SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Striped volumes
Improve the performance of File Servers
Create and deploy a logon script that runs Auditpol.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Data Recovery Agent
2. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Active Directory Domains and Trusts
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implement Network Access Protection (NAP)
Win2000
3. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Zone transfer settings
WSUS server in the branch office in replica mode.
A relying party trust should be created.
4. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Configure offline files and enable manual caching
Modify zone transfer settings for company.com zone on DCA
Create an Active Directory-Integrated zone.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
5. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
802.1.x NAP
Zone transfer settings
Create an e-mail account in AD DS for your RMS users.
Back up to an external USB drive by using Windows Server Backup
6. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Configure folder redirection
Use local roles options within "dsmgmt"
7. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Assign the application to computers in the PC OU
Configure Firewall Group Policies and link them at the Domain level
Deploy a GPO for the Sales OU
8. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Install Windows Server Backup and modify the Windows firewall settings
Administrators is the minimum group membership required to complete this procedure.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement GPO for all client computers
9. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
FFL Windows Server 2008 R2
Increase the tombstone lifetime for the forest.
Domain based Distributed File System (DFS) will reduce network traffic
10. If users complain that it is hard to find the shared folders on the network implement
Assign the application to all client computers by using a GPO.
Enable Windows Remote Management (WinRM) on the servers.
Additional DFS Targets
PowerShell 2.0
11. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
PDC emulator with w32tm.exe
Create an Active Directory-Integrated zone.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then use Windows Deployment Services (WDS) on DHCP1.
12. If you need to be able to create shared folders on Server 2008 R2
View properties of %systemroot%ntdsntds.dit
Install Hyper-V role and convert physical machines into virtual machines
Dfsrdiag
Ensure your account - or the group is a member of the local Administrators group for that specific server.
13. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Utilize IFM (Install From Media)
Install From Media IFM
MEDV to deploy virtual desktops
Winrm quickconfig
14. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Implement Windows System Resource Manager (WSRM)
Deploy a GPO for the Sales OU
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
15. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
DISABLE slow link detection in the GPO
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Group Policy Preferences
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
16. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Refresh the zone on DNS2
Dsmgmt
Create a Central Store
17. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Deploy a failover cluster that uses Node and File Share Disk Majority
Configure folder redirection
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
18. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Modify zone transfer settings for company.com zone on DCA
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure the zone as an Activde Directory-Integrated zone.
Deploy a GPO to the WebSrvOU
19. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Use local roles options within "dsmgmt"
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
20. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Disable Site Link Bridging from the IP properties
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Share and Storage Management
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
21. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Configure caching on the shared folder and configure offline files to use encryption
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
A relying party trust should be created.
22. When deploying an application using the Group Policy distribution method assign the...
Execute the Set-ADServiceAccount cmdlet
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Authorization Manager role assignment
23. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Implement a GPO for each domain
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
New ACCOUNT STORE should be added and configured
Configure the zone as an Activde Directory-Integrated zone.
24. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Configure Firewall Group Policies and link them at the Domain level
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
25. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Dfsrdiag
Win2000
Share and Storage Management
26. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Administrative Role Separation
IIS Manager user account
From Server A - run Create Basic Task Wizard
Offline domain join
27. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Disable Site Link Bridging from IP Properties
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
DFL needs to be Windows Server 2008
28. If you need to ensure that data is protected by BitLocker then you will...
Windows XP Mode
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
NOT be able to store that data on an iSCSI SAN
29. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
CAPublishGP group should have the Manage CA permission.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
30. To compact AD database...
Implement Distributed File System Replication (DFSR) on both servers
Microsoft Application Virtualization (AppV)
AD Rights Management Services
FILES option within Ntdsutil
31. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Offline domain join
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Windows Deployment Services (WDS)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
32. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add George to the Domain Admins group.
FILES option within Ntdsutil
Incoming external trust
33. UPN Suffix xxxx.com needs to be available for user accounts...
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Enable Windows Remote Management (WinRM) on the servers.
Add the new UPN Suffix to the forest
Multipath I/O feature
34. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
From Server A - run Create Basic Task Wizard
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
35. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
FFL Windows Server 2008 R2
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
ntdsutil
36. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Site
Create and deploy a logon script that runs Auditpol.
Create a standard secondary of domain and create standard secondary of other domain.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
37. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Implement Network Access Protection (NAP)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Certificate Templates
Additional DFS Targets
38. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Perform an authoritative restore
Implement GPO for all client computers
Subnet object needs to be created
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
39. For the users that work remotely that need access to files from the corporate office you should...
Back up to an external USB drive by using Windows Server Backup
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Recommend Offline Files
40. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Implement GPO for all client computers
From Server A - run Create Basic Task Wizard
Refresh the zone on DNS2
41. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
View properties of %systemroot%ntdsntds.dit
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Microsoft Desktop Optimization Pack (MDOP) to your company
42. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Implement Network Access Protection (NAP)
Create an e-mail account in AD DS for your RMS users.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
43. To configure AD FS so tokens contain information from Active Directory domain...
The Group Policy Management console
Assign the application to computers in the PC OU
New ACCOUNT STORE should be added and configured
Include a server that runs Microsoft Office SharePoint Server 2010
44. 4 steps to perform offline Defragmentation of AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Recommend Group Policy preferences
Deploy Microsoft System Center Operations Manager (SCOM)
Active Directory Right Management Services (AD RMS)
45. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Microsoft Application Virtualization (AppV)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement one LUN for the quorum and another LUN for the data
46. To add a new UPN for all user accounts...
Implement Network Access Protection (NAP) that uses 802.1x enforcement
AD Domains and Trusts
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
47. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Implement the Windows Search Service.
Deploy a GPO to the WebSrvOU
48. What should be done first to defragment the AD database?
Zone transfer settings
Run net stop ntds
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure Firewall Group Policies and link them at the Domain level
49. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Active Directory delegation
Implement GPO for all client computers
Subnet object needs to be created
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
50. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Use local roles options within "dsmgmt"
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Windows Server 2003
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)