SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Windows Deployment Services (WDS)
Active Directory snapshots and Tombstone reanimation
Enable Credential Roaming
Set-ADServiceAccount cmdlet
2. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Active Directory snapshots and Tombstone reanimation
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Configure an audit policy by editing the default domain policy and configure Event Forwarding
3. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Assign the application to all client computers by using a GPO.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
4. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement one LUN for the quorum and another LUN for the data
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Enable Windows Remote Management (WinRM) on each server.
5. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Authorization Manager
Configure the zone as an Activde Directory-Integrated zone.
WSUS server in the branch office in replica mode.
Assign the application to computers in the PC OU
6. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Dfsrdiag
Basic Authentication and SSL
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
7. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implement a GPO for each domain
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Install Hyper-V role and convert physical machines into virtual machines
8. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows Deployment Services (WDS)
Windows System Resource Manager (WSRM)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
9. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Win2000
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Dfsrdiag
10. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Additional DFS Targets
fsconfig on FSSrv2
Implement the Windows Search Service.
11. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
The Group Policy Management Console
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
12. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Dfsrdiag
IIS Manager user account
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Microsoft Application Virtualization (AppV)
13. If you need to encrypt all data on all disks
Configure event log subscriptions
Then use Windows BitLocker Drive Encryption
Implement GPO for all client computers
Your machine and remote desktops
14. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
PowerShell 2.0
Modify the schema of LDSInst1
Basic Authentication and SSL
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
15. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Enable Windows Remote Management (WinRM) on each server.
Install and share a printer on a server and then enable printer pooling.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Disable Site Link Bridging from IP Properties
16. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
ntdsutil
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
17. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure offline files and enable manual caching
Then configure auto enrollment of certificates and Credential Roaming.
18. File that contains the last logon time and custom attributes values for each user in your forest.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Authorization Manager role assignment
Get-ADUser cmdlet
DISABLE slow link detection in the GPO
19. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Assign the application to computers in the PC OU
Offline domain join
Microsoft Application Virtualization (AppV)
File Server Resource Manager (FSRM) quotas and file screens
20. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Disable Site Link Bridging from the IP properties
Share and Storage Management
NOT be able to store that data on an iSCSI SAN
21. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Role Separation
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Site
22. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create an e-mail account in AD DS for your RMS users.
23. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
dsa.msc - dsamain.exe - ntdsutil.exe
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
24. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
A Distributed File System (DFS) namespace
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
25. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Run adprep /forestprep and adprep /domainprep
Implement Windows System Resource Manager (WSRM)
26. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Install Windows Server Backup and modify the Windows firewall settings
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
27. If you need to minimize the bandwidth for installation
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Utilize IFM (Install From Media)
AD RMS
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
28. To back up your Hyper-VMs and the Hyper-V host; for each VM -
AD Domains and Trusts
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement Windows System Resource Manager (WSRM) and configure user policies
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
29. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
30. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Use Netsh tool from administrator's computer.
Win2000 Native
Raise the DFL to Windows Server 2008 R2.
Modify the schema of LDSInst1
31. To determine size of AD database file...
AD Rights Management Services
View properties of %systemroot%ntdsntds.dit
Ntdsutil
Registry on users computer needs to be modified
32. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
33. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Deploy the Root CA certificate to the external computers.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Configure authorization rules for Web developers on each web server
34. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
AD Domains and Trusts
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
IIS Manager user account
Active Directory Domains and Trusts
35. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Test-AppLockerPolicy
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure separate application pools for each application
36. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Repadmin
Purchase one additional Enterprise License
Event Log Subscriptions
Recommend Offline Files
37. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Repadmin
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Implement one LUN for the quorum and another LUN for the data
38. DFL is...
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Win2000 Native
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Implement Distributed File System Replication (DFSR) on both servers
39. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Jill came down with 2.50.
Modify properties of RODC server computer account.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
40. 2 ways to relocate user and computer accounts to different OUs
Restore-ADObject cmdlet
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Create a MEDV workspace
DSMOD - ADUC
41. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
DISABLE slow link detection in the GPO
Storage manager for SANs
dnscmd
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
42. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Recommend Active Directory delegation
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Configure RODC for Administrator Role Separation
43. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Use CISCO IP Helper command to configure.
Then install new Server 2008 R2 Enterprise subordinate CA.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
NOT be able to store that data on an iSCSI SAN
44. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Test-AppLockerPolicy
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
45. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Configure caching on the shared folder (offline files)
46. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy a failover cluster that uses Node and File Share Disk Majority
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Deploy the Root CA certificate to the external computers.
Create a MEDV workspace
47. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
From Server1 - run the Create Basic Task Wizard
Add the user to the Domain Admins global group
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Increase the tombstone lifetime for the forest.
48. Jack and Jill go up the hill - both with a buck and a quarter
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Jill came down with 2.50.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
49. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Deploy a GPO for the Sales OU
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Microsoft System Center Data Protection Manager
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
50. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
PDC emulator with w32tm.exe
Then use Windows BitLocker Drive Encryption
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
