SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Disable Site Link Bridging from IP Properties
Group Policy Preferences
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
2. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Configure an audit policy by editing the default domain policy and configure Event Forwarding
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Test-AppLockerPolicy
3. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Deploy Microsoft System Center Operations Manager (SCOM)
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Active Directory Users and Computers
Add the new UPN suffix to the forest.
4. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create an Active Directory-Integrated zone.
Disable Site Link Bridging from IP Properties
5. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Domain based Distributed File System (DFS) will reduce network traffic
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Deploy Microsoft System Center Operations Manager (SCOM)
6. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Storage manager for SANs
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
7. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
8. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Assign the application to all client computers by using a GPO.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
9. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
ntdsutil
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Dsmgmt
Microsoft System Center Data Protection Manager
10. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Microsoft SharePoint Foundation 2010
Add George to the Domain Admins group.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Test-AppLockerPolicy
11. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Windows XP Mode
Use the Local Roles options with dsmgmt.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Active Directory Right Management Services (AD RMS)
12. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Configure offline files and enable manual caching
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Implement Distributed File System Replication (DFSR) on both servers
13. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Group Policy Preferences
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
14. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Microsoft System Center Data Protection Manager
Implement one LUN for the quorum and another LUN for the data
View properties of %systemroot%ntdsntds.dit
Registry on users computer needs to be modified
15. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Raise the DFL to Windows Server 2008 R2.
Assign the application to computers in the PC OU
Recommend Offline Files
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
16. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
17. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Storage manager for SANs
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
18. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
802.1.x NAP
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Domain based Distributed File System (DFS) will reduce network traffic
19. You need to allow a user to add a single computer to a domain - without any additional rights...
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
File Server Resource Manager (FSRM) quotas and file screens
Modify the local policy to point to the Internal WSUS server
Prestage the computer account in AD
20. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then use Windows Deployment Services (WDS) on DHCP1.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
21. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Backup operator's domain local group
DISABLE slow link detection in the GPO
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Then use Windows Deployment Services (WDS) on DHCP1.
22. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Configure offline files and enable manual caching
Enable - ADoptionalFeature cmdlet
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
23. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Ntdsutil
Purchase one additional Enterprise License
Windows Deployment Services (WDS)
Add the Windows Server Backup feature and Windows System Image recovery.
24. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
25. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy Microsoft System Center Operations Manager (SCOM)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Enable Credential Roaming
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
26. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Winrm quickconfig
Configure folder redirection
27. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Domain based DFS namespace and configure a DFS replication group
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Install Hyper-V role and convert physical machines into virtual machines
28. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
29. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
NOT be able to store that data on an iSCSI SAN
Administrators is the minimum group membership required to complete this procedure.
New ACCOUNT STORE should be added and configured
Test-AppLockerPolicy
30. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Deploy the Root CA certificate to the external computers.
Refresh the zone on DNS2
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
31. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Subnet object needs to be created
Folder redirection. Folder redirection is also useful when using roamin profiles.
Certificate Templates
32. Jack and Jill go up the hill - both with a buck and a quarter
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Jill came down with 2.50.
Autonomous mode...This allows the local administrator to approve their own updates.
Use a GPO to configure device installation restrictions
33. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Upgrading DFS to Windows Server 2008 R2
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Incoming external trust
Create and deploy a logon script that runs Auditpol.
34. To recover objects deleted from Active Directory you should recommend
Dsmgmt
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Active Directory snapshots and Tombstone reanimation
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
35. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Prestage the computer account in AD
Create a Network Load Balancing cluster.
Then use Windows Deployment Services (WDS) on DHCP1.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
36. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Disable Site Link Bridging from the IP properties
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Incoming external trust
Create a standard secondary of domain and create standard secondary of other domain.
37. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Your machine and remote desktops
Then configure auto enrollment of certificates and Credential Roaming.
Add the Windows Server Backup feature and Windows System Image recovery.
Recommend GPT and basic disks
38. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
Restore-ADObject cmdlet
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Service user account for AD LDS
39. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Enable Credential Roaming
Zone transfer settings
Implement Distributed File System Replication (DFSR) on both servers
40. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy a failover cluster that contains one node in each office.
Configure caching on the shared folder (offline files)
41. 2 ways to relocate user and computer accounts to different OUs
Run adprep /forestprep and adprep /domainprep
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
DSMOD - ADUC
42. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Deploy a GPO for the Sales OU
WSUS server in the branch office in replica mode.
Distributed File System (DFS) Replication
Ntfrsutil
43. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
44. Need to access some resources in another domain that is part of another forest...What trust is created?
Microsoft Desktop Optimization Pack (MDOP)
Windows Server 2003
Incoming external trust
Distributed File System (DFS) Replication
45. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Site
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
46. To build a highly secure server cluster with a reduced attack surface area
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
IIS Manager user account
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
47. To backup Virtual Machines
Configure caching on the shared folder (offline files)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Recommend Offline Files
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
48. To add a new UPN for all user accounts...
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
DFL needs to be Windows Server 2008
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
AD Domains and Trusts
49. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Create and deploy a logon script that runs Auditpol.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
50. What GPO setting should be configured to prevent all users from running an application?
Domain based Distributed File System (DFS) namespace and DFS Replication.
Add the new UPN Suffix to the forest
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Software Restriction Polices