SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Configure the zone as an Activde Directory-Integrated zone.
Windows XP Mode
DSMOD
Role Separation
2. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Modify properties of RODC server computer account.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Configure Audit Special Logon and define Special Groups
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
3. Tool to change Directory Services Restore Mode password on Domain Controller...
Create a Network Load Balancing cluster.
ntdsutil
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install From Media IFM
4. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure an audit policy by editing the default domain policy and configure Event Forwarding
IIS Manager user account
Create an Active Directory-Integrated zone.
5. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Service user account for AD LDS
Improve the performance of File Servers
Import-Module
Add the Windows Server Backup feature and Windows System Image recovery.
6. A specific application requires registry modifications to be in place before installing; you should use
Configure RODC for Administrator Role Separation
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Group Policy Preferences
Enable Credential Roaming
7. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Site
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
9. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Recommend Group Policy preferences
10. If you want to implement BitLocker and store recovery informaiton in a central location
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Registry on users computer needs to be modified
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
11. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
12. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Network Load Balancing (NLB) cluster
Create a standard secondary of domain and create standard secondary of other domain.
DFL needs to be Windows Server 2008
Software Restriction Polices
13. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Event Subscriptions
Deploy it by using Group Policy Software Installation method
Assign the application to all client computers by using a GPO.
Passive file screens
14. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Use Netsh tool from administrator's computer.
Microsoft SharePoint Foundation 2010
Perform an authoritative restore
From Server1 - run the Create Basic Task Wizard
15. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Then use on install image file that contains a single install image.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
16. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Create an e-mail account in AD DS for your RMS users.
Active Directory Domains and Trusts
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
17. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Active Directory snapshots and Tombstone reanimation
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
18. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
AD RMS
Software Restriction Polices
19. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Recommend Offline Files
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Windows BitLocker Drive Encryption (Bit Locker)
FILES option within Ntdsutil
20. What should be done to resolve names by using GlobalNames zone?
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Administrative Role Separation
dnscmd tool
21. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Prestage the computer account in AD
New ACCOUNT STORE should be added and configured
22. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DISABLE slow link detection in the GPO
DFL needs to be Windows Server 2008
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
FILES option within Ntdsutil
23. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
24. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Create a standard secondary of domain and create standard secondary of other domain.
Add the user to the Domain Admins global group
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Create an Active Directory-Integrated zone.
25. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Ntfrsutil
Modify zone transfer settings for company.com zone on DCA
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
26. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Network Load Balancing (NLB) cluster
Enable - ADoptionalFeature cmdlet
Refresh the zone on DNS2
27. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Install Hyper-V role and convert physical machines into virtual machines
Use the Local Roles options with dsmgmt.
Include a server that runs Microsoft Office SharePoint Server 2010
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
28. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Perform an authoritative restore
29. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Purchase one additional Enterprise License
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Microsoft System Center Data Protection Manager 2010
Configure Audit Special Logon and define Special Groups
30. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Set-ADServiceAccount cmdlet
Active Directory Users and Computers utility
Active Directory snapshots and Tombstone reanimation
31. To add a new UPN for all user accounts...
A relying party trust should be created.
AD Domains and Trusts
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
32. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Implement Windows BitLocker Drive Encryption (BitLocker)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then install new Server 2008 R2 Enterprise subordinate CA.
Configure offline files and enable manual caching
33. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Registry on users computer needs to be modified
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Implement the Windows Search Service.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
34. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Then use Windows BitLocker Drive Encryption
Recommend GPT and basic disks
Your machine and remote desktops
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
35. To modify several user accounts to a new UPN suffix
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Storage manager for SANs
Active Directory Users and Computers utility
36. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Multipath I/O feature
Zone transfer settings
37. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Data Recovery Agent
Win2000 Native
Raise the DFL to Windows Server 2008 R2.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
38. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
IIS Chared Configuration
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
39. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
AD RMS
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Windows XP Mode
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
40. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Dfsrdiag
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Run the Delegation of Control Wizard on the Staff OU
41. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Printer driver isolation
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement folder redirection by using GPO. Then backup the folder redirection target.
42. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Windows XP Mode
The Group Policy Management console
Configure block inheritance on the IT OU
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
43. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Multipath I/O feature
Deploy the Root CA certificate to the external computers.
FFL Windows Server 2008 R2
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
44. To enable the AD Recycle Bin
Autonomous mode...This allows the local administrator to approve their own updates.
Enable - ADoptionalFeature cmdlet
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Additional DFS Targets
45. What role to keep same time as an external server?
PDC emulator with w32tm.exe
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
46. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Implement Shadow Copies
The Group Policy Management Console
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Subnet object needs to be created
47. 4 steps to perform offline Defragmentation of AD database...
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Modify the local policy to point to the Internal WSUS server
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
48. To ensure that recovery is possible if a file on a file server is deleted accidentally
Then use Windows Deployment Services (WDS)
Implement Shadow Copies
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
49. File that contains the last logon time and custom attributes values for each user in your forest.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Deploy Microsoft System Center Operations Manager (SCOM)
Modify the schema of LDSInst1
Get-ADUser cmdlet
50. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Use Netsh tool from administrator's computer.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Winrm quickconfig
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
