SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Use CISCO IP Helper command to configure.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create a MEDV workspace
2. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Implement a GPO for each domain
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
3. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Group Policy Preferences
Deploy Microsoft System Center Operations Manager (SCOM)
Subnet object needs to be created
4. to protect file servers and hard disks that may be at risk of being accessed or stolen
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Event Subscriptions
Deploy a GPO for the Sales OU
Implement Windows BitLocker Drive Encryption (BitLocker)
5. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Active Directory snapshots and Tombstone reanimation
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
6. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Configure folder redirection
Use local roles options within "dsmgmt"
Administrators is the minimum group membership required to complete this procedure.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
7. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Printer driver isolation
DFL needs to be Windows Server 2008
Registry on users computer needs to be modified
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
8. To build a highly secure server cluster with a reduced attack surface area
AD Domains and Trusts
Basic Authentication and SSL
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
9. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Recommend GPT and basic disks
Winrm quickconfig
10. To make deploying the custom Word dictionary easy
Add the user to the Domain Admins global group
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure authorization rules for Web developers on each web server
Recommend Group Policy preferences
11. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Implement one LUN for the quorum and another LUN for the data
Implement Network Access Protection (NAP)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Distributed File System (DFS) Replication
12. To minimize the amount of storage required you should recommend
Share and Storage Management
Create a MEDV workspace
Authorization Manager role assignment
Assign the application to all client computers by using a GPO.
13. to prevent VMs from receiving updats from a group policy
Dsmgmt
Modify the local policy to point to the Internal WSUS server
Implement Distributed File System Replication (DFSR) on both servers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
14. What should be done to resolve names by using GlobalNames zone?
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Microsoft Application Virtualization (AppV)
Configure event log subscriptions
dnscmd tool
15. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Raise the DFL to Windows Server 2008 R2.
Configure caching on the shared folder and configure offline files to use encryption
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Then use Windows BitLocker Drive Encryption
16. When recommending a monitoring solution for an application so that it's events can be stored in a central
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Event Subscriptions
17. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Create a MEDV workspace
Configure folder redirection
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
18. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy the Root CA certificate to the external computers.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
19. When service account passwords need to be changed for SQL they should be...
Test-AppLockerPolicy
Changed manually
Implement folder redirection by using GPO. Then backup the folder redirection target.
Deploy it by using Group Policy Software Installation method
20. to increase the reliability of the print server - configure...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Printer driver isolation
From Server A - run Create Basic Task Wizard
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
21. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Add the new UPN Suffix to the forest
Modify the GPO to include folder redirection
Install From Media IFM
Configure authorization rules for Web developers on each web server
22. If you want to implement BitLocker and store recovery informaiton in a central location
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Configure authorization rules for Web developers on each web server
Implement Shadow Copies
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
23. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create and deploy a logon script that runs Auditpol.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
24. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
Utilize IFM (Install From Media)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Event Subscriptions
25. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Subnet object needs to be created
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
26. What shold be done to configure AD RMS so users can protect their data?
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Create an e-mail account in AD DS for your RMS users
Configure folder redirection
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
27. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Authorization Manager
Active Directory snapshots and Tombstone reanimation
28. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy a GPO for the Sales OU
Ldp
29. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
IIS Manager user account
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Windows XP Mode
30. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Event Log Subscriptions
Jill came down with 2.50.
Add the user to the Domain Admins global group
31. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Event Viewer
Use a GPO to configure device installation restrictions
Passive file screens
Microsoft Desktop Optimization Pack (MDOP) to your company
32. Auditing the deletion of Registry keys on all Domain Controllers
PowerShell 2.0
Printer driver isolation
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
33. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
DSMOD - ADUC
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
34. Need to access some resources in another domain that is part of another forest...What trust is created?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Use CISCO IP Helper command to configure.
Incoming external trust
35. In order to manage websites without having to logon you can use
Win2000
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
PowerShell 2.0
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
36. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
37. DFL is...
A Distributed File System (DFS) namespace
Windows XP Mode
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Win2000 Native
38. If you need to allow an external partner's computer to access internal network resources by using SSTP
Assign the application to computers in the PC OU
Deploy the Root CA certificate to the external computers.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
From Server A - run Create Basic Task Wizard
39. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Subnet object needs to be created
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Storage manager for SANs
40. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Dsmgmt
Creating a data collector set that kick off a scritp that either move or delete files.
Increase the tombstone lifetime for the forest.
Test-AppLockerPolicy
41. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Then install new Server 2008 R2 Enterprise subordinate CA.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Win2000 Native
42. For the users that work remotely that need access to files from the corporate office you should...
Recommend Offline Files
Use local roles options within "dsmgmt"
Include a server that runs Microsoft Office SharePoint Server 2010
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
43. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
44. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Registry on users computer needs to be modified
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
45. To ensure that a file on a file server do not leave the organization you must implement this.
Backup operator's domain local group
Implement one LUN for the quorum and another LUN for the data
Add the user to the Domain Admins global group
AD RMS
46. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Restore-ADObject cmdlet
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Create a Central Store
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
47. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Modify properties of RODC server computer account.
IIS Manager user account
Create a MEDV workspace
Distributed File System (DFS) Replication
48. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Dfsrdiag
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
49. 4 steps to perform offline Defragmentation of AD database...
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
50. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
New ACCOUNT STORE should be added and configured
Implement Distributed File System Replication (DFSR) on both servers
Zone transfer settings
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
