SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Win2000 Native
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
2. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
djoin /requesteodj from internal server - djoin /provision from outside server/PC
A Distributed File System (DFS) namespace
3. To configure AD FS so tokens contain information from Active Directory domain...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure Firewall Group Policies and link them at the Domain level
Subnet object needs to be created
New ACCOUNT STORE should be added and configured
4. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
5. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install and share a printer on a server and then enable printer pooling.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
6. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrading DFS to Windows Server 2008 R2
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
7. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Windows System Resource Manager (WSRM)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
8. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Use Netsh tool from administrator's computer.
Recommend GPT and basic disks
9. When one needs to audit files - folders - printers and the registry enable
Enable Credential Roaming
Registry on users computer needs to be modified
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Incoming external trust
10. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Windows Server 2003
CAPublishGP group should have the Manage CA permission.
Create an Active Directory-Integrated zone.
Install the RSAT tool on their workstation to provide for more efficient network management
11. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Win2000
Configure offline files and enable manual caching
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
12. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Use the Local Roles options with dsmgmt.
Install and share a printer on a server and then enable printer pooling.
Configure event log subscriptions
Distributed File System (DFS) Replication
13. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Offline domain join
Implement one LUN for the quorum and another LUN for the data
Event Viewer
Ntfrsutil
14. If you need to be able to create shared folders on Server 2008 R2
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
15. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Use the Local Roles options with dsmgmt.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
16. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Create an Active Directory-Integrated zone.
Enable Credential Roaming
Modify properties of RODC server computer account.
17. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Event Subscriptions
Dfsrdiag
Incoming external trust
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
18. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure RODC for Administrator Role Separation
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
19. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
20. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Network Load Balancing (NLB) cluster
Utilize IFM (Install From Media)
Multipath I/O feature
21. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Run the Delegation of Control Wizard on the Staff OU
Implement Network Access Protection (NAP)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
22. To backup to tape/robotic tape and to backup VMs you must use...
AD RMS
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Microsoft System Center Data Protection Manager 2010
Implement folder redirection by using GPO. Then backup the folder redirection target.
23. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Configure folder redirection
Group Policy Preferences
dsa.msc - dsamain.exe - ntdsutil.exe
24. If a file server reaches 15% free disk space - you could free up some disk space by
Add the Windows Server Backup feature and Windows System Image recovery.
Software Restriction Polices
Creating a data collector set that kick off a scritp that either move or delete files.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
25. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Deploy the Root CA certificate to the external computers.
Win2000 Native
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Improve the performance of File Servers
26. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Modify zone transfer settings for company.com zone on DCA
27. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Service user account for AD LDS
Implement the Windows Search Service.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Dfsrdiag
28. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
WSUS server in the branch office in replica mode.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
FFL Windows Server 2008 R2
29. To recover objects deleted from Active Directory you should recommend
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Active Directory snapshots and Tombstone reanimation
Include a server that runs Microsoft Office SharePoint Server 2010
Windows BitLocker Drive Encryption (Bit Locker)
30. To join a server/PC outside of the domain to the network...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Use a GPO to configure device installation restrictions
Implement Windows System Resource Manager (WSRM) and configure user policies
31. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
PDC emulator with w32tm.exe
Implement Network Access Protection (NAP)
Run the Delegation of Control Wizard on the Staff OU
32. to protect file servers and hard disks that may be at risk of being accessed or stolen
Configure caching on the shared folder and configure offline files to use encryption
Implement Windows BitLocker Drive Encryption (BitLocker)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Enable Windows Remote Management (WinRM) on each server.
33. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Include a server that runs Microsoft Office SharePoint Server 2010
FFL Windows Server 2008 R2
Add the new UPN Suffix to the forest
Configure an audit policy by editing the default domain policy and configure Event Forwarding
34. To restore deleted user account from AD Recycle Bin...
Execute the Set-ADServiceAccount cmdlet
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Restore-ADObject cmdlet
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
35. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Deploy a failover cluster that uses Node and File Share Disk Majority
Prestage the computer account in AD
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
36. UPN Suffix xxxx.com needs to be available for user accounts...
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add the new UPN Suffix to the forest
Create and deploy a logon script that runs Auditpol.
37. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Dsmgmt
38. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Network Load Balancing (NLB)
Implement one LUN for the quorum and another LUN for the data
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
39. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
WDS
Use a GPO to configure device installation restrictions
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
DISABLE slow link detection in the GPO
40. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Microsoft System Center Data Protection Manager
Administrators is the minimum group membership required to complete this procedure.
41. To add a server with AD FS 2.0 role to an existing AD FS farm...
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
fsconfig on FSSrv2
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
42. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Zone transfer settings
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
43. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
MEDV to deploy virtual desktops
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
44. FFL is...
Active Directory snapshots and Tombstone reanimation
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implement Windows System Resource Manager (WSRM)
Win2000
45. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
The Group Policy Management Console
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
46. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Passive file screens
Configure caching on the shared folder (offline files)
File Server Resource Manager (FSRM) quotas and file screens
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
47. To deploy templates across the organization
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Add the new UPN suffix to the forest.
Create and deploy a logon script that runs Auditpol.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
48. To compact AD database...
Add the new UPN Suffix to the forest
FILES option within Ntdsutil
Active Directory Domains and Trusts
Disable Site Link Bridging from the IP properties
49. Striped volumes
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
A relying party trust should be created.
From Server1 - run the Create Basic Task Wizard
Improve the performance of File Servers
50. Auditing the deletion of Registry keys on all Domain Controllers
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Share and Storage Management
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
