SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Domain based DFS namespace and configure a DFS replication group
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
2. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure the zone as an Activde Directory-Integrated zone.
Enable Windows Remote Management (WinRM) on each server.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
3. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
ntdsutil
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
CAPublishGP group should have the Manage CA permission.
4. FFL is...
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Deploy it by using Group Policy Software Installation method
Win2000
Software Restriction Polices
5. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Test-AppLockerPolicy
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
dnscmd tool
6. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
FILES option within Ntdsutil
Basic Authentication and SSL
Create an e-mail account in AD DS for your RMS users.
Autonomous mode...This allows the local administrator to approve their own updates.
7. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Then configure GlobalNames zones on each domain controller.
Deploy a failover cluster that contains one node in each office.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Win2000
8. To ensure that a file on a file server do not leave the organization you must implement this.
Get-ADUser cmdlet
Improve the performance of File Servers
Windows BitLocker Drive Encryption (Bit Locker)
AD RMS
9. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Jill came down with 2.50.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Use local roles options within "dsmgmt"
10. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Configure RODC for Administrator Role Separation
Add George to the Domain Admins group.
11. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Utilize IFM (Install From Media)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
DSMOD
Modify the GPO to include folder redirection
12. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Add the user to the Domain Admins global group
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
13. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Disable Site Link Bridging from the IP properties
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Printer driver isolation
14. to protect file servers and hard disks that may be at risk of being accessed or stolen
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Microsoft Desktop Optimization Pack (MDOP)
Implement Windows BitLocker Drive Encryption (BitLocker)
15. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
From Server1 - run the Create Basic Task Wizard
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
17. To modify several user accounts to a new UPN suffix
Configure event log subscriptions
Active Directory Users and Computers utility
Printer driver isolation
Create and deploy a logon script that runs Auditpol.
18. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
AD RMS
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Then install new Server 2008 R2 Enterprise subordinate CA.
19. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
ntdsutil
Active Directory Right Management Services (AD RMS)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Configure caching on the shared folder and configure offline files to use encryption
20. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Implement Shadow Copies
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
dnscmd
21. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Configure the zone as an Activde Directory-Integrated zone.
Event Subscriptions
WSUS server in the branch office in replica mode.
22. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Windows System Resource Manager (WSRM)
802.1.x NAP
Offline domain join
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
23. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Backup operator's domain local group
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
24. If you need to encrypt all data on all disks
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure event log subscriptions
Then use Windows BitLocker Drive Encryption
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
25. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Active Directory Users and Computers utility
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then configure GlobalNames zones on each domain controller.
Increase the tombstone lifetime for the forest.
26. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Implement GPO for all client computers
Assign the application to all client computers by using a GPO.
Import-Module
27. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Active Directory Users and Computers utility
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
ntdsutil
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
28. To be able to manage all the corporate servers from a workstation - you must install the
Dynamically expanding VHD's
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement GPO for all client computers
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
29. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Then use Windows Deployment Services (WDS) on DHCP1.
Create an e-mail account in AD DS for your RMS users.
Data Recovery Agent
Group Policy Preferences
30. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Assign the application to all client computers by using a GPO.
net stop ntds
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Disable Site Link Bridging from IP Properties
32. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Administrators is the minimum group membership required to complete this procedure.
View properties of %systemroot%ntdsntds.dit
Create an Active Directory-Integrated zone.
33. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Enable - ADoptionalFeature cmdlet
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
34. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Storage manager for SANs
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
35. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Attach VHD file created by Windows server backup
36. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
View properties of %systemroot%ntdsntds.dit
ntdsutil
Refresh the zone on DNS2
37. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Win2000 Native
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Modify properties of RODC server computer account.
38. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Win2000
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
39. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Data Recovery Agent
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install Windows Server Backup and modify the Windows firewall settings
40. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then configure auto enrollment of certificates and Credential Roaming.
Storage manager for SANs
41. An AD LDS instance needs to be replicated from one server to another...
Configure caching on the shared folder and configure offline files to use encryption
Purchase one additional Enterprise License
Service user account for AD LDS
Prestage the computer account in AD
42. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Domain based DFS namespace and configure a DFS replication group
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
An Active Directory subnet object needs to be created.
43. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Then use Windows Deployment Services (WDS) on DHCP1.
Authorization Manager
CAPublishGP group should have the Manage CA permission.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
44. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Enable Windows Remote Management (WinRM) on the servers.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
dsa.msc - dsamain.exe - ntdsutil.exe
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
45. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Properties of PSO need modified
Encrypting File System (EFS). This can be enabled locally or through a GPO.
46. To backup Virtual Machines
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
File Server Resource Manager (FSRM) quotas and file screens
47. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Jill came down with 2.50.
An Active Directory subnet object needs to be created.
Then use Windows Deployment Services (WDS) on DHCP1.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
48. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
49. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
The Group Policy Management console
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Create a MEDV workspace
Purchase one additional Enterprise License
50. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
ntdsutil
View properties of %systemroot%ntdsntds.dit
Enable Windows Remote Management (WinRM) on the servers.