SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Improve the performance of File Servers
Data Recovery Agent
View properties of %systemroot%ntdsntds.dit
2. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Purchase one additional Enterprise License
Active Directory Users and Computers utility
FFL Windows Server 2008 R2
Domain based Distributed File System (DFS) namespace and DFS Replication.
3. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
View properties of %systemroot%ntdsntds.dit
Use CISCO IP Helper command to configure.
5. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement a domain-based DFS namespace that uses replication
Subnet object needs to be created
6. You need to ensure that the guest account on all servers is disabled to
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Microsoft System Center Data Protection Manager 2010
CAPublishGP group should have the Manage CA permission.
7. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
WSUS server in the branch office in replica mode.
Administrators is the minimum group membership required to complete this procedure.
8. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Dynamically expanding VHD's
Configure block inheritance on the IT OU
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
View properties of %systemroot%ntdsntds.dit
9. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Enable - ADoptionalFeature cmdlet
Folder redirection. Folder redirection is also useful when using roamin profiles.
Restore-ADObject cmdlet
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
10. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Install Windows Server Backup and modify the Windows firewall settings
Recommend Group Policy preferences
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Implement Windows System Resource Manager (WSRM) and configure user policies
11. If you need to delegate control of server to remote admins group
Set-ADServiceAccount cmdlet
Configure RODC for Administrator Role Separation
Install and share a printer on a server and then enable printer pooling.
Deploy Microsoft System Center Operations Manager (SCOM)
12. To backup to tape/robotic tape and to backup VMs you must use...
DFL needs to be Windows Server 2008
Recommend Active Directory delegation
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Microsoft System Center Data Protection Manager 2010
13. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Group Policy Preferences
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Deploy Microsoft System Center Operations Manager (SCOM)
14. 4 steps to perform authoritative restore of a deleted OU...
Configure Firewall Group Policies and link them at the Domain level
Additional DFS Targets
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Windows Deployment Services (WDS)
15. For the users that work remotely that need access to files from the corporate office you should...
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Recommend Offline Files
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement one LUN for the quorum and another LUN for the data
16. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Active Directory Domains and Trusts
Windows System Resource Manager (WSRM)
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
17. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create a standard secondary of domain and create standard secondary of other domain.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
18. What shold be done to configure AD RMS so users can protect their data?
Create an e-mail account in AD DS for your RMS users
Zone transfer settings
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
19. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Use CISCO IP Helper command to configure.
DFL needs to be Windows Server 2008
IIS Chared Configuration
fsconfig on FSSrv2
20. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Disable Site Link Bridging from the IP properties
DFL needs to be Windows Server 2008
Win2000 Native
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
21. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
From Server1 - run the Create Basic Task Wizard
Passive file screens
Zone transfer settings
Import-Module
22. New Password Policy needs to be created for OU different from domain password policy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Enable Credential Roaming
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Add-ADFineGrainedPasswordPolicySubject cmdlet
23. A specific application requires registry modifications to be in place before installing; you should use
Recommend Active Directory delegation
Network Load Balancing (NLB) cluster
Microsoft Desktop Optimization Pack (MDOP) to your company
Group Policy Preferences
24. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Configure caching on the shared folder (offline files)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Modify the schema of LDSInst1
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
25. If users complain that it is hard to find the shared folders on the network implement
Share and Storage Management
Additional DFS Targets
Domain based DFS namespace and configure a DFS replication group
Improve the performance of File Servers
26. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Active Directory Users and Computers utility
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
27. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Windows System Resource Manager (WSRM)
File Server Resource Manager (FSRM) quotas and file screens
Win2000
Dynamically expanding VHD's
28. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
CAPublishGP group should have the Manage CA permission.
Dsmgmt
DISABLE slow link detection in the GPO
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
29. To compact AD database...
fsconfig on FSSrv2
FILES option within Ntdsutil
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Subnet object needs to be created
30. You need to design your WSUS infrastructure so that updates are highly available. To do so
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
31. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Basic Authentication and SSL
Disable Site Link Bridging from IP Properties
Recommend GPT and basic disks
Create and deploy a logon script that runs Auditpol.
32. The strongest form of NAP is
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Create an Active Directory-Integrated zone.
dsa.msc - dsamain.exe - ntdsutil.exe
33. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Configure separate application pools for each application
34. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
802.1.x NAP
Add the new UPN suffix to the forest.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
35. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Site
Software Restriction Polices
36. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
Modify the GPO to include folder redirection
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Upgrading DFS to Windows Server 2008 R2
37. What role to keep same time as an external server?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
PDC emulator with w32tm.exe
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
38. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Active Directory Right Management Services (AD RMS)
Install and share a printer on a server and then enable printer pooling.
39. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Incoming external trust
Win2000
40. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Upgrading DFS to Windows Server 2008 R2
Winrm quickconfig
Then configure GlobalNames zones on each domain controller.
41. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Then configure auto enrollment of certificates and Credential Roaming.
Execute the Set-ADServiceAccount cmdlet
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
From Server1 - run the Create Basic Task Wizard
42. If you need to be able to create shared folders on Server 2008 R2
Jill came down with 2.50.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Certificate Templates
Then use Windows Deployment Services (WDS)
43. To allow a user to administer Active Directory
Then configure GlobalNames zones on each domain controller.
Add the user to the Domain Admins global group
Winrm quickconfig
Restore-ADObject cmdlet
44. An AD LDS instance needs to be replicated from one server to another...
View properties of %systemroot%ntdsntds.dit
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Microsoft Desktop Optimization Pack (MDOP) to your company
Service user account for AD LDS
45. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
FILES option within Ntdsutil
Passive file screens
Use local roles options within "dsmgmt"
46. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
DISABLE slow link detection in the GPO
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Software Restriction Polices
Create and deploy a logon script that runs Auditpol.
47. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Creating a data collector set that kick off a scritp that either move or delete files.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Autonomous mode...This allows the local administrator to approve their own updates.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
48. To add a new UPN for all user accounts...
Configure authorization rules for Web developers on each web server
AD Domains and Trusts
DSMOD - ADUC
WSUS server in the branch office in replica mode.
49. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Event Subscriptions
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
50. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Add George to the Domain Admins group.
Domain based DFS namespace and configure a DFS replication group
