SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Assign the application to all client computers by using a GPO.
Execute the Set-ADServiceAccount cmdlet
Use local roles options within "dsmgmt"
2. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Domain based Distributed File System (DFS) will reduce network traffic
Dfsrdiag
Configure authorization rules for Web developers on each web server
3. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Windows XP Mode
Microsoft System Center Data Protection Manager 2010
Test-AppLockerPolicy
4. What shold be done to configure AD RMS so users can protect their data?
Disable Site Link Bridging from IP Properties
Create ADMX and ADML files. Configure the GPO and link it to the domain.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create an e-mail account in AD DS for your RMS users
5. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Back up to an external USB drive by using Windows Server Backup
Create a standard secondary of domain and create standard secondary of other domain.
6. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Dsmgmt
Recommend GPT and basic disks
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
7. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Active Directory snapshots and Tombstone reanimation
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
8. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
View properties of %systemroot%ntdsntds.dit
Jill came down with 2.50.
DFL needs to be Windows Server 2008
9. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
A Distributed File System (DFS) namespace
10. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. New password settings object (PSO) created and needs to be applied to user
Implement Shadow Copies
Zone transfer settings
Properties of PSO need modified
Raise the DFL to Windows Server 2008 R2.
12. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Create a standard secondary of domain and create standard secondary of other domain.
13. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
New ACCOUNT STORE should be added and configured
View properties of %systemroot%ntdsntds.dit
14. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create an Active Directory-Integrated zone.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
15. To enable the AD Recycle Bin
Encrypting File System (EFS). This can be enabled locally or through a GPO.
An Active Directory subnet object needs to be created.
Enable - ADoptionalFeature cmdlet
IIS Chared Configuration
16. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Add the new UPN Suffix to the forest
Deploy it by using Group Policy Software Installation method
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Create a Central Store
17. If you want to allow single-label name resolution
Then configure GlobalNames zones on each domain controller.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Import-Module
Microsoft Desktop Optimization Pack (MDOP)
18. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Test-AppLockerPolicy
View properties of %systemroot%ntdsntds.dit
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
19. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Zone transfer settings
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Active Directory Users and Computers utility
20. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Basic Authentication and SSL
Site
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
21. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Run adprep /forestprep and adprep /domainprep
Domain based Distributed File System (DFS) will reduce network traffic
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
22. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Create an e-mail account in AD DS for your RMS users.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Test-AppLockerPolicy
Attach VHD file created by Windows server backup
23. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Windows BitLocker Drive Encryption (Bit Locker)
Modify the local policy to point to the Internal WSUS server
Run the Delegation of Control Wizard on the Staff OU
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
24. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Use a GPO to configure device installation restrictions
Create a standard secondary of domain and create standard secondary of other domain.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
25. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
26. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Recommend GPT and basic disks
Registry on users computer needs to be modified
27. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Registry on users computer needs to be modified
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Modify the GPO to include folder redirection
28. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Implement Distributed File System Replication (DFSR) on both servers
Offline domain join
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
29. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
DSMOD
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
30. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Enable - ADoptionalFeature cmdlet
Dfsrdiag
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Network Load Balancing (NLB) cluster
31. To add a new UPN for all user accounts...
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Windows BitLocker Drive Encryption (BitLocker)
Implement folder redirection by using GPO. Then backup the folder redirection target.
AD Domains and Trusts
32. Auditing the deletion of Registry keys on all Domain Controllers
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Run net stop ntds
Implement GPO for all client computers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
33. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Refresh the zone on DNS2
Implement a GPO for each domain
34. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy a GPO to the WebSrvOU
35. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Then use on install image file that contains a single install image.
Disable Site Link Bridging from IP Properties
36. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
FFL Windows Server 2008 R2
Recommend Group Policy preferences
Recommend GPT and basic disks
37. What GPO setting should be configured to prevent all users from running an application?
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Software Restriction Polices
Import-Module
38. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Incoming external trust
Import-Module
Windows XP Mode
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
39. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Win2000 Native
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
dsa.msc - dsamain.exe - ntdsutil.exe
40. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Recommend Group Policy preferences
DFL needs to be Windows Server 2008
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Assign the application to all client computers by using a GPO.
41. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Add-ADFineGrainedPasswordPolicySubject cmdlet
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Domain based DFS namespace and configure a DFS replication group
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
43. Tool to change Directory Services Restore Mode password on Domain Controller...
Execute the Set-ADServiceAccount cmdlet
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
ntdsutil
44. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install Hyper-V role and convert physical machines into virtual machines
Ntdsutil
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Windows XP Mode
45. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Add George to the Domain Admins group.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
46. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Windows BitLocker Drive Encryption (Bit Locker)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Recommend Active Directory delegation
47. PowerShell script to create user accounts with passwords from a file called password.csv
DSMOD
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
48. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create a MEDV workspace
Implement GPO for all client computers
Active Directory Users and Computers
49. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Domain based Distributed File System (DFS) will reduce network traffic
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
50. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Then use Windows Deployment Services (WDS)
