SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Folder redirection. Folder redirection is also useful when using roamin profiles.
Active Directory Right Management Services (AD RMS)
Create an e-mail account in AD DS for your RMS users
2. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
Raise the DFL to Windows Server 2008 R2.
Back up to an external USB drive by using Windows Server Backup
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
3. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add the Windows Server Backup feature and Windows System Image recovery.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
4. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Active Directory Right Management Services (AD RMS)
Configure block inheritance on the IT OU
Implement File Server Resource Manager (FSRM) quotas on the desired servers
5. What should be done first to defragment the AD database?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Run net stop ntds
WSUS server in the branch office in replica mode.
6. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Install and share a printer on a server and then enable printer pooling.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Then use on install image file that contains a single install image.
Windows Deployment Services (WDS)
7. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Creating a data collector set that kick off a scritp that either move or delete files.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Domain based Distributed File System (DFS) namespace and DFS Replication.
8. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
DISABLE slow link detection in the GPO
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
9. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
A Distributed File System (DFS) namespace
Network Load Balancing (NLB)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
10. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Event Subscriptions
AD Rights Management Services
Microsoft SharePoint Foundation 2010
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
11. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Authorization Manager role assignment
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure separate application pools for each application
12. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Use Netsh tool from administrator's computer.
Domain based Distributed File System (DFS) will reduce network traffic
Repadmin
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
13. When deploying an application using the Group Policy distribution method assign the...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Implement the Windows Search Service.
Add the new UPN Suffix to the forest
14. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Autonomous mode...This allows the local administrator to approve their own updates.
The Group Policy Management console
Disable Site Link Bridging from the IP properties
Deploy the Root CA certificate to the external computers.
15. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Test-AppLockerPolicy
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Configure event log subscriptions
16. Enables you to receive emails when domain users locked out of accounts...
Create a Network Load Balancing cluster.
Event Viewer
Enable Credential Roaming
Implement Windows System Resource Manager (WSRM)
17. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Software Restriction Polices
18. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
An Active Directory subnet object needs to be created.
19. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Modify the schema of LDSInst1
Role Separation
Purchase one additional Enterprise License
20. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Install the RSAT tool on their workstation to provide for more efficient network management
Event Log Subscriptions
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
21. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Configure folder redirection
Offline domain join
Deploy a failover cluster that uses Node and File Share Disk Majority
Create a Central Store
22. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
23. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Modify properties of RODC server computer account.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Disable Site Link Bridging from IP Properties
Configure separate application pools for each application
24. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Implement one LUN for the quorum and another LUN for the data
Windows BitLocker Drive Encryption (Bit Locker)
25. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Recommend Group Policy preferences
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Microsoft SharePoint Foundation 2010
26. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Disable Site Link Bridging from IP Properties
Then use Windows Deployment Services (WDS) on DHCP1.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
27. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Enable Windows Remote Management (WinRM) on each server.
Microsoft SharePoint Foundation 2010
Ntdsutil
Windows System Resource Manager (WSRM)
28. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Add George to the Domain Admins group.
Create an e-mail account in AD DS for your RMS users.
Win2000 Native
net stop ntds
29. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Test-AppLockerPolicy
30. An AD LDS instance needs to be replicated from one server to another...
Import-Module
Service user account for AD LDS
Basic Authentication and SSL
Folder redirection. Folder redirection is also useful when using roamin profiles.
31. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
PowerShell 2.0
Prestage the computer account in AD
Then use Windows Deployment Services (WDS)
32. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Assign the application to computers in the PC OU
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
33. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Disable Site Link Bridging from IP Properties
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
34. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Discover the run Microsoft Baseline Security Analyzer (MBSA)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Active Directory Right Management Services (AD RMS)
Implement a GPO for each domain
35. 2 ways to relocate user and computer accounts to different OUs
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Purchase one additional Enterprise License
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
DSMOD - ADUC
36. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Implement folder redirection by using GPO. Then backup the folder redirection target.
37. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Use the Local Roles options with dsmgmt.
Configure caching on the shared folder (offline files)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
38. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Then install new Server 2008 R2 Enterprise subordinate CA.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Share and Storage Management
Include a server that runs Microsoft Office SharePoint Server 2010
39. If you want to allow single-label name resolution
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Then configure GlobalNames zones on each domain controller.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Create a new Password Settings Object (PSO) for the IT users.
40. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Test-AppLockerPolicy
Implement one LUN for the quorum and another LUN for the data
WSUS server in the branch office in replica mode.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
41. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Jill came down with 2.50.
AD RMS
Configure Firewall Group Policies and link them at the Domain level
Use a GPO to configure device installation restrictions
42. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Modify the GPO to include folder redirection
Winrm quickconfig
Implement Network Access Protection (NAP)
AD Rights Management Services
43. To allow a user to administer Active Directory
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Get-ADUser cmdlet
Enable Windows Remote Management (WinRM) on each server.
Add the user to the Domain Admins global group
44. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Create and deploy a logon script that runs Auditpol.
Incoming external trust
Implement a domain-based DFS namespace that uses replication
Configure Firewall Group Policies and link them at the Domain level
45. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Changed manually
Dsmgmt
Additional DFS Targets
46. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
47. To identify users who bypass the new corporate security policy -
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Configure Audit Special Logon and define Special Groups
Utilize IFM (Install From Media)
Share and Storage Management
48. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement a domain-based DFS namespace that uses replication
Create and deploy a logon script that runs Auditpol.
Recommend Offline Files
49. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Disable Site Link Bridging from IP Properties
Create a standard secondary of domain and create standard secondary of other domain.
Then use Windows BitLocker Drive Encryption
50. to prevent VMs from receiving updats from a group policy
The Group Policy Management Console
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create a new Password Settings Object (PSO) for the IT users.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
