server 2008 R2
Set-ADServiceAccount cmdlet
Offline domain join
Configure folder redirection
Ensure your account - or the group is a member of the local Administrators group for that specific server.
16. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Install the RSAT tool on their workstation to provide for more efficient network management
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Authorization Manager
Then configure auto enrollment of certificates and Credential Roaming.
17. To allow a specifc user or group to manage the address information for the user accounts...
Create a new Password Settings Object (PSO) for the IT users.
NOT be able to store that data on an iSCSI SAN
Import-Module
Recommend Active Directory delegation
18. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Share and Storage Management
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Ensure your account - or the group is a member of the local Administrators group for that specific server.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
19. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Windows Server 2003
Event Log Subscriptions
Test-AppLockerPolicy
20. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
View properties of %systemroot%ntdsntds.dit
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
21. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
AD Domains and Trusts
Add George to the Domain Admins group.
Implement one LUN for the quorum and another LUN for the data
22. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Domain based Distributed File System (DFS) will reduce network traffic
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Recommend Offline Files
23. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
The Group Policy Management Console
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Configure authorization rules for Web developers on each web server
Add the new UPN suffix to the forest.
24. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Multipath I/O feature
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Create and deploy a logon script that runs Auditpol.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
25. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Dfsrdiag
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy it by using Group Policy Software Installation method
Domain based Distributed File System (DFS) will reduce network traffic
26. New Password Policy needs to be created for OU different from domain password policy
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
27. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Deploy a GPO for the Sales OU
Then configure GlobalNames zones on each domain controller.
28. To configure Administrator Role Separation for an RODC
Install and share a printer on a server and then enable printer pooling.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Perform an authoritative restore
29. To determine size of AD database file...
Ldp
Configure Firewall Group Policies and link them at the Domain level
View properties of %systemroot%ntdsntds.dit
Recommend Group Policy preferences
30. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Deploy a GPO to the WebSrvOU
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Offline domain join
31. Striped volumes
Improve the performance of File Servers
fsconfig on FSSrv2
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Implement folder redirection by using GPO. Then backup the folder redirection target.
32. What should be done first to defragment the AD database?
Recommend Active Directory delegation
Event Subscriptions
Run net stop ntds
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
33. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Implement Distributed File System Replication (DFSR) on both servers
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Authorization Manager role assignment
Ldp
34. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Zone transfer settings
IIS Manager user account
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
35. When one needs to audit files - folders - printers and the registry enable
Dfsrdiag
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Network Load Balancing (NLB)
CAPublishGP group should have the Manage CA permission.
36. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Event Subscriptions
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Win2000 Native
37. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Credential Roaming
Repadmin
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
fsconfig on FSSrv2
38. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
DFL needs to be Windows Server 2008
Use local roles options within "dsmgmt"
WDS
39. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Active Directory Users and Computers
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
40. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Install Hyper-V role and convert physical machines into virtual machines
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Network Load Balancing (NLB)
41. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Configure the zone as an Activde Directory-Integrated zone.
Modify zone transfer settings for company.com zone on DCA
NOT be able to store that data on an iSCSI SAN
WSUS server in the branch office in replica mode.
42. To ensure that a file on a file server do not leave the organization you must implement this.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
AD RMS
Create and deploy a logon script that runs Auditpol.
Implement a GPO for each domain
43. If you need to encrypt all data on all disks
Use Netsh tool from administrator's computer.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Then use Windows BitLocker Drive Encryption
44. To add a server with AD FS 2.0 role to an existing AD FS farm...
Add-ADFineGrainedPasswordPolicySubject cmdlet
fsconfig on FSSrv2
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Win2000 Native
45. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Windows XP Mode
Install Windows Server Backup and modify the Windows firewall settings
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
46. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Configure block inheritance on the IT OU
Add the new UPN Suffix to the forest
Microsoft Desktop Optimization Pack (MDOP) to your company
47. To minimize the amount of storage required you should recommend
Passive file screens
Configure folder redirection
Share and Storage Management
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
48. To delegate authority to users to manage only certain areas in Hyper-V use the
Raise the DFL to Windows Server 2008 R2.
Microsoft System Center Data Protection Manager 2010
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Authorization Manager role assignment
49. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Ntfrsutil
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Properties of PSO need modified
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
50. 4 steps to perform offline Defragmentation of AD database...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Modify properties of RODC server computer account.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.