SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To configure Administrator Role Separation for an RODC
Windows Server 2003
Winrm quickconfig
From Server1 - run the Create Basic Task Wizard
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
2. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Get-ADUser cmdlet
Install the RSAT tool on their workstation to provide for more efficient network management
Then use Windows Deployment Services (WDS) on DHCP1.
3. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Domain based Distributed File System (DFS) will reduce network traffic
Network Load Balancing (NLB) cluster
Prestage the computer account in AD
4. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Recommend GPT and basic disks
Incoming external trust
5. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Active Directory Right Management Services (AD RMS)
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Dsmgmt
6. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. To backup Virtual Machines
Windows BitLocker Drive Encryption (Bit Locker)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Service user account for AD LDS
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
8. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Active Directory Users and Computers
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
9. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Then use Windows Deployment Services (WDS)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Dsmgmt
10. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Creating a data collector set that kick off a scritp that either move or delete files.
NOT be able to store that data on an iSCSI SAN
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
11. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Modify the local policy to point to the Internal WSUS server
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Then use Windows BitLocker Drive Encryption
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
12. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Deploy a GPO for the Sales OU
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
13. If you want to allow single-label name resolution
Refresh the zone on DNS2
Subnet object needs to be created
Then configure GlobalNames zones on each domain controller.
Folder redirection. Folder redirection is also useful when using roamin profiles.
14. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Domain based Distributed File System (DFS) namespace and DFS Replication.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Implement Distributed File System Replication (DFSR) on both servers
Deploy a failover cluster that contains one node in each office.
15. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Run adprep /forestprep and adprep /domainprep
From Server A - run Create Basic Task Wizard
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
16. To recover objects deleted from Active Directory you should recommend
Domain based Distributed File System (DFS) namespace and DFS Replication.
Incoming external trust
Event Subscriptions
Active Directory snapshots and Tombstone reanimation
17. GPO setting to prevent all users from running an application
AD Rights Management Services
Properties of PSO need modified
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Software Restriction Polices
18. If you need to delegate control of server to remote admins group
Configure authorization rules for Web developers on each web server
Configure caching on the shared folder and configure offline files to use encryption
Configure RODC for Administrator Role Separation
Autonomous mode...This allows the local administrator to approve their own updates.
19. What should be done to ensure changes made to AD objects can be logged?
Get-ADUser cmdlet
A relying party trust should be created.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure the zone as an Activde Directory-Integrated zone.
20. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Microsoft Desktop Optimization Pack (MDOP)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Event Viewer
21. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
File Server Resource Manager (FSRM) quotas and file screens
Then use Windows Deployment Services (WDS)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
22. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
WSUS server in the branch office in replica mode.
Service user account for AD LDS
DSMOD - ADUC
23. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Microsoft Application Virtualization (AppV)
PowerShell 2.0
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
24. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Active Directory Domains and Trusts
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
25. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Then configure GlobalNames zones on each domain controller.
Implement GPO for all client computers
Implement a Remote Desktop Connection Broker (RD Connection Broker)
26. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Run net stop ntds
Certificate Templates
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
27. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Get-ADUser cmdlet
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Microsoft System Center Data Protection Manager
28. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
An Active Directory subnet object needs to be created.
Implement Distributed File System Replication (DFSR) on both servers
Run the Delegation of Control Wizard on the Staff OU
29. To ensure that a file on a file server do not leave the organization you must implement this.
Your machine and remote desktops
djoin /requesteodj from internal server - djoin /provision from outside server/PC
AD RMS
Group Policy Preferences
30. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
31. 2 ways to relocate user and computer accounts to different OUs
Microsoft System Center Data Protection Manager 2010
Properties of PSO need modified
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
DSMOD - ADUC
32. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
FILES option within Ntdsutil
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Test-AppLockerPolicy
Data Recovery Agent
33. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Create a new Password Settings Object (PSO) for the IT users.
34. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Implement a domain-based DFS namespace that uses replication
From Server1 - run the Create Basic Task Wizard
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
36. To join a server/PC outside of the domain to the network...
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add George to the Domain Admins group.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
37. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
AD RMS
38. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
39. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Implement Windows System Resource Manager (WSRM)
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
40. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Add the user to the Domain Admins global group
41. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Basic Authentication and SSL
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Get-ADUser cmdlet
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
42. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Implement Network Access Protection (NAP)
Windows XP Mode
43. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
dsa.msc - dsamain.exe - ntdsutil.exe
Configure Audit Special Logon and define Special Groups
44. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Create a Central Store
Microsoft System Center Data Protection Manager
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
MEDV to deploy virtual desktops
45. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Run net stop ntds
Then configure auto enrollment of certificates and Credential Roaming.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
46. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Windows XP Mode
Implement Windows BitLocker Drive Encryption (BitLocker)
Improve the performance of File Servers
Configure the zone as an Activde Directory-Integrated zone.
47. An AD LDS instance needs to be replicated from one server to another...
Use CISCO IP Helper command to configure.
dnscmd
Service user account for AD LDS
Microsoft SharePoint Foundation 2010
48. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Basic Authentication and SSL
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Authorization Manager
49. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Configure block inheritance on the IT OU
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Win2000
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
50. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Network Load Balancing (NLB) cluster
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Disable Site Link Bridging from IP Properties
Basic Authentication and SSL
