SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy it by using Group Policy Software Installation method
FFL Windows Server 2008 R2
dnscmd
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
2. Need to access some resources in another domain that is part of another forest...What trust is created?
Implement Windows BitLocker Drive Encryption (BitLocker)
Enable Windows Remote Management (WinRM) on the servers.
Incoming external trust
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
3. New Password Policy needs to be created for OU different from domain password policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Active Directory Users and Computers
Get-ADUser cmdlet
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
4. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Microsoft Application Virtualization (AppV)
Utilize IFM (Install From Media)
Configure block inheritance on the IT OU
5. 2 ways to relocate user and computer accounts to different OUs
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
DSMOD - ADUC
Microsoft System Center Data Protection Manager
6. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Add George to the Domain Admins group.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
7. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install From Media IFM
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement one LUN for the quorum and another LUN for the data
Include a server that runs Microsoft Office SharePoint Server 2010
8. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Windows Server 2003
Modify zone transfer settings for company.com zone on DCA
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
9. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Dsmgmt
Network Load Balancing (NLB)
Attach VHD file created by Windows server backup
Create a Central Store
10. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Active Directory Domains and Trusts
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Microsoft SharePoint Foundation 2010
11. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Create a new Password Settings Object (PSO) for the IT users.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Create a Central Store
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
12. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
WDS
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
13. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
14. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Test-AppLockerPolicy
Create a new Password Settings Object (PSO) for the IT users.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
15. PowerShell script to create user accounts with passwords from a file called password.csv
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
16. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Recommend Offline Files
Active Directory Users and Computers utility
Add the Windows Server Backup feature and Windows System Image recovery.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
17. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Disable Site Link Bridging from IP Properties
Configure authorization rules for Web developers on each web server
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
18. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Ntdsutil
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
CAPublishGP group should have the Manage CA permission.
19. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure caching on the shared folder and configure offline files to use encryption
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Configure Audit Special Logon and define Special Groups
20. To create AD Domain Services snapshot
Ntdsutil
Share and Storage Management
dnscmd
Execute the Set-ADServiceAccount cmdlet
21. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Then use Windows Deployment Services (WDS)
22. If you need secure method to verify validity of individual certificates and minimize network bandwidth
WDS
Implement a domain-based DFS namespace that uses replication
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Purchase one additional Enterprise License
23. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Create a new Password Settings Object (PSO) for the IT users.
The Group Policy Management Console
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
24. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
AD Domains and Trusts
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
25. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Authorization Manager role assignment
IIS Chared Configuration
26. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
ntdsutil
File Server Resource Manager (FSRM) quotas and file screens
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Incoming external trust
27. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
WDS
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
28. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Event Log Subscriptions
FFL Windows Server 2008 R2
Run the Delegation of Control Wizard on the Staff OU
Implement the Windows Search Service.
29. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
30. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Create a MEDV workspace
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
31. What should be done first to defragment the AD database?
Modify properties of RODC server computer account.
Run net stop ntds
Implement folder redirection by using GPO. Then backup the folder redirection target.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
32. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Winrm quickconfig
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Windows Server 2003
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
33. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Then use on install image file that contains a single install image.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
34. FFL is...
Recommend GPT and basic disks
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Win2000
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
35. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Configure caching on the shared folder (offline files)
36. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Administrative Role Separation
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
37. If users complain that it is hard to find the shared folders on the network implement
Event Log Subscriptions
Restore-ADObject cmdlet
Software Restriction Polices
Additional DFS Targets
38. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Implement one LUN for the quorum and another LUN for the data
Event Subscriptions
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
39. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Network Load Balancing (NLB) cluster
Enable Credential Roaming
40. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Then install new Server 2008 R2 Enterprise subordinate CA.
41. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Assign the application to computers in the PC OU
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Implement Network Access Protection (NAP) that uses 802.1x enforcement
42. When deploying an application using the Group Policy distribution method assign the...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
43. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Subnet object needs to be created
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
44. For the users that work remotely that need access to files from the corporate office you should...
View properties of %systemroot%ntdsntds.dit
Then install new Server 2008 R2 Enterprise subordinate CA.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Recommend Offline Files
45. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
CAPublishGP group should have the Manage CA permission.
Configure the zone as an Activde Directory-Integrated zone.
46. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Create a standard secondary of domain and create standard secondary of other domain.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Execute the Set-ADServiceAccount cmdlet
Purchase one additional Enterprise License
47. You need to relocate an AD LDS instance from C: Drive to D: Drive
Then install new Server 2008 R2 Enterprise subordinate CA.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install Windows Server Backup and modify the Windows firewall settings
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
48. What utility is used to see what accounts cached on RODC?
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Group Policy Preferences
Active Directory Users and Computers
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
49. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Deploy the Root CA certificate to the external computers.
Storage manager for SANs
Recommend Offline Files
Install Windows Server Backup and modify the Windows firewall settings
50. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add the new UPN Suffix to the forest
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Ntfrsutil
Add George to the Domain Admins group.
