SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In order to manage websites without having to logon you can use
PowerShell 2.0
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Ldp
2. Can be used to install the Windows RE on existing servers
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
WDS
The Group Policy Management Console
3. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Subnet object needs to be created
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
DSMOD
4. What should be done first to defragment the AD database?
Modify the schema of LDSInst1
Run net stop ntds
Implement Shadow Copies
Run adprep /forestprep and adprep /domainprep
5. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
DSMOD
The Group Policy Management Console
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
6. If you need to minimize the bandwidth for installation
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create an Active Directory-Integrated zone.
Recommend GPT and basic disks
Utilize IFM (Install From Media)
7. Tools to view contents of an OU in an AD snapshot...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Test-AppLockerPolicy
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
dsa.msc - dsamain.exe - ntdsutil.exe
8. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Increase the tombstone lifetime for the forest.
Offline domain join
9. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Run net stop ntds
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
DSMOD - ADUC
10. What utility is used to see what accounts cached on RODC?
Deploy it by using Group Policy Software Installation method
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Active Directory Users and Computers
11. To backup Virtual Machines
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Enable Windows Remote Management (WinRM) on the servers.
Then use Windows BitLocker Drive Encryption
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
12. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Software Restriction Polices
NOT be able to store that data on an iSCSI SAN
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
fsconfig on FSSrv2
13. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Site
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Offline domain join
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
14. If you need to delegate control of server to remote admins group
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Configure RODC for Administrator Role Separation
Ldp
Test-AppLockerPolicy
15. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Offline domain join
Folder redirection. Folder redirection is also useful when using roamin profiles.
16. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Disable Site Link Bridging from IP Properties
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
17. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
DSMOD - ADUC
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Event Subscriptions
18. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Active Directory Domains and Trusts
Discover the run Microsoft Baseline Security Analyzer (MBSA)
19. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Add George to the Domain Admins group.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
20. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
21. When recommending a monitoring solution for an application so that it's events can be stored in a central
Win2000 Native
Event Subscriptions
Upgrading DFS to Windows Server 2008 R2
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
22. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Dynamically expanding VHD's
Create ADMX and ADML files. Configure the GPO and link it to the domain.
23. If you need to be able to create shared folders on Server 2008 R2
Win2000
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Ensure your account - or the group is a member of the local Administrators group for that specific server.
24. To allow a user to administer Active Directory
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Creating a data collector set that kick off a scritp that either move or delete files.
FILES option within Ntdsutil
Add the user to the Domain Admins global group
25. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Zone transfer settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
26. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Refresh the zone on DNS2
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Deploy a failover cluster that contains one node in each office.
Install the RSAT tool on their workstation to provide for more efficient network management
27. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Use Netsh tool from administrator's computer.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
IIS Manager user account
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
28. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Use the Local Roles options with dsmgmt.
29. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Create a standard secondary of domain and create standard secondary of other domain.
File Server Resource Manager (FSRM) quotas and file screens
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Software Restriction Polices
30. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Offline domain join
Execute the Set-ADServiceAccount cmdlet
Zone transfer settings
A Distributed File System (DFS) namespace
31. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Use a GPO to configure device installation restrictions
Add the Windows Server Backup feature and Windows System Image recovery.
32. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Repadmin
Test-AppLockerPolicy
Microsoft SharePoint Foundation 2010
33. To backup to tape/robotic tape and to backup VMs you must use...
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Microsoft System Center Data Protection Manager 2010
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
34. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Configure RODC for Administrator Role Separation
Enable Windows Remote Management (WinRM) on each server.
Implement GPO for all client computers
35. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Assign the application to all client computers by using a GPO.
Use local roles options within "dsmgmt"
The Group Policy Management console
Repadmin
36. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Dsmgmt
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Create an Active Directory-Integrated zone.
MEDV to deploy virtual desktops
37. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Configure Audit Special Logon and define Special Groups
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Create an e-mail account in AD DS for your RMS users.
Folder redirection. Folder redirection is also useful when using roamin profiles.
38. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Site
Winrm quickconfig
Modify the schema of LDSInst1
39. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Deploy a failover cluster that contains one node in each office.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Network Load Balancing (NLB)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
40. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Winrm quickconfig
Configure RODC for Administrator Role Separation
Create a Network Load Balancing cluster.
41. To update ADRMS password...
AD Rights Management Services
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Modify the local policy to point to the Internal WSUS server
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
42. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Winrm quickconfig
Administrative Role Separation
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
43. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Storage manager for SANs
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
44. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
IIS Chared Configuration
Authorization Manager role assignment
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Implement a Remote Desktop Connection Broker (RD Connection Broker)
45. Auditing the deletion of Registry keys on all Domain Controllers
Modify the GPO to include folder redirection
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
PowerShell 2.0
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
46. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Configure RODC for Administrator Role Separation
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Assign the application to all client computers by using a GPO.
Dsmgmt
47. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Autonomous mode...This allows the local administrator to approve their own updates.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Create a Central Store
Add the new UPN suffix to the forest.
48. When deploying an application using the Group Policy distribution method assign the...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Add the user to the Domain Admins global group
Implement Distributed File System Replication (DFSR) on both servers
Refresh the zone on DNS2
49. To allow connection to a 256 Kbps ISDN...
Modify the local policy to point to the Internal WSUS server
New ACCOUNT STORE should be added and configured
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
DISABLE slow link detection in the GPO
50. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Test-AppLockerPolicy
Create a MEDV workspace
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
