SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Dsmgmt
Deploy the Root CA certificate to the external computers.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
2. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Implement Windows BitLocker Drive Encryption (BitLocker)
Modify zone transfer settings for company.com zone on DCA
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
3. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Data Recovery Agent
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Install From Media IFM
Microsoft Desktop Optimization Pack (MDOP) to your company
4. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Ntfrsutil
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
5. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
FFL Windows Server 2008 R2
Dsmgmt
From Server A - run Create Basic Task Wizard
6. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Test-AppLockerPolicy
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
The Group Policy Management console
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
7. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Use CISCO IP Helper command to configure.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Event Viewer
8. The strongest form of NAP is
Assign the application to all client computers by using a GPO.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
9. To create AD Domain Services snapshot
Ntdsutil
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Folder redirection. Folder redirection is also useful when using roamin profiles.
10. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Storage manager for SANs
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Windows XP Mode
11. Striped volumes
Improve the performance of File Servers
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement Windows System Resource Manager (WSRM)
From Server1 - run the Create Basic Task Wizard
12. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Assign the application to all client computers by using a GPO.
Then configure auto enrollment of certificates and Credential Roaming.
ntdsutil
Microsoft Desktop Optimization Pack (MDOP)
13. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Then use Windows BitLocker Drive Encryption
Run net stop ntds
AD Domains and Trusts
14. To join a server/PC outside of the domain to the network...
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
NOT be able to store that data on an iSCSI SAN
Distributed File System (DFS) Replication
15. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Configure RODC for Administrator Role Separation
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Then use Windows BitLocker Drive Encryption
16. To minimize the amount of storage required you should recommend
Share and Storage Management
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Your machine and remote desktops
Raise the DFL to Windows Server 2008 R2.
17. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Basic Authentication and SSL
Create an e-mail account in AD DS for your RMS users.
18. In order to manage websites without having to logon you can use
PowerShell 2.0
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Ntfrsutil
19. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Configure block inheritance on the IT OU
20. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
FFL Windows Server 2008 R2
Active Directory Users and Computers
Microsoft Desktop Optimization Pack (MDOP) to your company
21. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
Site
AD Rights Management Services
Use local roles options within "dsmgmt"
22. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Subnet object needs to be created
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Active Directory snapshots and Tombstone reanimation
23. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
An Active Directory subnet object needs to be created.
Implement Shadow Copies
MEDV to deploy virtual desktops
Improve the performance of File Servers
24. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Domain based DFS namespace and configure a DFS replication group
Windows Deployment Services (WDS)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploy a GPO to the WebSrvOU
25. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
AD Domains and Trusts
Disable Site Link Bridging from the IP properties
26. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
DFL needs to be Windows Server 2008
Create an Active Directory-Integrated zone.
Create a Central Store
27. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Implement Windows System Resource Manager (WSRM) and configure user policies
Then use Windows Deployment Services (WDS) on DHCP1.
Active Directory Domains and Trusts
28. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Certificate Templates
dnscmd
Administrators is the minimum group membership required to complete this procedure.
DSMOD
29. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Create a Central Store
From Server1 - run the Create Basic Task Wizard
Perform an authoritative restore
30. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Assign the application to all client computers by using a GPO.
New ACCOUNT STORE should be added and configured
Network Load Balancing (NLB)
31. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
dnscmd
Set-ADServiceAccount cmdlet
32. To backup Virtual Machines
Implement Windows BitLocker Drive Encryption (BitLocker)
CAPublishGP group should have the Manage CA permission.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
33. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
34. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Add the user to the Domain Admins global group
Dfsrdiag
Assign the application to computers in the PC OU
35. What utility is used to see what accounts cached on RODC?
Add the Windows Server Backup feature and Windows System Image recovery.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Active Directory Users and Computers
36. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Passive file screens
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Create a MEDV workspace
Run auditpol and then configure the Security settings of the Domain Controllers OU.
37. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Then use on install image file that contains a single install image.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Event Log Subscriptions
Administrative Role Separation
38. New Password Policy needs to be created for OU different from domain password policy
Basic Authentication and SSL
Domain based Distributed File System (DFS) will reduce network traffic
Dsmgmt
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
39. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
MEDV to deploy virtual desktops
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
40. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
Perform an authoritative restore
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Autonomous mode...This allows the local administrator to approve their own updates.
41. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
The Group Policy Management console
Microsoft SharePoint Foundation 2010
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
42. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Event Log Subscriptions
Enable Windows Remote Management (WinRM) on each server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
43. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Set-ADServiceAccount cmdlet
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
44. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Microsoft System Center Data Protection Manager 2010
Then use Windows Deployment Services (WDS) on DHCP1.
Windows Server 2003
45. To identify users who bypass the new corporate security policy -
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Configure Audit Special Logon and define Special Groups
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
46. To help restrict access to Windows 7 computer in the event that it gets stolen implement
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Windows BitLocker Drive Encryption (Bit Locker)
47. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Software Restriction Polices
Windows System Resource Manager (WSRM)
Implement a domain-based DFS namespace that uses replication
Recommend Offline Files
48. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Create an e-mail account in AD DS for your RMS users
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
49. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create an e-mail account in AD DS for your RMS users.
Import-Module
50. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Incoming external trust
Then configure GlobalNames zones on each domain controller.