SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When deploying an application using the Group Policy distribution method assign the...
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
2. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Disable Site Link Bridging from the IP properties
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
3. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
AD Rights Management Services
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Create an e-mail account in AD DS for your RMS users
4. For the users that work remotely that need access to files from the corporate office you should...
Recommend Offline Files
Offline domain join
Administrative Role Separation
Microsoft System Center Data Protection Manager 2010
5. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Administrators is the minimum group membership required to complete this procedure.
Modify the GPO to include folder redirection
6. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Recommend Offline Files
Raise the DFL to Windows Server 2008 R2.
AD RMS
7. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
A relying party trust should be created.
Windows System Resource Manager (WSRM)
Execute the Set-ADServiceAccount cmdlet
8. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Use Netsh tool from administrator's computer.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
9. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
WSUS server in the branch office in replica mode.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
10. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Site
File Server Resource Manager (FSRM) quotas and file screens
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
11. What shold be done to configure AD RMS so users can protect their data?
Passive file screens
Create an e-mail account in AD DS for your RMS users
Printer driver isolation
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
12. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
net stop ntds
Enable - ADoptionalFeature cmdlet
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
13. What should be done to resolve names by using GlobalNames zone?
AD Rights Management Services
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
dnscmd tool
Run adprep /forestprep and adprep /domainprep
14. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Then use Windows Deployment Services (WDS) on DHCP1.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
15. To build a highly secure server cluster with a reduced attack surface area
Microsoft Desktop Optimization Pack (MDOP) to your company
Authorization Manager
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Import-Module
16. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
FILES option within Ntdsutil
Implement Network Access Protection (NAP)
Multipath I/O feature
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
17. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure caching on the shared folder and configure offline files to use encryption
Deploy a GPO to the WebSrvOU
18. To modify several user accounts to a new UPN suffix
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Ntdsutil
Active Directory Users and Computers utility
19. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Your machine and remote desktops
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
20. A specific application requires registry modifications to be in place before installing; you should use
Enable Windows Remote Management (WinRM) on the servers.
Group Policy Preferences
Then use Windows Deployment Services (WDS) on DHCP1.
Administrators is the minimum group membership required to complete this procedure.
21. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Assign the application to computers in the PC OU
Use the Local Roles options with dsmgmt.
Ntdsutil
22. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Perform an authoritative restore
Run adprep /forestprep and adprep /domainprep
Software Restriction Polices
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
23. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Certificate Templates
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
dnscmd tool
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
24. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Then use on install image file that contains a single install image.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Get-ADUser cmdlet
25. File that contains the last logon time and custom attributes values for each user in your forest.
Attach VHD file created by Windows server backup
Get-ADUser cmdlet
Multipath I/O feature
IIS Chared Configuration
26. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Share and Storage Management
Recommend Offline Files
Site
27. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
DFL needs to be Windows Server 2008
Dfsrdiag
Enable Credential Roaming
28. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
The Group Policy Management Console
Configure Audit Special Logon and define Special Groups
29. You need to recommend a BitLocker recovery method you should recommend this.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure folder redirection
Upgrading DFS to Windows Server 2008 R2
Data Recovery Agent
30. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Add the Windows Server Backup feature and Windows System Image recovery.
Configure separate application pools for each application
Configure folder redirection
31. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Recommend Active Directory delegation
Windows BitLocker Drive Encryption (Bit Locker)
Improve the performance of File Servers
Increase the tombstone lifetime for the forest.
32. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a Central Store
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Purchase one additional Enterprise License
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
33. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
From Server1 - run the Create Basic Task Wizard
Use a GPO to configure device installation restrictions
34. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Disable Site Link Bridging from the IP properties
The Group Policy Management console
Incoming external trust
Create and deploy a logon script that runs Auditpol.
35. DFL is...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Windows Server 2003
Deploy Microsoft System Center Operations Manager (SCOM)
Win2000 Native
36. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
37. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Configure caching on the shared folder (offline files)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Test-AppLockerPolicy
Windows Server 2003
38. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Set-ADServiceAccount cmdlet
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
39. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Windows BitLocker Drive Encryption (Bit Locker)
Configure separate application pools for each application
MEDV to deploy virtual desktops
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
40. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Microsoft SharePoint Foundation 2010
Event Viewer
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
41. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Dfsrdiag
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
42. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Configure authorization rules for Web developers on each web server
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Purchase one additional Enterprise License
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
43. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Configure offline files and enable manual caching
Domain based Distributed File System (DFS) will reduce network traffic
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
44. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Implement Windows System Resource Manager (WSRM)
Authorization Manager
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Back up to an external USB drive by using Windows Server Backup
45. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Win2000
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Install the RSAT tool on their workstation to provide for more efficient network management
46. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement GPO for all client computers
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
47. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Backup operator's domain local group
Winrm quickconfig
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
48. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Win2000 Native
Run the Delegation of Control Wizard on the Staff OU
Install and share a printer on a server and then enable printer pooling.
49. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Run the Delegation of Control Wizard on the Staff OU
Implement Network Access Protection (NAP)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create an e-mail account in AD DS for your RMS users.
50. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Passive file screens
CAPublishGP group should have the Manage CA permission.
