SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Dfsrdiag
Domain based Distributed File System (DFS) namespace and DFS Replication.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
IIS Chared Configuration
2. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
802.1.x NAP
Install Hyper-V role and convert physical machines into virtual machines
Subnet object needs to be created
Implement a Remote Desktop Connection Broker (RD Connection Broker)
3. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Use CISCO IP Helper command to configure.
Enable Windows Remote Management (WinRM) on each server.
Use the Local Roles options with dsmgmt.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
4. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Windows XP Mode
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
6. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Domain based DFS namespace and configure a DFS replication group
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Create and deploy a logon script that runs Auditpol.
7. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Use CISCO IP Helper command to configure.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Domain based Distributed File System (DFS) will reduce network traffic
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
8. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
PowerShell 2.0
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
10. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Properties of PSO need modified
11. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Restore-ADObject cmdlet
Deploy Microsoft System Center Operations Manager (SCOM)
Changed manually
12. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
DSMOD - ADUC
Encrypting File System (EFS). This can be enabled locally or through a GPO.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Configure folder redirection
13. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Microsoft System Center Data Protection Manager 2010
Deploy it by using Group Policy Software Installation method
Implement one LUN for the quorum and another LUN for the data
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
14. What should be done to ensure changes made to AD objects can be logged?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Group Policy Preferences
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Perform an authoritative restore
15. To determine size of AD database file...
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use CISCO IP Helper command to configure.
View properties of %systemroot%ntdsntds.dit
WDS
16. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement a GPO for each domain
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
17. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Then use Windows BitLocker Drive Encryption
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
18. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
PowerShell 2.0
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Active Directory Domains and Trusts
Administrative Role Separation
19. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install the RSAT tool on their workstation to provide for more efficient network management
Add the new UPN Suffix to the forest
Subnet object needs to be created
20. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
From Server1 - run the Create Basic Task Wizard
net stop ntds
Add the user to the Domain Admins global group
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
21. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Your machine and remote desktops
Group Policy Preferences
Dfsrdiag
Role Separation
22. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Incoming external trust
Then use Windows BitLocker Drive Encryption
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Modify zone transfer settings for company.com zone on DCA
23. To add a server with AD FS 2.0 role to an existing AD FS farm...
fsconfig on FSSrv2
Then use on install image file that contains a single install image.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Group Policy Preferences
24. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Incoming external trust
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
25. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Data Recovery Agent
Ldp
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
26. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
27. To create AD Domain Services snapshot
Ntdsutil
Microsoft Desktop Optimization Pack (MDOP)
Configure block inheritance on the IT OU
Configure caching on the shared folder (offline files)
28. To add a new UPN for all user accounts...
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
AD Domains and Trusts
Ntfrsutil
29. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure RODC for Administrator Role Separation
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
30. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Active Directory Users and Computers utility
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
31. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
djoin /requesteodj from internal server - djoin /provision from outside server/PC
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
32. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Use local roles options within "dsmgmt"
New ACCOUNT STORE should be added and configured
Perform an authoritative restore
33. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Role Separation
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Event Log Subscriptions
34. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Add George to the Domain Admins group.
Event Log Subscriptions
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
MEDV to deploy virtual desktops
35. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Configure separate application pools for each application
Run the Delegation of Control Wizard on the Staff OU
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Dfsrdiag
36. To ensure that recovery is possible if a file on a file server is deleted accidentally
ntdsutil
Implement Shadow Copies
Modify the local policy to point to the Internal WSUS server
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
37. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Active Directory snapshots and Tombstone reanimation
Group Policy Preferences
Assign the application to computers in the PC OU
38. You need to deploy a sales application that only the sales users must have access to
Use the Local Roles options with dsmgmt.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploy a GPO for the Sales OU
39. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Restore-ADObject cmdlet
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify the local policy to point to the Internal WSUS server
40. To build a highly secure server cluster with a reduced attack surface area
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Assign the application to computers in the PC OU
41. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
MEDV to deploy virtual desktops
Zone transfer settings
42. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Microsoft Application Virtualization (AppV)
Raise the DFL to Windows Server 2008 R2.
43. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
A Distributed File System (DFS) namespace
Implement Windows System Resource Manager (WSRM)
44. To minimize the amount of storage required you should recommend
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Share and Storage Management
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
45. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Microsoft Application Virtualization (AppV)
Purchase one additional Enterprise License
The Group Policy Management console
Then install new Server 2008 R2 Enterprise subordinate CA.
46. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
47. If you need to be able to create shared folders on Server 2008 R2
DSMOD
FFL Windows Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
48. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Enable Windows Remote Management (WinRM) on the servers.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
49. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Ntfrsutil
An Active Directory subnet object needs to be created.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Your machine and remote desktops
50. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Ntdsutil
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Disable Site Link Bridging from IP Properties