SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When one needs to audit files - folders - printers and the registry enable
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Software Restriction Polices
Create a new Password Settings Object (PSO) for the IT users.
2. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Domain based Distributed File System (DFS) namespace and DFS Replication.
Domain based DFS namespace and configure a DFS replication group
Restore-ADObject cmdlet
3. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Share and Storage Management
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Passive file screens
4. To add a server with AD FS 2.0 role to an existing AD FS farm...
Microsoft Desktop Optimization Pack (MDOP)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
fsconfig on FSSrv2
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
5. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create and deploy a logon script that runs Auditpol.
Create a Central Store
Creating a data collector set that kick off a scritp that either move or delete files.
Recommend Group Policy preferences
6. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Deploy a GPO to the WebSrvOU
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Domain based Distributed File System (DFS) will reduce network traffic
Utilize IFM (Install From Media)
7. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
View properties of %systemroot%ntdsntds.dit
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Assign the application to computers in the PC OU
New ACCOUNT STORE should be added and configured
8. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Implement Windows BitLocker Drive Encryption (BitLocker)
Then use on install image file that contains a single install image.
CAPublishGP group should have the Manage CA permission.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
9. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Creating a data collector set that kick off a scritp that either move or delete files.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
10. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Raise the DFL to Windows Server 2008 R2.
Recommend Active Directory delegation
Create a standard secondary of domain and create standard secondary of other domain.
11. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Site
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
CAPublishGP group should have the Manage CA permission.
12. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Ntfrsutil
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Modify the local policy to point to the Internal WSUS server
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
13. If you want to implement BitLocker and store recovery informaiton in a central location
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Domain based Distributed File System (DFS) namespace and DFS Replication.
14. What should be done first to defragment the AD database?
Then use Windows Deployment Services (WDS)
Run net stop ntds
Implement a GPO for each domain
Disable Site Link Bridging from IP Properties
15. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Restore-ADObject cmdlet
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Your machine and remote desktops
16. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Winrm quickconfig
Multipath I/O feature
Purchase one additional Enterprise License
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
17. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
Certificate Templates
net stop ntds
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
18. To be able to manage all the corporate servers from a workstation - you must install the
Modify the schema of LDSInst1
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Ldp
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
19. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Use a GPO to configure device installation restrictions
Configure Firewall Group Policies and link them at the Domain level
Repadmin
20. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
From Server A - run Create Basic Task Wizard
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
21. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
22. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Win2000 Native
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
23. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Multipath I/O feature
24. Capture all replication errors from all your DCs to a central location...
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Changed manually
Implement one LUN for the quorum and another LUN for the data
Configure event log subscriptions
25. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Additional DFS Targets
Increase the tombstone lifetime for the forest.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
26. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Microsoft Desktop Optimization Pack (MDOP)
Deploy it by using Group Policy Software Installation method
Configure separate application pools for each application
27. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Microsoft Desktop Optimization Pack (MDOP)
Ntfrsutil
Deploy a GPO to the WebSrvOU
Basic Authentication and SSL
28. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use Windows Deployment Services (WDS) on DHCP1.
Network Load Balancing (NLB)
DISABLE slow link detection in the GPO
Implement a domain-based DFS namespace that uses replication
29. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then configure GlobalNames zones on each domain controller.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
30. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Add the new UPN suffix to the forest.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run the Delegation of Control Wizard on the Staff OU
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
31. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Microsoft System Center Data Protection Manager
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
DSMOD
32. To create and additional AD LDS applicaiton directory partition in existing instance...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Perform an authoritative restore
Ldp
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
33. You need to ensure that the guest account on all servers is disabled to
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Recommend Active Directory delegation
Enable - ADoptionalFeature cmdlet
34. To deploy templates across the organization
Create a Network Load Balancing cluster.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Then use Windows Deployment Services (WDS) on DHCP1.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
35. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Then use Windows Deployment Services (WDS)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Certificate Templates
36. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Test-AppLockerPolicy
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Implement the Windows Search Service.
37. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Execute the Set-ADServiceAccount cmdlet
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
FILES option within Ntdsutil
38. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Recommend Active Directory delegation
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
39. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Modify the GPO to include folder redirection
Implement GPO for all client computers
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
40. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Active Directory snapshots and Tombstone reanimation
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
41. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Upgrading DFS to Windows Server 2008 R2
Implement GPO for all client computers
42. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Install the RSAT tool on their workstation to provide for more efficient network management
Deploy a GPO to the WebSrvOU
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Subnet object needs to be created
43. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Ntdsutil
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify the schema of LDSInst1
44. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Microsoft Application Virtualization (AppV)
45. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Add the new UPN suffix to the forest.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
46. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Jill came down with 2.50.
Configure caching on the shared folder and configure offline files to use encryption
Create a new Password Settings Object (PSO) for the IT users.
47. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then use Windows BitLocker Drive Encryption
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
48. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Increase the tombstone lifetime for the forest.
Your machine and remote desktops
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Create and deploy a logon script that runs Auditpol.
49. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Active Directory snapshots and Tombstone reanimation
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
50. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure event log subscriptions
Configure caching on the shared folder and configure offline files to use encryption
Implement Shadow Copies
Perform an authoritative restore