SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Ntfrsutil
Perform an authoritative restore
2. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Event Subscriptions
Back up to an external USB drive by using Windows Server Backup
3. Tool to change Directory Services Restore Mode password on Domain Controller...
Domain based Distributed File System (DFS) will reduce network traffic
Implement one LUN for the quorum and another LUN for the data
ntdsutil
Implement Windows System Resource Manager (WSRM)
4. What shold be done to configure AD RMS so users can protect their data?
Then configure GlobalNames zones on each domain controller.
Create an e-mail account in AD DS for your RMS users
Data Recovery Agent
Microsoft System Center Data Protection Manager 2010
5. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Enable Windows Remote Management (WinRM) on the servers.
net stop ntds
Test-AppLockerPolicy
6. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Deploy a failover cluster that uses Node and File Share Disk Majority
Windows BitLocker Drive Encryption (Bit Locker)
7. To update ADRMS password...
Configure block inheritance on the IT OU
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Modify the GPO to include folder redirection
AD Rights Management Services
8. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Attach VHD file created by Windows server backup
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Modify zone transfer settings for company.com zone on DCA
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
9. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Autonomous mode...This allows the local administrator to approve their own updates.
DSMOD
Create a MEDV workspace
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
10. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Purchase one additional Enterprise License
WDS
Configure Firewall Group Policies and link them at the Domain level
11. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Subnet object needs to be created
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
12. To create and additional AD LDS applicaiton directory partition in existing instance...
Enable Windows Remote Management (WinRM) on the servers.
Ldp
Create a MEDV workspace
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
13. Auditing the deletion of Registry keys on all Domain Controllers
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Get-ADUser cmdlet
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
14. GPO setting to prevent all users from running an application
Microsoft Desktop Optimization Pack (MDOP) to your company
Windows BitLocker Drive Encryption (Bit Locker)
Software Restriction Polices
Registry on users computer needs to be modified
15. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Configure the zone as an Activde Directory-Integrated zone.
Software Restriction Polices
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Windows XP Mode
16. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Implement Windows System Resource Manager (WSRM) and configure user policies
Your machine and remote desktops
Dsmgmt
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
17. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Disable Site Link Bridging from IP Properties
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create a standard secondary of domain and create standard secondary of other domain.
Run the Delegation of Control Wizard on the Staff OU
18. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Modify the GPO to include folder redirection
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
20. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Credential Roaming
Configure caching on the shared folder (offline files)
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Configure the zone as an Activde Directory-Integrated zone.
21. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Implement folder redirection by using GPO. Then backup the folder redirection target.
Run adprep /forestprep and adprep /domainprep
22. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Add the new UPN Suffix to the forest
CAPublishGP group should have the Manage CA permission.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
dnscmd
23. If you want to implement BitLocker and store recovery informaiton in a central location
Domain based DFS namespace and configure a DFS replication group
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
24. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Enable Credential Roaming
Add the user to the Domain Admins global group
Create and deploy a logon script that runs Auditpol.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
25. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Set-ADServiceAccount cmdlet
Properties of PSO need modified
26. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Ldp
Deploy the Root CA certificate to the external computers.
Multipath I/O feature
27. To ensure that recovery is possible if a file on a file server is deleted accidentally
Microsoft Desktop Optimization Pack (MDOP) to your company
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Administrative Role Separation
Implement Shadow Copies
28. To delegate authority to users to manage only certain areas in Hyper-V use the
Software Restriction Polices
Authorization Manager role assignment
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
29. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
dsa.msc - dsamain.exe - ntdsutil.exe
30. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
IIS Manager user account
Implement Windows System Resource Manager (WSRM) and configure user policies
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
31. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy it by using Group Policy Software Installation method
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Dsmgmt
Use a GPO to configure device installation restrictions
32. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Offline domain join
Winrm quickconfig
33. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
34. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Configure offline files and enable manual caching
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement Network Access Protection (NAP) that uses 802.1x enforcement
35. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
MEDV to deploy virtual desktops
Use local roles options within "dsmgmt"
36. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Microsoft SharePoint Foundation 2010
Data Recovery Agent
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
37. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
DSMOD
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
The Group Policy Management Console
38. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Restore-ADObject cmdlet
Configure folder redirection
39. When recommending a monitoring solution for an application so that it's events can be stored in a central
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Event Subscriptions
Recommend Offline Files
Assign the application to all client computers by using a GPO.
40. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Raise the DFL to Windows Server 2008 R2.
Configure Firewall Group Policies and link them at the Domain level
Group Policy Preferences
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
42. To allow a user to administer Active Directory
An Active Directory subnet object needs to be created.
Ntdsutil
Event Subscriptions
Add the user to the Domain Admins global group
43. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Perform an authoritative restore
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Windows BitLocker Drive Encryption (Bit Locker)
44. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Active Directory Users and Computers
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Active Directory Right Management Services (AD RMS)
45. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Administrative Role Separation
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
AD Rights Management Services
Authorization Manager
46. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
Configure block inheritance on the IT OU
Modify properties of RODC server computer account.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
47. To compact AD database...
Group Policy Preferences
Configure offline files and enable manual caching
FILES option within Ntdsutil
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
48. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Install Windows Server Backup and modify the Windows firewall settings
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
49. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
50. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
FILES option within Ntdsutil
Use CISCO IP Helper command to configure.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
