SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Administrative Role Separation
The Group Policy Management Console
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
2. Capture all replication errors from all your DCs to a central location...
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Configure event log subscriptions
Execute the Set-ADServiceAccount cmdlet
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
3. The Computer Management snap-in allows you to create shares both on...
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Distributed File System (DFS) Replication
Your machine and remote desktops
AD Rights Management Services
4. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Then install new Server 2008 R2 Enterprise subordinate CA.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
5. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
IIS Manager user account
Windows Server 2003
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
6. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Event Log Subscriptions
Enable Credential Roaming
7. To be able to user an application from one AD FS with authentication server to another...
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Share and Storage Management
A relying party trust should be created.
Configure RODC for Administrator Role Separation
8. New Password Policy needs to be created for OU different from domain password policy
Folder redirection. Folder redirection is also useful when using roamin profiles.
Create a Network Load Balancing cluster.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
9. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Configure offline files and enable manual caching
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Implement a GPO for each domain
10. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Data Recovery Agent
Then use Windows BitLocker Drive Encryption
11. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
File Server Resource Manager (FSRM) quotas and file screens
Implement Windows System Resource Manager (WSRM)
Domain based Distributed File System (DFS) namespace and DFS Replication.
AD RMS
12. To allow a specifc user or group to manage the address information for the user accounts...
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Recommend Active Directory delegation
Use local roles options within "dsmgmt"
Domain based Distributed File System (DFS) will reduce network traffic
13. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
View properties of %systemroot%ntdsntds.dit
Implement a domain-based DFS namespace that uses replication
dnscmd tool
Install and share a printer on a server and then enable printer pooling.
14. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Then use Windows BitLocker Drive Encryption
15. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Event Viewer
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
AD RMS
MEDV to deploy virtual desktops
16. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Encrypting File System (EFS). This can be enabled locally or through a GPO.
DISABLE slow link detection in the GPO
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
17. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
MEDV to deploy virtual desktops
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure folder redirection
18. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Enable Windows Remote Management (WinRM) on each server.
Active Directory Users and Computers utility
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Configure authorization rules for Web developers on each web server
20. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
AD Rights Management Services
Then use on install image file that contains a single install image.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Encrypting File System (EFS). This can be enabled locally or through a GPO.
21. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Install and share a printer on a server and then enable printer pooling.
Autonomous mode...This allows the local administrator to approve their own updates.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Offline domain join
22. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Test-AppLockerPolicy
Windows Server 2003
23. If you want to implement BitLocker and store recovery informaiton in a central location
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Add the Windows Server Backup feature and Windows System Image recovery.
dsa.msc - dsamain.exe - ntdsutil.exe
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
24. Tools to view contents of an OU in an AD snapshot...
Win2000 Native
Role Separation
dsa.msc - dsamain.exe - ntdsutil.exe
Implement Shadow Copies
25. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Enable - ADoptionalFeature cmdlet
Deploy a failover cluster that contains one node in each office.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
26. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Deploy a GPO for the Sales OU
Implement Windows System Resource Manager (WSRM)
Use local roles options within "dsmgmt"
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
27. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add the user to the Domain Admins global group
Add the new UPN suffix to the forest.
29. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Back up to an external USB drive by using Windows Server Backup
Assign the application to computers in the PC OU
Configure separate application pools for each application
Implement one LUN for the quorum and another LUN for the data
30. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Multipath I/O feature
Microsoft System Center Data Protection Manager 2010
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
31. What should be done to resolve names by using GlobalNames zone?
Create a Central Store
Raise the DFL to Windows Server 2008 R2.
DISABLE slow link detection in the GPO
dnscmd tool
32. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Windows Deployment Services (WDS)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
FFL Windows Server 2008 R2
33. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Add the Windows Server Backup feature and Windows System Image recovery.
Deploy a GPO for the Sales OU
From Server A - run Create Basic Task Wizard
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
34. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Test-AppLockerPolicy
Administrative Role Separation
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Execute the Set-ADServiceAccount cmdlet
35. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Printer driver isolation
IIS Chared Configuration
36. To enable the AD Recycle Bin
Implement Network Access Protection (NAP)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Enable - ADoptionalFeature cmdlet
Refresh the zone on DNS2
37. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
NOT be able to store that data on an iSCSI SAN
DISABLE slow link detection in the GPO
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Enable - ADoptionalFeature cmdlet
38. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
DFL needs to be Windows Server 2008
Deploy a GPO to the WebSrvOU
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
39. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Distributed File System (DFS) Replication
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Test-AppLockerPolicy
40. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Active Directory Users and Computers
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install and share a printer on a server and then enable printer pooling.
Microsoft Desktop Optimization Pack (MDOP) to your company
41. An AD LDS instance needs to be replicated from one server to another...
Microsoft Desktop Optimization Pack (MDOP)
Service user account for AD LDS
Ldp
Changed manually
42. To ensure that recovery is possible if a file on a file server is deleted accidentally
Passive file screens
Implement Shadow Copies
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
net stop ntds
43. You need to design your WSUS infrastructure so that updates are highly available. To do so
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Jill came down with 2.50.
44. To delegate authority to users to manage only certain areas in Hyper-V use the
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Authorization Manager role assignment
Use a GPO to configure device installation restrictions
Implement Windows System Resource Manager (WSRM)
45. 4 steps to perform offline Defragmentation of AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
DISABLE slow link detection in the GPO
Share and Storage Management
46. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Then use Windows Deployment Services (WDS) on DHCP1.
Administrators is the minimum group membership required to complete this procedure.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install From Media IFM
47. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Implement a GPO for each domain
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Enable Credential Roaming
Refresh the zone on DNS2
48. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Certificate Templates
Disable Site Link Bridging from the IP properties
Storage manager for SANs
49. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Subnet object needs to be created
Then configure auto enrollment of certificates and Credential Roaming.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Recommend Active Directory delegation
50. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Active Directory Domains and Trusts
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Ntdsutil
