SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
fsconfig on FSSrv2
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
2. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Deploy the Root CA certificate to the external computers.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
IIS Manager user account
3. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
PDC emulator with w32tm.exe
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
DSMOD
Ldp
4. To add a server with AD FS 2.0 role to an existing AD FS farm...
fsconfig on FSSrv2
Implement folder redirection by using GPO. Then backup the folder redirection target.
Use local roles options within "dsmgmt"
Zone transfer settings
5. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
CAPublishGP group should have the Manage CA permission.
Microsoft System Center Data Protection Manager
6. File that contains the last logon time and custom attributes values for each user in your forest.
The Group Policy Management console
Get-ADUser cmdlet
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Your machine and remote desktops
7. When one needs to audit files - folders - printers and the registry enable
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Configure RODC for Administrator Role Separation
Share and Storage Management
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
8. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
The Group Policy Management console
9. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Modify zone transfer settings for company.com zone on DCA
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
10. To build a highly secure server cluster with a reduced attack surface area
Enable Windows Remote Management (WinRM) on each server.
Create an Active Directory-Integrated zone.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Implement Windows System Resource Manager (WSRM) and configure user policies
11. GPO setting to prevent all users from running an application
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Software Restriction Polices
Microsoft System Center Data Protection Manager
Autonomous mode...This allows the local administrator to approve their own updates.
12. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Add the new UPN suffix to the forest.
Create a Central Store
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
13. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
DISABLE slow link detection in the GPO
Configure block inheritance on the IT OU
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
14. You need to deploy a sales application that only the sales users must have access to
IIS Manager user account
Raise the DFL to Windows Server 2008 R2.
Use a GPO to configure device installation restrictions
Deploy a GPO for the Sales OU
15. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Implement a domain-based DFS namespace that uses replication
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Increase the tombstone lifetime for the forest.
Upgrading DFS to Windows Server 2008 R2
16. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Modify the schema of LDSInst1
From Server1 - run the Create Basic Task Wizard
Then use on install image file that contains a single install image.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
17. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Administrative Role Separation
WDS
Dfsrdiag
Active Directory Users and Computers utility
18. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement folder redirection by using GPO. Then backup the folder redirection target.
An Active Directory subnet object needs to be created.
Ntfrsutil
19. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
From Server1 - run the Create Basic Task Wizard
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
20. to make shares at a remote location available to users you should implement this.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Perform an authoritative restore
Create a new Password Settings Object (PSO) for the IT users.
21. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
22. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Configure block inheritance on the IT OU
Offline domain join
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Certificate Templates
23. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Autonomous mode...This allows the local administrator to approve their own updates.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
24. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
Create a Central Store
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
25. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
View properties of %systemroot%ntdsntds.dit
Configure block inheritance on the IT OU
Create a new Password Settings Object (PSO) for the IT users.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
26. To determine size of AD database file...
Configure event log subscriptions
Refresh the zone on DNS2
dnscmd
View properties of %systemroot%ntdsntds.dit
27. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Then use on install image file that contains a single install image.
Purchase one additional Enterprise License
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
28. If you need to ensure that data is protected by BitLocker then you will...
Add the new UPN suffix to the forest.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Install Windows Server Backup and modify the Windows firewall settings
NOT be able to store that data on an iSCSI SAN
29. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Add the Windows Server Backup feature and Windows System Image recovery.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
30. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
31. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Windows BitLocker Drive Encryption (Bit Locker)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Then use Windows BitLocker Drive Encryption
Then use on install image file that contains a single install image.
32. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Implement a domain-based DFS namespace that uses replication
Dfsrdiag
Add the new UPN suffix to the forest.
Configure separate application pools for each application
33. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Raise the DFL to Windows Server 2008 R2.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
34. To be able to manage all the corporate servers from a workstation - you must install the
Create an e-mail account in AD DS for your RMS users.
ntdsutil
Deploy a GPO to the WebSrvOU
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
35. To identify users who bypass the new corporate security policy -
Implement Windows BitLocker Drive Encryption (BitLocker)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Configure Audit Special Logon and define Special Groups
Run net stop ntds
36. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Win2000 Native
Passive file screens
Site
Active Directory snapshots and Tombstone reanimation
37. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Use the Local Roles options with dsmgmt.
From Server1 - run the Create Basic Task Wizard
Certificate Templates
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
38. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
39. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Microsoft System Center Data Protection Manager 2010
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
40. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
FFL Windows Server 2008 R2
Then use Windows Deployment Services (WDS)
Subnet object needs to be created
41. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Microsoft Desktop Optimization Pack (MDOP)
Distributed File System (DFS) Replication
Perform an authoritative restore
Then use Windows BitLocker Drive Encryption
42. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Configure the zone as an Activde Directory-Integrated zone.
Modify the schema of LDSInst1
Then configure GlobalNames zones on each domain controller.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
43. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Certificate Templates
Enable - ADoptionalFeature cmdlet
Implement Windows System Resource Manager (WSRM) and configure user policies
Deploy a failover cluster that uses Node and File Share Disk Majority
44. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Purchase one additional Enterprise License
45. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Basic Authentication and SSL
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Raise the DFL to Windows Server 2008 R2.
46. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Assign the application to all client computers by using a GPO.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Modify the GPO to include folder redirection
Configure caching on the shared folder (offline files)
47. What utility is used to see what accounts cached on RODC?
Recommend Offline Files
Active Directory Users and Computers
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy Microsoft System Center Operations Manager (SCOM)
48. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Deploy the Root CA certificate to the external computers.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Software Restriction Polices
49. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Distributed File System (DFS) Replication
Run adprep /forestprep and adprep /domainprep
50. You need to relocate an AD LDS instance from C: Drive to D: Drive
Microsoft System Center Data Protection Manager
Then configure GlobalNames zones on each domain controller.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
