SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Administrative Role Separation
A relying party trust should be created.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
2. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Use Netsh tool from administrator's computer.
Assign the application to all client computers by using a GPO.
3. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
4. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Deploy it by using Group Policy Software Installation method
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement Windows System Resource Manager (WSRM)
Deploy Microsoft System Center Operations Manager (SCOM)
5. In order to manage websites without having to logon you can use
Active Directory Domains and Trusts
Recommend Offline Files
PowerShell 2.0
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
6. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Upgrading DFS to Windows Server 2008 R2
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
7. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Printer driver isolation
From Server A - run Create Basic Task Wizard
8. to prevent VMs from receiving updats from a group policy
dnscmd
Windows Deployment Services (WDS)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Install From Media IFM
9. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Configure an audit policy by editing the default domain policy and configure Event Forwarding
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Implement one LUN for the quorum and another LUN for the data
The Group Policy Management console
10. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Microsoft Desktop Optimization Pack (MDOP)
Deploy a GPO to the WebSrvOU
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Ldp
11. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Use Netsh tool from administrator's computer.
Install the RSAT tool on their workstation to provide for more efficient network management
Use CISCO IP Helper command to configure.
12. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
A relying party trust should be created.
Dynamically expanding VHD's
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
13. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Administrative Role Separation
net stop ntds
Modify the schema of LDSInst1
14. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Active Directory Domains and Trusts
Passive file screens
Implement a Remote Desktop Connection Broker (RD Connection Broker)
ntdsutil
15. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Ldp
Network Load Balancing (NLB)
Install and share a printer on a server and then enable printer pooling.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
16. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
IIS Chared Configuration
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Test-AppLockerPolicy
17. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Windows XP Mode
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Active Directory Users and Computers utility
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
18. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Deploy a failover cluster that contains one node in each office.
Implement Distributed File System Replication (DFSR) on both servers
IIS Chared Configuration
19. To prevent account password from being cached on RODC server...
Backup operator's domain local group
Distributed File System (DFS) Replication
Modify properties of RODC server computer account.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
20. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
MEDV to deploy virtual desktops
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Modify the local policy to point to the Internal WSUS server
21. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Configure offline files and enable manual caching
Add the new UPN Suffix to the forest
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
22. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
AD RMS
Then configure GlobalNames zones on each domain controller.
Increase the tombstone lifetime for the forest.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
23. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Configure offline files and enable manual caching
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Creating a data collector set that kick off a scritp that either move or delete files.
24. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Passive file screens
Microsoft System Center Data Protection Manager
25. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Restore-ADObject cmdlet
Windows XP Mode
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
26. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Active Directory Users and Computers
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
27. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
WDS
Autonomous mode...This allows the local administrator to approve their own updates.
28. To configure Administrator Role Separation for an RODC
FFL Windows Server 2008 R2
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Passive file screens
29. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Deploy Microsoft System Center Operations Manager (SCOM)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Administrators is the minimum group membership required to complete this procedure.
30. If users complain that it is hard to find the shared folders on the network implement
Create a new Password Settings Object (PSO) for the IT users.
Additional DFS Targets
Dsmgmt
AD Rights Management Services
31. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Use the Local Roles options with dsmgmt.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Jill came down with 2.50.
Recommend Active Directory delegation
32. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Then use on install image file that contains a single install image.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
33. Auditing the deletion of Registry keys on all Domain Controllers
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Refresh the zone on DNS2
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Run auditpol and then configure the Security settings of the Domain Controllers OU.
34. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
AD RMS
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Install Windows Server Backup and modify the Windows firewall settings
Raise the DFL to Windows Server 2008 R2.
35. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
Software Restriction Polices
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
36. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create a Network Load Balancing cluster.
37. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create an Active Directory-Integrated zone.
Configure RODC for Administrator Role Separation
38. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Configure offline files and enable manual caching
Domain based Distributed File System (DFS) namespace and DFS Replication.
Then use Windows Deployment Services (WDS)
39. If you want to implement BitLocker and store recovery informaiton in a central location
Windows System Resource Manager (WSRM)
Attach VHD file created by Windows server backup
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
40. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Active Directory Domains and Trusts
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
41. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Then install new Server 2008 R2 Enterprise subordinate CA.
NOT be able to store that data on an iSCSI SAN
Enable Credential Roaming
42. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Install Windows Server Backup and modify the Windows firewall settings
Raise the DFL to Windows Server 2008 R2.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Authorization Manager
43. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Restore-ADObject cmdlet
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
44. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Use the Local Roles options with dsmgmt.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
45. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Install From Media IFM
Implement Network Access Protection (NAP)
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
46. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
AD RMS
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
47. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Printer driver isolation
Role Separation
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Use CISCO IP Helper command to configure.
48. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Enable Windows Remote Management (WinRM) on the servers.
PDC emulator with w32tm.exe
49. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Add the new UPN suffix to the forest.
Create a MEDV workspace
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
50. In order to ensure highly available Windows Update servers you should create this.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Create a Network Load Balancing cluster.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.