SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy it by using Group Policy Software Installation method
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
2. To ensure that recovery is possible if a file on a file server is deleted accidentally
Get-ADUser cmdlet
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement Shadow Copies
3. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Add the Windows Server Backup feature and Windows System Image recovery.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Data Recovery Agent
Deploy a failover cluster that uses Node and File Share Disk Majority
4. What role to keep same time as an external server?
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Include a server that runs Microsoft Office SharePoint Server 2010
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
PDC emulator with w32tm.exe
5. If you want to implement BitLocker and store recovery informaiton in a central location
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement the Windows Search Service.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
6. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
The Group Policy Management console
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then install new Server 2008 R2 Enterprise subordinate CA.
7. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
802.1.x NAP
Create and deploy a logon script that runs Auditpol.
8. To update ADRMS password...
AD Rights Management Services
Test-AppLockerPolicy
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure folder redirection
9. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
DSMOD
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
10. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy it by using Group Policy Software Installation method
Deploy Microsoft System Center Operations Manager (SCOM)
Configure block inheritance on the IT OU
Deploy the Root CA certificate to the external computers.
11. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
dnscmd
DISABLE slow link detection in the GPO
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
12. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Then configure auto enrollment of certificates and Credential Roaming.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Improve the performance of File Servers
13. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
The Group Policy Management Console
Test-AppLockerPolicy
Win2000
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
14. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Configure authorization rules for Web developers on each web server
FILES option within Ntdsutil
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
15. You need to allow a user to add a single computer to a domain - without any additional rights...
Then install new Server 2008 R2 Enterprise subordinate CA.
Prestage the computer account in AD
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
16. Striped volumes
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Improve the performance of File Servers
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
17. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Install Windows Server Backup and modify the Windows firewall settings
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy Microsoft System Center Operations Manager (SCOM)
18. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Assign the application to computers in the PC OU
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
19. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Raise the DFL to Windows Server 2008 R2.
Test-AppLockerPolicy
Configure Audit Special Logon and define Special Groups
Modify the GPO to include folder redirection
20. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Implement Windows System Resource Manager (WSRM) and configure user policies
Create an e-mail account in AD DS for your RMS users.
Software Restriction Polices
Dsmgmt
21. When one needs to audit files - folders - printers and the registry enable
Microsoft SharePoint Foundation 2010
Domain based Distributed File System (DFS) will reduce network traffic
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
22. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Domain based DFS namespace and configure a DFS replication group
Deploy it by using Group Policy Software Installation method
Data Recovery Agent
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
23. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
fsconfig on FSSrv2
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
DISABLE slow link detection in the GPO
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
25. To enable the AD Recycle Bin
Microsoft SharePoint Foundation 2010
Ldp
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Enable - ADoptionalFeature cmdlet
26. If users complain that it is hard to find the shared folders on the network implement
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Implement a domain-based DFS namespace that uses replication
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Additional DFS Targets
27. To allow a user to administer Active Directory
AD Domains and Trusts
DSMOD - ADUC
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Add the user to the Domain Admins global group
28. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Active Directory Domains and Trusts
Deploy a GPO to the WebSrvOU
29. To help restrict access to Windows 7 computer in the event that it gets stolen implement
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Utilize IFM (Install From Media)
Network Load Balancing (NLB) cluster
Windows BitLocker Drive Encryption (Bit Locker)
30. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
View properties of %systemroot%ntdsntds.dit
Network Load Balancing (NLB) cluster
Basic Authentication and SSL
31. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Implement a GPO for each domain
Microsoft Application Virtualization (AppV)
Microsoft Desktop Optimization Pack (MDOP)
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
32. What should be done so application does not fail after 30 days while still keeping password policy in mind?
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Dynamically expanding VHD's
Set-ADServiceAccount cmdlet
Domain based DFS namespace and configure a DFS replication group
33. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implement Shadow Copies
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
34. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
The Group Policy Management console
Microsoft Desktop Optimization Pack (MDOP)
Distributed File System (DFS) Replication
35. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Certificate Templates
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
36. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Then configure auto enrollment of certificates and Credential Roaming.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
IIS Manager user account
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
37. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
dsa.msc - dsamain.exe - ntdsutil.exe
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
38. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Passive file screens
Deploy a failover cluster that contains one node in each office.
Enable Windows Remote Management (WinRM) on each server.
39. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Windows BitLocker Drive Encryption (Bit Locker)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement a GPO for each domain
40. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Authorization Manager role assignment
Enable Credential Roaming
Modify the local policy to point to the Internal WSUS server
Configure separate application pools for each application
41. For the users that work remotely that need access to files from the corporate office you should...
Recommend Offline Files
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
42. New Password Policy needs to be created for OU different from domain password policy
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
43. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
The Group Policy Management Console
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
dnscmd
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
44. In order to manage websites without having to logon you can use
PowerShell 2.0
Encrypting File System (EFS). This can be enabled locally or through a GPO.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Recommend GPT and basic disks
45. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
46. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Jill came down with 2.50.
Administrative Role Separation
Deploy Microsoft System Center Operations Manager (SCOM)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
47. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Create and deploy a logon script that runs Auditpol.
Implement Network Access Protection (NAP)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
48. The Computer Management snap-in allows you to create shares both on...
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Purchase one additional Enterprise License
Authorization Manager
Your machine and remote desktops
49. to increase the reliability of the print server - configure...
Printer driver isolation
Deploy a failover cluster that contains one node in each office.
Configure caching on the shared folder (offline files)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
50. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Dsmgmt
Recommend GPT and basic disks
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then use Windows Deployment Services (WDS) on DHCP1.
