SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Distributed File System (DFS) Replication
2. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy it by using Group Policy Software Installation method
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Subnet object needs to be created
3. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Administrative Role Separation
Role Separation
A relying party trust should be created.
4. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows BitLocker Drive Encryption (Bit Locker)
Microsoft Application Virtualization (AppV)
Create a Central Store
Windows Deployment Services (WDS)
5. File that contains the last logon time and custom attributes values for each user in your forest.
Printer driver isolation
Configure event log subscriptions
Get-ADUser cmdlet
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
6. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Administrators is the minimum group membership required to complete this procedure.
Folder redirection. Folder redirection is also useful when using roamin profiles.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Then use Windows BitLocker Drive Encryption
7. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
From Server1 - run the Create Basic Task Wizard
dnscmd
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
8. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
9. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement GPO for all client computers
Windows BitLocker Drive Encryption (Bit Locker)
Repadmin
10. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
File Server Resource Manager (FSRM) quotas and file screens
FFL Windows Server 2008 R2
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Event Subscriptions
11. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Repadmin
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
12. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Subnet object needs to be created
NOT be able to store that data on an iSCSI SAN
13. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Ntfrsutil
Run net stop ntds
Implement Distributed File System Replication (DFSR) on both servers
14. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Configure caching on the shared folder (offline files)
A Distributed File System (DFS) namespace
Then use Windows Deployment Services (WDS) on DHCP1.
15. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
PDC emulator with w32tm.exe
Multipath I/O feature
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Network Load Balancing (NLB) cluster
16. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
AD Rights Management Services
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
An Active Directory subnet object needs to be created.
Windows XP Mode
17. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Add the new UPN Suffix to the forest
Ntfrsutil
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
18. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Implement folder redirection by using GPO. Then backup the folder redirection target.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
19. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Modify the GPO to include folder redirection
Create an Active Directory-Integrated zone.
Implement Windows System Resource Manager (WSRM)
Modify the schema of LDSInst1
20. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Improve the performance of File Servers
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Microsoft Application Virtualization (AppV)
21. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
DFL needs to be Windows Server 2008
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
22. To deploy templates across the organization
Implement a domain-based DFS namespace that uses replication
802.1.x NAP
Active Directory Users and Computers
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
23. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Data Recovery Agent
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
24. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
MEDV to deploy virtual desktops
Configure the zone as an Activde Directory-Integrated zone.
Deploy a failover cluster that contains one node in each office.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
25. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Enable Credential Roaming
Use the Local Roles options with dsmgmt.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
26. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
27. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Basic Authentication and SSL
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Enable - ADoptionalFeature cmdlet
28. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Administrative Role Separation
Add George to the Domain Admins group.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
29. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Windows BitLocker Drive Encryption (Bit Locker)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
30. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Create an e-mail account in AD DS for your RMS users.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Implement Distributed File System Replication (DFSR) on both servers
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
31. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Modify the GPO to include folder redirection
Implement Network Access Protection (NAP)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
32. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Incoming external trust
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Set-ADServiceAccount cmdlet
33. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Increase the tombstone lifetime for the forest.
Attach VHD file created by Windows server backup
34. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create a Network Load Balancing cluster.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
35. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Configure caching on the shared folder (offline files)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
36. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Role Separation
Repadmin
Win2000 Native
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
37. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Registry on users computer needs to be modified
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
38. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Registry on users computer needs to be modified
39. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Implement the Windows Search Service.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Autonomous mode...This allows the local administrator to approve their own updates.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
40. Enables you to receive emails when domain users locked out of accounts...
Software Restriction Polices
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Event Viewer
41. Striped volumes
Modify properties of RODC server computer account.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Improve the performance of File Servers
Use Netsh tool from administrator's computer.
42. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Dynamically expanding VHD's
43. To ensure that recovery is possible if a file on a file server is deleted accidentally
Passive file screens
Deploy it by using Group Policy Software Installation method
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Implement Shadow Copies
44. 2 ways to relocate user and computer accounts to different OUs
Your machine and remote desktops
DSMOD - ADUC
Offline domain join
Implement Windows BitLocker Drive Encryption (BitLocker)
45. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Creating a data collector set that kick off a scritp that either move or delete files.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Site
Install Hyper-V role and convert physical machines into virtual machines
46. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
Implement Shadow Copies
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
47. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Ntdsutil
48. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Implement the Windows Search Service.
An Active Directory subnet object needs to be created.
49. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Implement Distributed File System Replication (DFSR) on both servers
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Upgrading DFS to Windows Server 2008 R2
50. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Administrators is the minimum group membership required to complete this procedure.
