SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
Group Policy Preferences
Enable - ADoptionalFeature cmdlet
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
2. To defragment and AD database...
net stop ntds
Back up to an external USB drive by using Windows Server Backup
Active Directory snapshots and Tombstone reanimation
Implement one LUN for the quorum and another LUN for the data
3. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
4. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Implement the Windows Search Service.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Modify the schema of LDSInst1
Add-ADFineGrainedPasswordPolicySubject cmdlet
5. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Implement Windows System Resource Manager (WSRM) and configure user policies
Deploy Microsoft System Center Operations Manager (SCOM)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
6. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement the Windows Search Service.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
7. If you want to allow single-label name resolution
Dsmgmt
Add the user to the Domain Admins global group
Then configure GlobalNames zones on each domain controller.
Certificate Templates
8. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
From Server1 - run the Create Basic Task Wizard
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Purchase one additional Enterprise License
9. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Administrators is the minimum group membership required to complete this procedure.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
10. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
11. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Configure caching on the shared folder and configure offline files to use encryption
Create a Network Load Balancing cluster.
12. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
13. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
Perform an authoritative restore
CAPublishGP group should have the Manage CA permission.
Enable Windows Remote Management (WinRM) on each server.
14. To restore deleted user account from AD Recycle Bin...
Offline domain join
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Configure offline files and enable manual caching
Restore-ADObject cmdlet
15. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Windows XP Mode
Microsoft System Center Data Protection Manager
DSMOD - ADUC
16. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Network Load Balancing (NLB)
Distributed File System (DFS) Replication
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploy it by using Group Policy Software Installation method
17. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Win2000 Native
Then configure GlobalNames zones on each domain controller.
18. Ensure password length for a group set to 12 characters long while others keep password policy
Back up to an external USB drive by using Windows Server Backup
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add-ADFineGrainedPasswordPolicySubject cmdlet
19. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
NOT be able to store that data on an iSCSI SAN
Use a GPO to configure device installation restrictions
Enable Windows Remote Management (WinRM) on the servers.
Incoming external trust
20. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Create and deploy a logon script that runs Auditpol.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
21. DFL is...
Incoming external trust
Win2000 Native
Implement Windows BitLocker Drive Encryption (BitLocker)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
22. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
A relying party trust should be created.
Test-AppLockerPolicy
Disable Site Link Bridging from IP Properties
23. to prevent VMs from receiving updats from a group policy
Windows Deployment Services (WDS)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
ntdsutil
24. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Modify zone transfer settings for company.com zone on DCA
Dsmgmt
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Create a Network Load Balancing cluster.
25. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Configure caching on the shared folder (offline files)
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
26. To allow connection to a 256 Kbps ISDN...
Run adprep /forestprep and adprep /domainprep
DISABLE slow link detection in the GPO
CAPublishGP group should have the Manage CA permission.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
27. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Create a standard secondary of domain and create standard secondary of other domain.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Administrators is the minimum group membership required to complete this procedure.
Autonomous mode...This allows the local administrator to approve their own updates.
28. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement Distributed File System Replication (DFSR) on both servers
Configure RODC for Administrator Role Separation
Authorization Manager
29. When service account passwords need to be changed for SQL they should be...
Create ADMX and ADML files. Configure the GPO and link it to the domain.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Changed manually
Utilize IFM (Install From Media)
30. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Multipath I/O feature
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Modify zone transfer settings for company.com zone on DCA
31. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Passive file screens
Autonomous mode...This allows the local administrator to approve their own updates.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
32. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Test-AppLockerPolicy
Install Hyper-V role and convert physical machines into virtual machines
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
33. New Password Policy needs to be created for OU different from domain password policy
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Run the Delegation of Control Wizard on the Staff OU
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
34. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
MEDV to deploy virtual desktops
Windows BitLocker Drive Encryption (Bit Locker)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
35. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Win2000 Native
36. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Configure Audit Special Logon and define Special Groups
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Run the Delegation of Control Wizard on the Staff OU
Autonomous mode...This allows the local administrator to approve their own updates.
37. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
AD Domains and Trusts
From Server1 - run the Create Basic Task Wizard
Add the user to the Domain Admins global group
38. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Autonomous mode...This allows the local administrator to approve their own updates.
Your machine and remote desktops
Configure Firewall Group Policies and link them at the Domain level
DFL needs to be Windows Server 2008
39. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Dfsrdiag
PDC emulator with w32tm.exe
40. To deploy templates across the organization
Install and share a printer on a server and then enable printer pooling.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Configure caching on the shared folder (offline files)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
41. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Then configure GlobalNames zones on each domain controller.
Install and share a printer on a server and then enable printer pooling.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Restore-ADObject cmdlet
42. Tools to view contents of an OU in an AD snapshot...
Use a GPO to configure device installation restrictions
dsa.msc - dsamain.exe - ntdsutil.exe
Configure event log subscriptions
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
43. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Active Directory Users and Computers
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Execute the Set-ADServiceAccount cmdlet
Event Viewer
44. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Jill came down with 2.50.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
45. If you need to minimize the bandwidth for installation
Add-ADFineGrainedPasswordPolicySubject cmdlet
Dsmgmt
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Utilize IFM (Install From Media)
46. Capture all replication errors from all your DCs to a central location...
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
DSMOD - ADUC
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Configure event log subscriptions
47. To determine size of AD database file...
MEDV to deploy virtual desktops
View properties of %systemroot%ntdsntds.dit
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Then use Windows Deployment Services (WDS) on DHCP1.
48. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Assign the application to computers in the PC OU
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
49. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Install Hyper-V role and convert physical machines into virtual machines
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Include a server that runs Microsoft Office SharePoint Server 2010
Site
50. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
DISABLE slow link detection in the GPO
Recommend Group Policy preferences
Incoming external trust
