SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Raise the DFL to Windows Server 2008 R2.
Changed manually
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
2. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
3. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Your machine and remote desktops
Run the Delegation of Control Wizard on the Staff OU
Passive file screens
Configure block inheritance on the IT OU
4. To create AD Domain Services snapshot
Modify the local policy to point to the Internal WSUS server
Execute the Set-ADServiceAccount cmdlet
Ntdsutil
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
5. If a file server reaches 15% free disk space - you could free up some disk space by
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Creating a data collector set that kick off a scritp that either move or delete files.
dnscmd
Dfsrdiag
6. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Recommend Group Policy preferences
Set-ADServiceAccount cmdlet
Jill came down with 2.50.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
7. 2 ways to relocate user and computer accounts to different OUs
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
DSMOD - ADUC
Group Policy Preferences
8. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Active Directory Right Management Services (AD RMS)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
9. to increase the reliability of the print server - configure...
Microsoft System Center Data Protection Manager 2010
A relying party trust should be created.
Printer driver isolation
Win2000
10. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Microsoft Application Virtualization (AppV)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
11. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Disable Site Link Bridging from IP Properties
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Administrative Role Separation
12. To restore previous version of script without taking up too much of time...
Implement a domain-based DFS namespace that uses replication
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Attach VHD file created by Windows server backup
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
13. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Role Separation
Network Load Balancing (NLB)
Attach VHD file created by Windows server backup
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
14. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Enable Windows Remote Management (WinRM) on each server.
Disable Site Link Bridging from the IP properties
Configure Audit Special Logon and define Special Groups
15. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Prestage the computer account in AD
Microsoft System Center Data Protection Manager
Group Policy Preferences
16. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Enable - ADoptionalFeature cmdlet
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Execute the Set-ADServiceAccount cmdlet
17. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Dfsrdiag
Domain based DFS namespace and configure a DFS replication group
Add the new UPN suffix to the forest.
18. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. If subnets are connected by CISCO router that is RFC-1542 compliant
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Use CISCO IP Helper command to configure.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Install From Media IFM
20. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Implement Windows System Resource Manager (WSRM) and configure user policies
Jill came down with 2.50.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Run adprep /forestprep and adprep /domainprep
21. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use Windows Deployment Services (WDS) on DHCP1.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Create a new Password Settings Object (PSO) for the IT users.
22. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
ntdsutil
Create an e-mail account in AD DS for your RMS users
Dsmgmt
Create an Active Directory-Integrated zone.
23. Auditing the deletion of Registry keys on all Domain Controllers
DSMOD - ADUC
Microsoft Application Virtualization (AppV)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Add-ADFineGrainedPasswordPolicySubject cmdlet
24. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Dynamically expanding VHD's
Then configure auto enrollment of certificates and Credential Roaming.
Create a Central Store
Active Directory Right Management Services (AD RMS)
25. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Group Policy Preferences
Configure RODC for Administrator Role Separation
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
26. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Group Policy Preferences
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
dnscmd
Windows BitLocker Drive Encryption (Bit Locker)
27. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Install Hyper-V role and convert physical machines into virtual machines
Create a standard secondary of domain and create standard secondary of other domain.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Recommend GPT and basic disks
28. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
Configure Firewall Group Policies and link them at the Domain level
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Ntfrsutil
29. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Assign the application to all client computers by using a GPO.
Active Directory Right Management Services (AD RMS)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
30. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Domain based DFS namespace and configure a DFS replication group
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
31. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
DSMOD
Create a standard secondary of domain and create standard secondary of other domain.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
32. What should be done first to defragment the AD database?
Run net stop ntds
Dsmgmt
Ntdsutil
Subnet object needs to be created
33. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Recommend Offline Files
Modify zone transfer settings for company.com zone on DCA
Microsoft SharePoint Foundation 2010
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
34. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Active Directory Domains and Trusts
Implement GPO for all client computers
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
35. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Printer driver isolation
File Server Resource Manager (FSRM) quotas and file screens
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
36. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Implement GPO for all client computers
From Server A - run Create Basic Task Wizard
37. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement a domain-based DFS namespace that uses replication
Implement Shadow Copies
Install and share a printer on a server and then enable printer pooling.
Implement Windows System Resource Manager (WSRM) and configure user policies
38. To identify users who bypass the new corporate security policy -
Win2000
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Configure Audit Special Logon and define Special Groups
39. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Install the RSAT tool on their workstation to provide for more efficient network management
Windows Deployment Services (WDS)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
40. to make shares at a remote location available to users you should implement this.
Import-Module
Domain based Distributed File System (DFS) namespace and DFS Replication.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Data Recovery Agent
41. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Then use Windows BitLocker Drive Encryption
Jill came down with 2.50.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
42. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Properties of PSO need modified
A relying party trust should be created.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
43. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Dsmgmt
Use local roles options within "dsmgmt"
Win2000 Native
44. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Event Viewer
Creating a data collector set that kick off a scritp that either move or delete files.
Passive file screens
Prestage the computer account in AD
45. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Create ADMX and ADML files. Configure the GPO and link it to the domain.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Install Hyper-V role and convert physical machines into virtual machines
Folder redirection. Folder redirection is also useful when using roamin profiles.
46. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Subnet object needs to be created
47. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
AD Rights Management Services
Create a MEDV workspace
Basic Authentication and SSL
Perform an authoritative restore
48. PowerShell script to create user accounts with passwords from a file called password.csv
Back up to an external USB drive by using Windows Server Backup
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Raise the DFL to Windows Server 2008 R2.
From Server1 - run the Create Basic Task Wizard
49. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Refresh the zone on DNS2
Add George to the Domain Admins group.
Configure caching on the shared folder (offline files)
50. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Modify the local policy to point to the Internal WSUS server
Windows Deployment Services (WDS)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
