SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To compact AD database...
Ldp
FILES option within Ntdsutil
Deploy a failover cluster that contains one node in each office.
Implement Shadow Copies
2. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Multipath I/O feature
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Implement Windows System Resource Manager (WSRM) and configure user policies
3. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Dfsrdiag
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Configure caching on the shared folder and configure offline files to use encryption
4. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Implement one LUN for the quorum and another LUN for the data
Add the new UPN suffix to the forest.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
net stop ntds
5. 4 steps to perform authoritative restore of a deleted OU...
Then use on install image file that contains a single install image.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
6. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Deploy a GPO to the WebSrvOU
Recommend Active Directory delegation
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
7. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Changed manually
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Implement Windows System Resource Manager (WSRM)
8. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
802.1.x NAP
Include a server that runs Microsoft Office SharePoint Server 2010
Enable Windows Remote Management (WinRM) on each server.
Site
9. To update ADRMS password...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
AD Rights Management Services
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement the Windows Search Service.
10. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Assign the application to computers in the PC OU
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
11. In order to ensure highly available Windows Update servers you should create this.
Create a Network Load Balancing cluster.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
DFL needs to be Windows Server 2008
Incoming external trust
12. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Windows Deployment Services (WDS)
13. 2 ways to relocate user and computer accounts to different OUs
Network Load Balancing (NLB) cluster
Deploy the Root CA certificate to the external computers.
DSMOD - ADUC
Implement Windows BitLocker Drive Encryption (BitLocker)
14. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Add George to the Domain Admins group.
Configure RODC for Administrator Role Separation
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
15. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
Install Windows Server Backup and modify the Windows firewall settings
Implement one LUN for the quorum and another LUN for the data
Raise the DFL to Windows Server 2008 R2.
16. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
dnscmd
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
17. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
An Active Directory subnet object needs to be created.
Create a Network Load Balancing cluster.
CAPublishGP group should have the Manage CA permission.
18. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
The Group Policy Management Console
Your machine and remote desktops
Event Log Subscriptions
19. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Purchase one additional Enterprise License
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement Distributed File System Replication (DFSR) on both servers
Recommend Group Policy preferences
20. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
DISABLE slow link detection in the GPO
Use the Local Roles options with dsmgmt.
21. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Perform an authoritative restore
Event Log Subscriptions
Add the new UPN Suffix to the forest
22. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Prestage the computer account in AD
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Implement folder redirection by using GPO. Then backup the folder redirection target.
23. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Offline domain join
Winrm quickconfig
24. New Password Policy needs to be created for OU different from domain password policy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
WDS
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
25. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Active Directory Users and Computers
Configure the zone as an Activde Directory-Integrated zone.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
26. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
New ACCOUNT STORE should be added and configured
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Ntfrsutil
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
27. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Implement GPO for all client computers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Add-ADFineGrainedPasswordPolicySubject cmdlet
28. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Install Windows Server Backup and modify the Windows firewall settings
Repadmin
An Active Directory subnet object needs to be created.
29. to prevent VMs from receiving updats from a group policy
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
30. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Implement folder redirection by using GPO. Then backup the folder redirection target.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
31. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
WDS
Install Windows Server Backup and modify the Windows firewall settings
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
DSMOD - ADUC
32. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Group Policy Preferences
Create an e-mail account in AD DS for your RMS users.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
33. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Backup operator's domain local group
Implement a GPO for each domain
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
34. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
View properties of %systemroot%ntdsntds.dit
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Implement Network Access Protection (NAP) that uses 802.1x enforcement
36. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
View properties of %systemroot%ntdsntds.dit
802.1.x NAP
Configure Firewall Group Policies and link them at the Domain level
37. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
FFL Windows Server 2008 R2
WSUS server in the branch office in replica mode.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
38. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Then configure GlobalNames zones on each domain controller.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
39. To ensure that recovery is possible if a file on a file server is deleted accidentally
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement Shadow Copies
Software Restriction Polices
Configure event log subscriptions
40. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Active Directory snapshots and Tombstone reanimation
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
41. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Raise the DFL to Windows Server 2008 R2.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Windows Server 2003
Active Directory Users and Computers utility
42. When service account passwords need to be changed for SQL they should be...
Changed manually
fsconfig on FSSrv2
Upgrading DFS to Windows Server 2008 R2
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
43. What GPO setting should be configured to prevent all users from running an application?
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Software Restriction Polices
Network Load Balancing (NLB)
Add the user to the Domain Admins global group
44. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
View properties of %systemroot%ntdsntds.dit
Configure the zone as an Activde Directory-Integrated zone.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
45. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Configure caching on the shared folder (offline files)
46. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
ntdsutil
Configure caching on the shared folder and configure offline files to use encryption
Add George to the Domain Admins group.
Folder redirection. Folder redirection is also useful when using roamin profiles.
47. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
New ACCOUNT STORE should be added and configured
48. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploy a GPO to the WebSrvOU
Passive file screens
AD Domains and Trusts
49. To join a server/PC outside of the domain to the network...
A relying party trust should be created.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Windows XP Mode
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
50. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
