SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Site
2. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure event log subscriptions
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Configure the zone as an Activde Directory-Integrated zone.
Create an e-mail account in AD DS for your RMS users.
3. To add a server with AD FS 2.0 role to an existing AD FS farm...
Get-ADUser cmdlet
Windows Server 2003
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
fsconfig on FSSrv2
4. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Deploy a GPO for the Sales OU
Assign the application to computers in the PC OU
Add the new UPN Suffix to the forest
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
5. To be able to user an application from one AD FS with authentication server to another...
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
A relying party trust should be created.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
6. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Configure RODC for Administrator Role Separation
Then use Windows BitLocker Drive Encryption
Certificate Templates
Then use on install image file that contains a single install image.
7. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Dfsrdiag
8. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Run the Delegation of Control Wizard on the Staff OU
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
9. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Group Policy Preferences
Import-Module
Software Restriction Polices
Network Load Balancing (NLB) cluster
10. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Use the Local Roles options with dsmgmt.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Subnet object needs to be created
WSUS server in the branch office in replica mode.
11. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Enable - ADoptionalFeature cmdlet
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Ntfrsutil
Create an Active Directory-Integrated zone.
12. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
13. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Raise the DFL to Windows Server 2008 R2.
IIS Manager user account
dsa.msc - dsamain.exe - ntdsutil.exe
Windows BitLocker Drive Encryption (Bit Locker)
14. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Add the new UPN suffix to the forest.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
AD RMS
15. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Modify properties of RODC server computer account.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy it by using Group Policy Software Installation method
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
16. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Subnet object needs to be created
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Microsoft Application Virtualization (AppV)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
17. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Incoming external trust
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Implement Windows System Resource Manager (WSRM) and configure user policies
Execute the Set-ADServiceAccount cmdlet
18. 4 steps to perform offline Defragmentation of AD database...
Dsmgmt
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Configure block inheritance on the IT OU
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
19. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Multipath I/O feature
Event Log Subscriptions
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
20. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement folder redirection by using GPO. Then backup the folder redirection target.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
21. In order to manage websites without having to logon you can use
Properties of PSO need modified
PowerShell 2.0
Microsoft SharePoint Foundation 2010
Jill came down with 2.50.
22. For the users that work remotely that need access to files from the corporate office you should...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Assign the application to all client computers by using a GPO.
Recommend Offline Files
23. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Run adprep /forestprep and adprep /domainprep
Basic Authentication and SSL
Enable - ADoptionalFeature cmdlet
24. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Install the RSAT tool on their workstation to provide for more efficient network management
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run net stop ntds
25. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
WDS
Configure RODC for Administrator Role Separation
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Get-ADUser cmdlet
26. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Enable - ADoptionalFeature cmdlet
Additional DFS Targets
Passive file screens
Active Directory Domains and Trusts
27. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Implement a domain-based DFS namespace that uses replication
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
28. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Basic Authentication and SSL
Implement Network Access Protection (NAP)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
29. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Offline domain join
Run the Delegation of Control Wizard on the Staff OU
Printer driver isolation
30. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Create a Central Store
Modify the GPO to include folder redirection
31. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Microsoft Desktop Optimization Pack (MDOP)
Your machine and remote desktops
Disable Site Link Bridging from IP Properties
File Server Resource Manager (FSRM) quotas and file screens
32. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Modify the local policy to point to the Internal WSUS server
The Group Policy Management Console
Create an e-mail account in AD DS for your RMS users.
33. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Configure Firewall Group Policies and link them at the Domain level
Include a server that runs Microsoft Office SharePoint Server 2010
Modify zone transfer settings for company.com zone on DCA
Add-ADFineGrainedPasswordPolicySubject cmdlet
34. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Run the Delegation of Control Wizard on the Staff OU
Add the Windows Server Backup feature and Windows System Image recovery.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Refresh the zone on DNS2
35. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Subnet object needs to be created
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Add the Windows Server Backup feature and Windows System Image recovery.
36. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Subnet object needs to be created
Install the RSAT tool on their workstation to provide for more efficient network management
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Certificate Templates
37. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Configure offline files and enable manual caching
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
38. What utility is used to see what accounts cached on RODC?
Implement GPO for all client computers
Active Directory Users and Computers
FFL Windows Server 2008 R2
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
39. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Run net stop ntds
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Microsoft Desktop Optimization Pack (MDOP)
Modify properties of RODC server computer account.
40. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Utilize IFM (Install From Media)
WSUS server in the branch office in replica mode.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Software Restriction Polices
41. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Your machine and remote desktops
Changed manually
42. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Microsoft SharePoint Foundation 2010
Create an e-mail account in AD DS for your RMS users.
PowerShell 2.0
43. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Modify the GPO to include folder redirection
Install Hyper-V role and convert physical machines into virtual machines
Assign the application to computers in the PC OU
44. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Folder redirection. Folder redirection is also useful when using roamin profiles.
Dsmgmt
Backup operator's domain local group
45. If users complain that it is hard to find the shared folders on the network implement
Increase the tombstone lifetime for the forest.
Additional DFS Targets
Restore-ADObject cmdlet
Then use on install image file that contains a single install image.
46. What should be done to ensure changes made to AD objects can be logged?
Additional DFS Targets
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Certificate Templates
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
47. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Modify properties of RODC server computer account.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
48. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
FFL Windows Server 2008 R2
An Active Directory subnet object needs to be created.
Modify zone transfer settings for company.com zone on DCA
49. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Additional DFS Targets
Deploy it by using Group Policy Software Installation method
IIS Chared Configuration
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
50. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure Audit Special Logon and define Special Groups
Add the new UPN suffix to the forest.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
