SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Add the user to the Domain Admins global group
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
2. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Back up to an external USB drive by using Windows Server Backup
Implement Windows System Resource Manager (WSRM) and configure user policies
3. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Autonomous mode...This allows the local administrator to approve their own updates.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install the RSAT tool on their workstation to provide for more efficient network management
4. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
IIS Chared Configuration
Create a standard secondary of domain and create standard secondary of other domain.
Install From Media IFM
Test-AppLockerPolicy
5. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Import-Module
Zone transfer settings
6. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Disable Site Link Bridging from IP Properties
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Use Netsh tool from administrator's computer.
7. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Then use Windows Deployment Services (WDS) on DHCP1.
Additional DFS Targets
Multipath I/O feature
8. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Passive file screens
Implement a domain-based DFS namespace that uses replication
9. 2 ways to relocate user and computer accounts to different OUs
Windows BitLocker Drive Encryption (Bit Locker)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
DSMOD - ADUC
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
10. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Additional DFS Targets
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
11. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Data Recovery Agent
dsa.msc - dsamain.exe - ntdsutil.exe
Install Hyper-V role and convert physical machines into virtual machines
Restore-ADObject cmdlet
12. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
13. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Changed manually
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Run net stop ntds
14. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
DISABLE slow link detection in the GPO
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Repadmin
Run auditpol and then configure the Security settings of the Domain Controllers OU.
15. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Enable Windows Remote Management (WinRM) on the servers.
Get-ADUser cmdlet
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
16. What should be done first to defragment the AD database?
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Run net stop ntds
Disable Site Link Bridging from IP Properties
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
17. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use Windows Deployment Services (WDS) on DHCP1.
Back up to an external USB drive by using Windows Server Backup
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Offline domain join
18. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Create a Network Load Balancing cluster.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
PowerShell 2.0
Authorization Manager
19. Auditing the deletion of Registry keys on all Domain Controllers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Configure folder redirection
20. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Then use Windows Deployment Services (WDS)
Software Restriction Polices
Create an e-mail account in AD DS for your RMS users
Use a GPO to configure device installation restrictions
21. To restore previous version of script without taking up too much of time...
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Domain based DFS namespace and configure a DFS replication group
Attach VHD file created by Windows server backup
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
22. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Install the RSAT tool on their workstation to provide for more efficient network management
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Event Viewer
Event Subscriptions
23. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Configure separate application pools for each application
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
24. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Then configure auto enrollment of certificates and Credential Roaming.
Ldp
Active Directory Right Management Services (AD RMS)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
25. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
DSMOD - ADUC
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
26. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
27. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Create an e-mail account in AD DS for your RMS users.
ntdsutil
28. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Recommend Group Policy preferences
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Disable Site Link Bridging from the IP properties
29. GPO setting to prevent all users from running an application
Ntfrsutil
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Upgrading DFS to Windows Server 2008 R2
Software Restriction Polices
30. New Password Policy needs to be created for OU different from domain password policy
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
31. to prevent VMs from receiving updats from a group policy
FFL Windows Server 2008 R2
Configure authorization rules for Web developers on each web server
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Utilize IFM (Install From Media)
32. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Storage manager for SANs
Domain based Distributed File System (DFS) will reduce network traffic
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
33. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
FILES option within Ntdsutil
Role Separation
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
34. When recommending a monitoring solution for an application so that it's events can be stored in a central
Changed manually
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Event Subscriptions
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
35. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
FFL Windows Server 2008 R2
Subnet object needs to be created
The Group Policy Management console
36. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Run adprep /forestprep and adprep /domainprep
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Use a GPO to configure device installation restrictions
Implement the Windows Search Service.
37. 4 steps to perform offline Defragmentation of AD database...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Use Netsh tool from administrator's computer.
38. To minimize the amount of storage required you should recommend
Share and Storage Management
Create an Active Directory-Integrated zone.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy the Root CA certificate to the external computers.
39. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. to protect file servers and hard disks that may be at risk of being accessed or stolen
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement Windows BitLocker Drive Encryption (BitLocker)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
41. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Run adprep /forestprep and adprep /domainprep
Configure block inheritance on the IT OU
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create a MEDV workspace
42. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Purchase one additional Enterprise License
Ntfrsutil
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
43. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Dfsrdiag
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Windows Server 2003
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
44. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
File Server Resource Manager (FSRM) quotas and file screens
Then use on install image file that contains a single install image.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Configure the zone as an Activde Directory-Integrated zone.
45. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Configure caching on the shared folder (offline files)
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
46. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Import-Module
Configure the zone as an Activde Directory-Integrated zone.
Site
47. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
AD Rights Management Services
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
48. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
From Server1 - run the Create Basic Task Wizard
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
49. To be able to manage all the corporate servers from a workstation - you must install the
IIS Chared Configuration
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
50. To backup GPO's in domain and minimize bakcup...
Jill came down with 2.50.
The Group Policy Management Console
Active Directory Right Management Services (AD RMS)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
