SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need a solution that meets policy while minimizing hardware and software costs
Zone transfer settings
WSUS server in the branch office in replica mode.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Create a new Password Settings Object (PSO) for the IT users.
2. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add the user to the Domain Admins global group
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
3. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Network Load Balancing (NLB) cluster
Upgrading DFS to Windows Server 2008 R2
Recommend Group Policy preferences
4. to increase the reliability of the print server - configure...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy Microsoft System Center Operations Manager (SCOM)
Printer driver isolation
5. The Computer Management snap-in allows you to create shares both on...
Configure authorization rules for Web developers on each web server
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
A Distributed File System (DFS) namespace
Your machine and remote desktops
6. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Network Load Balancing (NLB)
Jill came down with 2.50.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Dsmgmt
7. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
An Active Directory subnet object needs to be created.
Get-ADUser cmdlet
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Microsoft Desktop Optimization Pack (MDOP) to your company
8. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Modify the schema of LDSInst1
Configure RODC for Administrator Role Separation
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
9. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Prestage the computer account in AD
Install and share a printer on a server and then enable printer pooling.
File Server Resource Manager (FSRM) quotas and file screens
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
10. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
11. To update ADRMS password...
Implement Distributed File System Replication (DFSR) on both servers
AD Rights Management Services
Implement Network Access Protection (NAP)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
12. To ensure that a file on a file server do not leave the organization you must implement this.
Jill came down with 2.50.
AD RMS
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Refresh the zone on DNS2
13. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
A Distributed File System (DFS) namespace
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure authorization rules for Web developers on each web server
Implement the Windows Search Service.
14. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Add the Windows Server Backup feature and Windows System Image recovery.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
15. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
16. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
Implement Network Access Protection (NAP)
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Windows BitLocker Drive Encryption (Bit Locker)
17. When recommending a monitoring solution for an application so that it's events can be stored in a central
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Event Subscriptions
Dynamically expanding VHD's
Additional DFS Targets
18. If you need to encrypt all data on all disks
Recommend GPT and basic disks
Then use Windows BitLocker Drive Encryption
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
AD Rights Management Services
19. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
IIS Manager user account
Storage manager for SANs
Dynamically expanding VHD's
dnscmd tool
20. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Create an e-mail account in AD DS for your RMS users.
Deploy the Root CA certificate to the external computers.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
21. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Restore-ADObject cmdlet
Dsmgmt
22. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Configure separate application pools for each application
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Active Directory Domains and Trusts
23. When deploying an application using the Group Policy distribution method assign the...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Create a new Password Settings Object (PSO) for the IT users.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Network Load Balancing (NLB)
24. To configure AD FS so tokens contain information from Active Directory domain...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
New ACCOUNT STORE should be added and configured
Jill came down with 2.50.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
25. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
File Server Resource Manager (FSRM) quotas and file screens
Configure Audit Special Logon and define Special Groups
Win2000
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
26. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
27. To create and additional AD LDS applicaiton directory partition in existing instance...
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Storage manager for SANs
Creating a data collector set that kick off a scritp that either move or delete files.
Ldp
28. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Raise the DFL to Windows Server 2008 R2.
Modify the local policy to point to the Internal WSUS server
Windows Deployment Services (WDS)
Implement Windows System Resource Manager (WSRM) and configure user policies
29. A specific application requires registry modifications to be in place before installing; you should use
Enable Credential Roaming
Implement Distributed File System Replication (DFSR) on both servers
Group Policy Preferences
Improve the performance of File Servers
30. If users complain that it is hard to find the shared folders on the network implement
Disable Site Link Bridging from IP Properties
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Additional DFS Targets
WSUS server in the branch office in replica mode.
31. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
32. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Prestage the computer account in AD
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Add the new UPN Suffix to the forest
33. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Configure folder redirection
Increase the tombstone lifetime for the forest.
Ntdsutil
Implement a domain-based DFS namespace that uses replication
34. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Active Directory Right Management Services (AD RMS)
Implement GPO for all client computers
DISABLE slow link detection in the GPO
35. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Network Load Balancing (NLB) cluster
Windows System Resource Manager (WSRM)
From Server1 - run the Create Basic Task Wizard
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
36. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
ntdsutil
Create and deploy a logon script that runs Auditpol.
New ACCOUNT STORE should be added and configured
37. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
IIS Manager user account
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Software Restriction Polices
38. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Import-Module
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Run net stop ntds
Windows Deployment Services (WDS)
39. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Data Recovery Agent
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Then use Windows Deployment Services (WDS) on DHCP1.
40. To compact AD database...
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Deploy Microsoft System Center Operations Manager (SCOM)
FILES option within Ntdsutil
41. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Install Windows Server Backup and modify the Windows firewall settings
42. What should be done to ensure changes made to AD objects can be logged?
Microsoft SharePoint Foundation 2010
Modify the local policy to point to the Internal WSUS server
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
AD Domains and Trusts
43. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Add George to the Domain Admins group.
CAPublishGP group should have the Manage CA permission.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
44. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Use the Local Roles options with dsmgmt.
Printer driver isolation
Ntfrsutil
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
45. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Subnet object needs to be created
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
46. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Then use Windows Deployment Services (WDS)
PowerShell 2.0
Deploy it by using Group Policy Software Installation method
47. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install the RSAT tool on their workstation to provide for more efficient network management
Domain based Distributed File System (DFS) namespace and DFS Replication.
48. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Deploy Microsoft System Center Operations Manager (SCOM)
Configure folder redirection
Create and deploy a logon script that runs Auditpol.
IIS Manager user account
50. Jack and Jill go up the hill - both with a buck and a quarter
Use Netsh tool from administrator's computer.
Active Directory snapshots and Tombstone reanimation
Jill came down with 2.50.
Win2000