SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
dnscmd tool
Deploy a GPO for the Sales OU
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Prestage the computer account in AD
2. To make deploying the custom Word dictionary easy
Use the Local Roles options with dsmgmt.
Recommend Group Policy preferences
Modify the GPO to include folder redirection
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
3. GPO setting to prevent all users from running an application
Refresh the zone on DNS2
Software Restriction Polices
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
4. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Add the Windows Server Backup feature and Windows System Image recovery.
5. When service account passwords need to be changed for SQL they should be...
Changed manually
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Use the Local Roles options with dsmgmt.
Site
6. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Software Restriction Polices
IIS Manager user account
Windows Server 2003
7. to make shares at a remote location available to users you should implement this.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Domain based Distributed File System (DFS) namespace and DFS Replication.
Software Restriction Polices
Disable Site Link Bridging from IP Properties
8. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Execute the Set-ADServiceAccount cmdlet
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Install and share a printer on a server and then enable printer pooling.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
9. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
Software Restriction Polices
CAPublishGP group should have the Manage CA permission.
From Server A - run Create Basic Task Wizard
10. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Dynamically expanding VHD's
Implement Distributed File System Replication (DFSR) on both servers
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Microsoft SharePoint Foundation 2010
11. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
IIS Manager user account
12. If you need to ensure that data is protected by BitLocker then you will...
Microsoft Desktop Optimization Pack (MDOP) to your company
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
NOT be able to store that data on an iSCSI SAN
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
13. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure the zone as an Activde Directory-Integrated zone.
Event Log Subscriptions
14. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Administrators is the minimum group membership required to complete this procedure.
Winrm quickconfig
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Back up to an external USB drive by using Windows Server Backup
15. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
ntdsutil
Domain based DFS namespace and configure a DFS replication group
Raise the DFL to Windows Server 2008 R2.
Windows Deployment Services (WDS)
16. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Configure Firewall Group Policies and link them at the Domain level
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
17. What should be done to ensure changes made to AD objects can be logged?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
18. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Create a new Password Settings Object (PSO) for the IT users.
Configure caching on the shared folder (offline files)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Dfsrdiag
19. To add a new UPN for all user accounts...
AD Domains and Trusts
Add the Windows Server Backup feature and Windows System Image recovery.
Backup operator's domain local group
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
20. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Windows Server 2003
Modify the schema of LDSInst1
Modify properties of RODC server computer account.
21. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Printer driver isolation
Authorization Manager
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
22. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Storage manager for SANs
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Passive file screens
Create ADMX and ADML files. Configure the GPO and link it to the domain.
23. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
24. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Utilize IFM (Install From Media)
AD RMS
Test-AppLockerPolicy
25. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Configure block inheritance on the IT OU
Run auditpol and then configure the Security settings of the Domain Controllers OU.
26. The strongest form of NAP is
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Increase the tombstone lifetime for the forest.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Create a Central Store
27. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Site
Incoming external trust
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
28. When one needs to audit files - folders - printers and the registry enable
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
29. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
CAPublishGP group should have the Manage CA permission.
From Server1 - run the Create Basic Task Wizard
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then configure auto enrollment of certificates and Credential Roaming.
30. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Distributed File System (DFS) Replication
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement a domain-based DFS namespace that uses replication
31. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Raise the DFL to Windows Server 2008 R2.
Network Load Balancing (NLB) cluster
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
32. To minimize the amount of storage required you should recommend
Site
Share and Storage Management
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
33. What should be done first to defragment the AD database?
Configure the zone as an Activde Directory-Integrated zone.
Run net stop ntds
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
34. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Dfsrdiag
35. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Creating a data collector set that kick off a scritp that either move or delete files.
Ntfrsutil
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
36. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Windows System Resource Manager (WSRM)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
37. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
dnscmd tool
Autonomous mode...This allows the local administrator to approve their own updates.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
38. New Password Policy needs to be created for OU different from domain password policy
Administrative Role Separation
From Server A - run Create Basic Task Wizard
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Add-ADFineGrainedPasswordPolicySubject cmdlet
39. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. File that contains the last logon time and custom attributes values for each user in your forest.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement Windows BitLocker Drive Encryption (BitLocker)
Get-ADUser cmdlet
41. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Use CISCO IP Helper command to configure.
WDS
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
42. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Then configure GlobalNames zones on each domain controller.
802.1.x NAP
Microsoft Desktop Optimization Pack (MDOP)
Create a new Password Settings Object (PSO) for the IT users.
43. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Create an e-mail account in AD DS for your RMS users
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Group Policy Preferences
44. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Zone transfer settings
DFL needs to be Windows Server 2008
Jill came down with 2.50.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
45. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Implement the Windows Search Service.
PDC emulator with w32tm.exe
Basic Authentication and SSL
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
46. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Printer driver isolation
Purchase one additional Enterprise License
Test-AppLockerPolicy
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
47. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Add the new UPN suffix to the forest.
FILES option within Ntdsutil
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure offline files and enable manual caching
48. Enables you to receive emails when domain users locked out of accounts...
Add the new UPN suffix to the forest.
Event Viewer
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Dfsrdiag
49. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
AD RMS
Passive file screens
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
50. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Add-ADFineGrainedPasswordPolicySubject cmdlet