SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Implement a GPO for each domain
Windows Server 2003
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Active Directory Users and Computers
2. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Winrm quickconfig
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Dsmgmt
Certificate Templates
3. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Encrypting File System (EFS). This can be enabled locally or through a GPO.
4. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Configure offline files and enable manual caching
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Use a GPO to configure device installation restrictions
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
5. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
DSMOD - ADUC
Windows XP Mode
Administrators is the minimum group membership required to complete this procedure.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
6. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Execute the Set-ADServiceAccount cmdlet
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
The Group Policy Management Console
7. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Win2000 Native
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Implement Windows System Resource Manager (WSRM)
8. An AD LDS instance needs to be replicated from one server to another...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Multipath I/O feature
Service user account for AD LDS
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
9. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
dnscmd tool
Create an e-mail account in AD DS for your RMS users
10. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Administrative Role Separation
Improve the performance of File Servers
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
11. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Windows BitLocker Drive Encryption (Bit Locker)
Install Windows Server Backup and modify the Windows firewall settings
MEDV to deploy virtual desktops
12. To backup to tape/robotic tape and to backup VMs you must use...
Configure separate application pools for each application
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Microsoft System Center Data Protection Manager 2010
Raise the DFL to Windows Server 2008 R2.
13. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Registry on users computer needs to be modified
Utilize IFM (Install From Media)
Test-AppLockerPolicy
Administrative Role Separation
14. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Software Restriction Polices
dnscmd tool
Disable Site Link Bridging from the IP properties
15. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
View properties of %systemroot%ntdsntds.dit
Basic Authentication and SSL
Use local roles options within "dsmgmt"
16. FFL is...
Increase the tombstone lifetime for the forest.
Software Restriction Polices
Deploy a failover cluster that contains one node in each office.
Win2000
17. to make shares at a remote location available to users you should implement this.
Then use Windows BitLocker Drive Encryption
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Modify properties of RODC server computer account.
18. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrading DFS to Windows Server 2008 R2
Implement Windows System Resource Manager (WSRM) and configure user policies
Network Load Balancing (NLB)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
19. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement Windows System Resource Manager (WSRM) and configure user policies
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
20. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Modify the local policy to point to the Internal WSUS server
Basic Authentication and SSL
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
21. For the users that work remotely that need access to files from the corporate office you should...
Role Separation
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Recommend Offline Files
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
22. To make deploying the custom Word dictionary easy
Implement a domain-based DFS namespace that uses replication
Recommend Group Policy preferences
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Ldp
23. What should be done first to defragment the AD database?
Modify the schema of LDSInst1
Run net stop ntds
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
24. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
dsa.msc - dsamain.exe - ntdsutil.exe
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
25. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Basic Authentication and SSL
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement GPO for all client computers
Implement a domain-based DFS namespace that uses replication
26. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Raise the DFL to Windows Server 2008 R2.
Configure caching on the shared folder (offline files)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement Distributed File System Replication (DFSR) on both servers
27. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
28. To add a server with AD FS 2.0 role to an existing AD FS farm...
Implement Distributed File System Replication (DFSR) on both servers
fsconfig on FSSrv2
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Jill came down with 2.50.
29. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Additional DFS Targets
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
30. 4 steps to perform offline Defragmentation of AD database...
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Add the new UPN Suffix to the forest
31. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Disable Site Link Bridging from IP Properties
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
32. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Then use Windows BitLocker Drive Encryption
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Data Recovery Agent
Repadmin
33. To restore deleted user account from AD Recycle Bin...
Use a GPO to configure device installation restrictions
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Restore-ADObject cmdlet
Microsoft Desktop Optimization Pack (MDOP)
34. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Properties of PSO need modified
Configure block inheritance on the IT OU
Add the Windows Server Backup feature and Windows System Image recovery.
35. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Ntdsutil
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
36. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Incoming external trust
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
IIS Chared Configuration
37. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Active Directory snapshots and Tombstone reanimation
Then use on install image file that contains a single install image.
Run the Delegation of Control Wizard on the Staff OU
MEDV to deploy virtual desktops
38. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Incoming external trust
Discover the run Microsoft Baseline Security Analyzer (MBSA)
39. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Event Log Subscriptions
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Windows BitLocker Drive Encryption (Bit Locker)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
40. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
dsa.msc - dsamain.exe - ntdsutil.exe
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement a domain-based DFS namespace that uses replication
41. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
From Server A - run Create Basic Task Wizard
Raise the DFL to Windows Server 2008 R2.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Network Access Protection (NAP)
42. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Create a new Password Settings Object (PSO) for the IT users.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
43. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
44. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Improve the performance of File Servers
Software Restriction Polices
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
45. Striped volumes
Improve the performance of File Servers
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Ntfrsutil
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
46. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Group Policy Preferences
Share and Storage Management
Multipath I/O feature
Refresh the zone on DNS2
47. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Implement folder redirection by using GPO. Then backup the folder redirection target.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Then configure GlobalNames zones on each domain controller.
Deploy the Root CA certificate to the external computers.
48. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Raise the DFL to Windows Server 2008 R2.
Then use Windows BitLocker Drive Encryption
Properties of PSO need modified
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
49. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Administrators is the minimum group membership required to complete this procedure.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
50. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Use Netsh tool from administrator's computer.
Event Subscriptions
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
