SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
MEDV to deploy virtual desktops
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Configure offline files and enable manual caching
2. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Offline domain join
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Event Subscriptions
3. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Ntfrsutil
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
4. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Windows Server 2003
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
DSMOD
5. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Dfsrdiag
Modify the local policy to point to the Internal WSUS server
Add the Windows Server Backup feature and Windows System Image recovery.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
6. To update ADRMS password...
Execute the Set-ADServiceAccount cmdlet
Properties of PSO need modified
Your machine and remote desktops
AD Rights Management Services
7. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Changed manually
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Zone transfer settings
Microsoft Desktop Optimization Pack (MDOP)
8. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
WSUS server in the branch office in replica mode.
Microsoft Desktop Optimization Pack (MDOP)
9. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Run adprep /forestprep and adprep /domainprep
Windows System Resource Manager (WSRM)
DISABLE slow link detection in the GPO
Configure event log subscriptions
10. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Add-ADFineGrainedPasswordPolicySubject cmdlet
Recommend GPT and basic disks
Autonomous mode...This allows the local administrator to approve their own updates.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
11. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
Restore-ADObject cmdlet
Create a new Password Settings Object (PSO) for the IT users.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
12. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Incoming external trust
Deploy a GPO to the WebSrvOU
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
13. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
NOT be able to store that data on an iSCSI SAN
Dfsrdiag
IIS Manager user account
Install and share a printer on a server and then enable printer pooling.
14. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
15. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Domain based Distributed File System (DFS) namespace and DFS Replication.
Changed manually
CAPublishGP group should have the Manage CA permission.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
16. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Upgrading DFS to Windows Server 2008 R2
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
FFL Windows Server 2008 R2
17. To configure Administrator Role Separation for an RODC
Recommend GPT and basic disks
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Network Load Balancing (NLB) cluster
Implement folder redirection by using GPO. Then backup the folder redirection target.
18. Need to access some resources in another domain that is part of another forest...What trust is created?
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Incoming external trust
19. If subnets are connected by CISCO router that is RFC-1542 compliant
Improve the performance of File Servers
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Software Restriction Polices
Use CISCO IP Helper command to configure.
20. To backup to tape/robotic tape and to backup VMs you must use...
Attach VHD file created by Windows server backup
Disable Site Link Bridging from IP Properties
Microsoft System Center Data Protection Manager 2010
Implement Windows BitLocker Drive Encryption (BitLocker)
21. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Recommend Group Policy preferences
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Authorization Manager
Dfsrdiag
22. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
FFL Windows Server 2008 R2
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Create a Central Store
Create a MEDV workspace
23. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Back up to an external USB drive by using Windows Server Backup
Utilize IFM (Install From Media)
Modify the GPO to include folder redirection
Run the Delegation of Control Wizard on the Staff OU
24. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Network Load Balancing (NLB)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Windows XP Mode
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
25. You need to ensure that the guest account on all servers is disabled to
IIS Manager user account
Windows System Resource Manager (WSRM)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
26. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Recommend Group Policy preferences
27. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Microsoft Application Virtualization (AppV)
An Active Directory subnet object needs to be created.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
WSUS server in the branch office in replica mode.
28. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
29. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Data Recovery Agent
Configure block inheritance on the IT OU
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Modify the local policy to point to the Internal WSUS server
30. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Configure folder redirection
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
31. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Import-Module
Event Subscriptions
32. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Windows System Resource Manager (WSRM)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
DSMOD - ADUC
33. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install Windows Server Backup and modify the Windows firewall settings
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Use the Local Roles options with dsmgmt.
34. To backup Virtual Machines
Autonomous mode...This allows the local administrator to approve their own updates.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Win2000 Native
DISABLE slow link detection in the GPO
35. In order to manage websites without having to logon you can use
PowerShell 2.0
Data Recovery Agent
Modify the GPO to include folder redirection
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
36. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Microsoft Desktop Optimization Pack (MDOP) to your company
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
37. To add a server with AD FS 2.0 role to an existing AD FS farm...
WSUS server in the branch office in replica mode.
IIS Chared Configuration
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
fsconfig on FSSrv2
38. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
39. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Dfsrdiag
Event Subscriptions
40. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Import-Module
Use CISCO IP Helper command to configure.
41. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Active Directory Users and Computers utility
Run the Delegation of Control Wizard on the Staff OU
Software Restriction Polices
42. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
43. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Attach VHD file created by Windows server backup
Certificate Templates
Event Log Subscriptions
44. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
AD Domains and Trusts
Repadmin
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
45. FFL is...
Basic Authentication and SSL
Win2000
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Ensure your account - or the group is a member of the local Administrators group for that specific server.
46. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Your machine and remote desktops
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
47. To determine size of AD database file...
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
View properties of %systemroot%ntdsntds.dit
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
48. If users complain that it is hard to find the shared folders on the network implement
Recommend Offline Files
Additional DFS Targets
Back up to an external USB drive by using Windows Server Backup
Recommend Group Policy preferences
49. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Changed manually
Dfsrdiag
Subnet object needs to be created
50. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Software Restriction Polices
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
