SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Disable Site Link Bridging from the IP properties
AD Domains and Trusts
Subnet object needs to be created
Deploy it by using Group Policy Software Installation method
2. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
MEDV to deploy virtual desktops
Disable Site Link Bridging from the IP properties
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Active Directory Domains and Trusts
3. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Run auditpol and then configure the Security settings of the Domain Controllers OU.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Winrm quickconfig
4. To add a new UPN for all user accounts...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
AD Domains and Trusts
Active Directory Users and Computers utility
Implement Windows System Resource Manager (WSRM)
5. to increase the reliability of the print server - configure...
Active Directory Users and Computers utility
Domain based Distributed File System (DFS) namespace and DFS Replication.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Printer driver isolation
6. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Windows Deployment Services (WDS)
An Active Directory subnet object needs to be created.
Install the RSAT tool on their workstation to provide for more efficient network management
7. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Distributed File System (DFS) Replication
Use CISCO IP Helper command to configure.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Configure Firewall Group Policies and link them at the Domain level
8. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Refresh the zone on DNS2
Windows System Resource Manager (WSRM)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Authorization Manager
9. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
10. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Use the Local Roles options with dsmgmt.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Then use Windows Deployment Services (WDS)
11. You need a solution that meets policy while minimizing hardware and software costs
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create a new Password Settings Object (PSO) for the IT users.
Back up to an external USB drive by using Windows Server Backup
12. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Service user account for AD LDS
Network Load Balancing (NLB) cluster
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
13. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
14. If you need to delegate control of server to remote admins group
Implement a GPO for each domain
Ntdsutil
Configure RODC for Administrator Role Separation
Administrative Role Separation
15. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Modify the GPO to include folder redirection
Create an e-mail account in AD DS for your RMS users.
16. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Create an e-mail account in AD DS for your RMS users.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
The Group Policy Management Console
Windows Deployment Services (WDS)
17. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
18. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
DSMOD
Your machine and remote desktops
19. to prevent VMs from receiving updats from a group policy
Microsoft Application Virtualization (AppV)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Implement Windows BitLocker Drive Encryption (BitLocker)
Import-Module
20. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
A Distributed File System (DFS) namespace
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Configure separate application pools for each application
Win2000
21. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Implement one LUN for the quorum and another LUN for the data
Printer driver isolation
MEDV to deploy virtual desktops
22. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Additional DFS Targets
Upgrading DFS to Windows Server 2008 R2
Software Restriction Polices
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
23. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Modify the GPO to include folder redirection
24. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
From Server1 - run the Create Basic Task Wizard
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Use Netsh tool from administrator's computer.
Install and share a printer on a server and then enable printer pooling.
25. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Purchase one additional Enterprise License
Dfsrdiag
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
26. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add the new UPN suffix to the forest.
Then install new Server 2008 R2 Enterprise subordinate CA.
Create a Network Load Balancing cluster.
27. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Basic Authentication and SSL
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
28. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Domain based Distributed File System (DFS) will reduce network traffic
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Domain based DFS namespace and configure a DFS replication group
29. Ensure password length for a group set to 12 characters long while others keep password policy
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Use a GPO to configure device installation restrictions
Add-ADFineGrainedPasswordPolicySubject cmdlet
30. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Multipath I/O feature
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Assign the application to computers in the PC OU
31. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure Firewall Group Policies and link them at the Domain level
Incoming external trust
32. In order to manage websites without having to logon you can use
Create an e-mail account in AD DS for your RMS users.
Configure event log subscriptions
PowerShell 2.0
Dsmgmt
33. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploy a failover cluster that uses Node and File Share Disk Majority
Recommend Group Policy preferences
34. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement Distributed File System Replication (DFSR) on both servers
Execute the Set-ADServiceAccount cmdlet
35. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Site
New ACCOUNT STORE should be added and configured
Set-ADServiceAccount cmdlet
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
36. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Passive file screens
Get-ADUser cmdlet
Microsoft Application Virtualization (AppV)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
37. What should be done to ensure changes made to AD objects can be logged?
Windows System Resource Manager (WSRM)
AD Domains and Trusts
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
38. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Recommend Group Policy preferences
dnscmd
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Recommend Active Directory delegation
39. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Then use on install image file that contains a single install image.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install the RSAT tool on their workstation to provide for more efficient network management
40. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Data Recovery Agent
Use a GPO to configure device installation restrictions
41. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Add the new UPN Suffix to the forest
Install From Media IFM
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Install the RSAT tool on their workstation to provide for more efficient network management
42. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Enable Windows Remote Management (WinRM) on the servers.
Then configure auto enrollment of certificates and Credential Roaming.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
AD RMS
43. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Modify the local policy to point to the Internal WSUS server
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure caching on the shared folder and configure offline files to use encryption
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
44. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Windows Server 2003
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Network Load Balancing (NLB) cluster
Network Load Balancing (NLB)
46. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
NOT be able to store that data on an iSCSI SAN
Assign the application to all client computers by using a GPO.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
47. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
From Server1 - run the Create Basic Task Wizard
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
48. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Subnet object needs to be created
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
49. What role to keep same time as an external server?
Zone transfer settings
dsa.msc - dsamain.exe - ntdsutil.exe
PDC emulator with w32tm.exe
Active Directory Users and Computers utility
50. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Additional DFS Targets
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
