SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Windows XP Mode
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
2. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Active Directory snapshots and Tombstone reanimation
Certificate Templates
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
3. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Modify the local policy to point to the Internal WSUS server
dnscmd tool
4. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure authorization rules for Web developers on each web server
Repadmin
Configure Audit Special Logon and define Special Groups
5. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Test-AppLockerPolicy
6. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Domain based DFS namespace and configure a DFS replication group
Raise the DFL to Windows Server 2008 R2.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Enable Windows Remote Management (WinRM) on each server.
7. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
8. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Recommend Active Directory delegation
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
9. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Improve the performance of File Servers
FILES option within Ntdsutil
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
An Active Directory subnet object needs to be created.
10. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
Test-AppLockerPolicy
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
11. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Install From Media IFM
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then use Windows Deployment Services (WDS) on DHCP1.
Add the Windows Server Backup feature and Windows System Image recovery.
12. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Then use on install image file that contains a single install image.
Create a Central Store
Then use Windows Deployment Services (WDS) on DHCP1.
Ldp
13. The strongest form of NAP is
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Win2000 Native
Incoming external trust
14. If you need to be able to create shared folders on Server 2008 R2
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Data Recovery Agent
15. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Incoming external trust
Microsoft Application Virtualization (AppV)
17. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
From Server A - run Create Basic Task Wizard
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Incoming external trust
Offline domain join
18. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Create a Network Load Balancing cluster.
Microsoft System Center Data Protection Manager
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
19. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Improve the performance of File Servers
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Windows Server 2003
Run net stop ntds
20. Auditing the deletion of Registry keys on all Domain Controllers
Event Log Subscriptions
Implement Distributed File System Replication (DFSR) on both servers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Incoming external trust
21. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
AD Domains and Trusts
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Dfsrdiag
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
22. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Active Directory Users and Computers
Implement Windows BitLocker Drive Encryption (BitLocker)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
From Server1 - run the Create Basic Task Wizard
23. To prevent account password from being cached on RODC server...
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Modify properties of RODC server computer account.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Add the Windows Server Backup feature and Windows System Image recovery.
24. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Active Directory Users and Computers
Microsoft Desktop Optimization Pack (MDOP)
Your machine and remote desktops
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
25. to make shares at a remote location available to users you should implement this.
Add the new UPN Suffix to the forest
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Administrators is the minimum group membership required to complete this procedure.
Domain based Distributed File System (DFS) namespace and DFS Replication.
26. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Incoming external trust
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
27. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Ntfrsutil
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Deploy Microsoft System Center Operations Manager (SCOM)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
28. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Implement one LUN for the quorum and another LUN for the data
Windows System Resource Manager (WSRM)
Include a server that runs Microsoft Office SharePoint Server 2010
Use a GPO to configure device installation restrictions
29. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Configure separate application pools for each application
File Server Resource Manager (FSRM) quotas and file screens
Deploy a GPO for the Sales OU
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
30. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Raise the DFL to Windows Server 2008 R2.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Winrm quickconfig
31. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Create a Central Store
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
32. To create and additional AD LDS applicaiton directory partition in existing instance...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Ldp
Configure caching on the shared folder (offline files)
Create ADMX and ADML files. Configure the GPO and link it to the domain.
33. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Role Separation
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
34. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
From Server A - run Create Basic Task Wizard
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
35. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Properties of PSO need modified
36. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Modify zone transfer settings for company.com zone on DCA
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Windows BitLocker Drive Encryption (Bit Locker)
37. To determine size of AD database file...
Event Log Subscriptions
View properties of %systemroot%ntdsntds.dit
Windows System Resource Manager (WSRM)
Create a Network Load Balancing cluster.
38. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Role Separation
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Create and deploy a logon script that runs Auditpol.
39. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Use a GPO to configure device installation restrictions
Repadmin
WDS
40. What GPO setting should be configured to prevent all users from running an application?
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
NOT be able to store that data on an iSCSI SAN
Implement a GPO for each domain
Software Restriction Polices
41. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
42. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Multipath I/O feature
Service user account for AD LDS
43. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Deploy a GPO for the Sales OU
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
44. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Authorization Manager role assignment
45. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Install the RSAT tool on their workstation to provide for more efficient network management
Authorization Manager role assignment
dnscmd
46. To add a server with AD FS 2.0 role to an existing AD FS farm...
Your machine and remote desktops
fsconfig on FSSrv2
Domain based DFS namespace and configure a DFS replication group
Ensure your account - or the group is a member of the local Administrators group for that specific server.
47. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Dfsrdiag
Windows Deployment Services (WDS)
48. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Deploy a failover cluster that uses Node and File Share Disk Majority
Configure caching on the shared folder (offline files)
Administrative Role Separation
DISABLE slow link detection in the GPO
49. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Enable Windows Remote Management (WinRM) on each server.
Active Directory Right Management Services (AD RMS)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
50. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure folder redirection
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
