SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Microsoft SharePoint Foundation 2010
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
2. To configure Administrator Role Separation for an RODC
Configure Firewall Group Policies and link them at the Domain level
Modify zone transfer settings for company.com zone on DCA
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
3. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Domain based DFS namespace and configure a DFS replication group
Use a GPO to configure device installation restrictions
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
4. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Microsoft System Center Data Protection Manager 2010
DSMOD - ADUC
Dfsrdiag
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
5. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Multipath I/O feature
dnscmd
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
6. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Deploy a failover cluster that uses Node and File Share Disk Majority
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
An Active Directory subnet object needs to be created.
7. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Event Log Subscriptions
A Distributed File System (DFS) namespace
8. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Use Netsh tool from administrator's computer.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
9. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Network Load Balancing (NLB)
Authorization Manager role assignment
Purchase one additional Enterprise License
10. To join a server/PC outside of the domain to the network...
Then use Windows BitLocker Drive Encryption
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create a Central Store
Authorization Manager
11. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy it by using Group Policy Software Installation method
Restore-ADObject cmdlet
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
PDC emulator with w32tm.exe
12. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Event Subscriptions
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Modify the GPO to include folder redirection
13. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Backup operator's domain local group
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Then use on install image file that contains a single install image.
Microsoft Desktop Optimization Pack (MDOP)
14. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Configure the zone as an Activde Directory-Integrated zone.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
15. If you want to implement BitLocker and store recovery informaiton in a central location
Include a server that runs Microsoft Office SharePoint Server 2010
Enable Windows Remote Management (WinRM) on the servers.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
16. To recover objects deleted from Active Directory you should recommend
Windows BitLocker Drive Encryption (Bit Locker)
Configure Firewall Group Policies and link them at the Domain level
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Active Directory snapshots and Tombstone reanimation
17. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Then configure GlobalNames zones on each domain controller.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
18. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Test-AppLockerPolicy
Configure separate application pools for each application
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
19. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Perform an authoritative restore
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
20. For the users that work remotely that need access to files from the corporate office you should...
The Group Policy Management Console
Microsoft System Center Data Protection Manager 2010
dnscmd tool
Recommend Offline Files
21. When service account passwords need to be changed for SQL they should be...
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Changed manually
22. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
The Group Policy Management console
Event Subscriptions
23. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Windows XP Mode
Improve the performance of File Servers
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
24. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
An Active Directory subnet object needs to be created.
Deploy a failover cluster that uses Node and File Share Disk Majority
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Assign the application to all client computers by using a GPO.
25. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Add the user to the Domain Admins global group
CAPublishGP group should have the Manage CA permission.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
AD Domains and Trusts
26. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
Additional DFS Targets
Include a server that runs Microsoft Office SharePoint Server 2010
Configure separate application pools for each application
27. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Create a standard secondary of domain and create standard secondary of other domain.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Domain based Distributed File System (DFS) will reduce network traffic
29. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
IIS Manager user account
Printer driver isolation
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
30. If you need to encrypt all data on all disks
Ntdsutil
Then use Windows BitLocker Drive Encryption
Implement a domain-based DFS namespace that uses replication
WSUS server in the branch office in replica mode.
31. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Site
Assign the application to all client computers by using a GPO.
Raise the DFL to Windows Server 2008 R2.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
32. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
PDC emulator with w32tm.exe
802.1.x NAP
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Assign the application to all client computers by using a GPO.
33. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
FILES option within Ntdsutil
34. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Modify zone transfer settings for company.com zone on DCA
Implement a domain-based DFS namespace that uses replication
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
35. You need to recommend a BitLocker recovery method you should recommend this.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Data Recovery Agent
AD Domains and Trusts
36. To restore previous version of script without taking up too much of time...
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Creating a data collector set that kick off a scritp that either move or delete files.
Attach VHD file created by Windows server backup
Implement File Server Resource Manager (FSRM) quotas on the desired servers
37. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy the Root CA certificate to the external computers.
Configure Firewall Group Policies and link them at the Domain level
Implement the Windows Search Service.
38. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Use local roles options within "dsmgmt"
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Refresh the zone on DNS2
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
39. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
From Server A - run Create Basic Task Wizard
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
The Group Policy Management Console
40. To prevent account password from being cached on RODC server...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Modify properties of RODC server computer account.
Then install new Server 2008 R2 Enterprise subordinate CA.
Implement Network Access Protection (NAP)
41. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
The Group Policy Management console
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
DSMOD - ADUC
42. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Create a Central Store
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
43. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Improve the performance of File Servers
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Certificate Templates
44. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Zone transfer settings
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Raise the DFL to Windows Server 2008 R2.
45. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Execute the Set-ADServiceAccount cmdlet
Role Separation
Purchase one additional Enterprise License
46. to increase the reliability of the print server - configure...
Printer driver isolation
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
View properties of %systemroot%ntdsntds.dit
47. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement a domain-based DFS namespace that uses replication
Implement Network Access Protection (NAP)
Windows System Resource Manager (WSRM)
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
48. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
49. GPO setting to prevent all users from running an application
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Software Restriction Polices
The Group Policy Management console
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
50. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Set-ADServiceAccount cmdlet
Certificate Templates
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
