SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Recommend Group Policy preferences
Service user account for AD LDS
Assign the application to computers in the PC OU
Properties of PSO need modified
2. Striped volumes
Improve the performance of File Servers
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Refresh the zone on DNS2
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
3. Capture all replication errors from all your DCs to a central location...
Autonomous mode...This allows the local administrator to approve their own updates.
Set-ADServiceAccount cmdlet
Configure event log subscriptions
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
4. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Assign the application to computers in the PC OU
dnscmd
Use a GPO to configure device installation restrictions
Windows Server 2003
5. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
6. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
7. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Assign the application to computers in the PC OU
Then configure auto enrollment of certificates and Credential Roaming.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
FFL Windows Server 2008 R2
8. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
WDS
Configure event log subscriptions
MEDV to deploy virtual desktops
Upgrading DFS to Windows Server 2008 R2
9. To join a server/PC outside of the domain to the network...
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Deploy a failover cluster that contains one node in each office.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
10. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Set-ADServiceAccount cmdlet
Deploy it by using Group Policy Software Installation method
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
11. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install Hyper-V role and convert physical machines into virtual machines
Authorization Manager
net stop ntds
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
12. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
13. When one needs to audit files - folders - printers and the registry enable
Win2000
Configure folder redirection
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
14. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Create a Central Store
Authorization Manager
Run adprep /forestprep and adprep /domainprep
15. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Autonomous mode...This allows the local administrator to approve their own updates.
An Active Directory subnet object needs to be created.
16. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Subnet object needs to be created
Dfsrdiag
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
17. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create an e-mail account in AD DS for your RMS users
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
18. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Dfsrdiag
Raise the DFL to Windows Server 2008 R2.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
19. What should be done to resolve names by using GlobalNames zone?
Run adprep /forestprep and adprep /domainprep
Deploy it by using Group Policy Software Installation method
Purchase one additional Enterprise License
dnscmd tool
20. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Autonomous mode...This allows the local administrator to approve their own updates.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
21. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Microsoft Desktop Optimization Pack (MDOP) to your company
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
New ACCOUNT STORE should be added and configured
22. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Additional DFS Targets
Microsoft Application Virtualization (AppV)
23. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Set-ADServiceAccount cmdlet
fsconfig on FSSrv2
Event Subscriptions
24. To ensure that recovery is possible if a file on a file server is deleted accidentally
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Implement Shadow Copies
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Then use Windows Deployment Services (WDS)
25. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement Windows BitLocker Drive Encryption (BitLocker)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
26. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Install Windows Server Backup and modify the Windows firewall settings
Autonomous mode...This allows the local administrator to approve their own updates.
Disable Site Link Bridging from IP Properties
27. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Assign the application to all client computers by using a GPO.
Improve the performance of File Servers
Administrators is the minimum group membership required to complete this procedure.
28. To restore deleted user account from AD Recycle Bin...
Domain based Distributed File System (DFS) namespace and DFS Replication.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Passive file screens
Restore-ADObject cmdlet
29. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Then use Windows Deployment Services (WDS)
Role Separation
Zone transfer settings
30. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Configure event log subscriptions
Event Viewer
Zone transfer settings
31. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Authorization Manager role assignment
Configure offline files and enable manual caching
DFL needs to be Windows Server 2008
Implement a GPO for each domain
32. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
View properties of %systemroot%ntdsntds.dit
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Enable Windows Remote Management (WinRM) on each server.
33. Jack and Jill go up the hill - both with a buck and a quarter
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Add George to the Domain Admins group.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Jill came down with 2.50.
34. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Configure separate application pools for each application
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Use local roles options within "dsmgmt"
35. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Include a server that runs Microsoft Office SharePoint Server 2010
Disable Site Link Bridging from the IP properties
IIS Chared Configuration
36. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Install the RSAT tool on their workstation to provide for more efficient network management
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement Network Access Protection (NAP) that uses 802.1x enforcement
37. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure caching on the shared folder (offline files)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
38. To make deploying the custom Word dictionary easy
Service user account for AD LDS
net stop ntds
Recommend Group Policy preferences
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
39. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Basic Authentication and SSL
Purchase one additional Enterprise License
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Configure caching on the shared folder (offline files)
40. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Perform an authoritative restore
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Enable Windows Remote Management (WinRM) on the servers.
41. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
Windows Server 2003
Configure block inheritance on the IT OU
WSUS server in the branch office in replica mode.
42. 4 steps to perform offline Defragmentation of AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Microsoft SharePoint Foundation 2010
Site
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
43. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Add the user to the Domain Admins global group
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
IIS Chared Configuration
44. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
FFL Windows Server 2008 R2
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Microsoft Application Virtualization (AppV)
45. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Microsoft Desktop Optimization Pack (MDOP)
Implement Windows BitLocker Drive Encryption (BitLocker)
fsconfig on FSSrv2
46. To backup to tape/robotic tape and to backup VMs you must use...
View properties of %systemroot%ntdsntds.dit
Passive file screens
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Microsoft System Center Data Protection Manager 2010
47. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Modify the local policy to point to the Internal WSUS server
Upgrading DFS to Windows Server 2008 R2
Improve the performance of File Servers
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
48. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Use a GPO to configure device installation restrictions
Deploy a failover cluster that uses Node and File Share Disk Majority
File Server Resource Manager (FSRM) quotas and file screens
49. When service account passwords need to be changed for SQL they should be...
WDS
Changed manually
Windows BitLocker Drive Encryption (Bit Locker)
NOT be able to store that data on an iSCSI SAN
50. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Add the Windows Server Backup feature and Windows System Image recovery.
Utilize IFM (Install From Media)