SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
New ACCOUNT STORE should be added and configured
Dsmgmt
Configure Audit Special Logon and define Special Groups
ntdsutil
2. UPN Suffix xxxx.com needs to be available for user accounts...
Configure event log subscriptions
Add the new UPN Suffix to the forest
Windows System Resource Manager (WSRM)
Raise the DFL to Windows Server 2008 R2.
3. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
AD RMS
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Create a Network Load Balancing cluster.
Implement Windows System Resource Manager (WSRM) and configure user policies
4. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Registry on users computer needs to be modified
MEDV to deploy virtual desktops
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
5. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Deploy a GPO for the Sales OU
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
6. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
fsconfig on FSSrv2
Windows Deployment Services (WDS)
7. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Event Subscriptions
Implement Windows System Resource Manager (WSRM) and configure user policies
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
8. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Configure the zone as an Activde Directory-Integrated zone.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
A Distributed File System (DFS) namespace
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
9. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Service user account for AD LDS
10. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Run net stop ntds
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Dfsrdiag
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
11. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
IIS Chared Configuration
12. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Role Separation
Configure authorization rules for Web developers on each web server
Refresh the zone on DNS2
Modify the GPO to include folder redirection
13. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Microsoft Desktop Optimization Pack (MDOP) to your company
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Implement one LUN for the quorum and another LUN for the data
Configure caching on the shared folder and configure offline files to use encryption
14. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Folder redirection. Folder redirection is also useful when using roamin profiles.
15. Need to access some resources in another domain that is part of another forest...What trust is created?
Configure authorization rules for Web developers on each web server
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Incoming external trust
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
16. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Multipath I/O feature
Create a new Password Settings Object (PSO) for the IT users.
Recommend Active Directory delegation
17. You need to design your WSUS infrastructure so that updates are highly available. To do so
AD RMS
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
18. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Configure separate application pools for each application
Set-ADServiceAccount cmdlet
Refresh the zone on DNS2
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
19. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Assign the application to computers in the PC OU
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Create a standard secondary of domain and create standard secondary of other domain.
Implement Windows System Resource Manager (WSRM)
20. To deploy templates across the organization
Add George to the Domain Admins group.
Microsoft System Center Data Protection Manager
AD Domains and Trusts
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
21. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
AD Domains and Trusts
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Your machine and remote desktops
22. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Create a new Password Settings Object (PSO) for the IT users.
A relying party trust should be created.
WSUS server in the branch office in replica mode.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
23. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
ntdsutil
Data Recovery Agent
24. To allow a user to administer Active Directory
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Add the user to the Domain Admins global group
Attach VHD file created by Windows server backup
Authorization Manager role assignment
25. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Modify properties of RODC server computer account.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Storage manager for SANs
26. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
DSMOD
Add the new UPN Suffix to the forest
Domain based DFS namespace and configure a DFS replication group
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
27. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Microsoft Desktop Optimization Pack (MDOP)
Then use Windows Deployment Services (WDS) on DHCP1.
Dfsrdiag
Zone transfer settings
28. To delegate authority to users to manage only certain areas in Hyper-V use the
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Prestage the computer account in AD
Authorization Manager role assignment
29. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Modify the local policy to point to the Internal WSUS server
Add the user to the Domain Admins global group
Create a Network Load Balancing cluster.
30. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Recommend Active Directory delegation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Restore-ADObject cmdlet
31. To be able to manage all the corporate servers from a workstation - you must install the
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Set-ADServiceAccount cmdlet
Run auditpol and then configure the Security settings of the Domain Controllers OU.
32. You need to allow a user to add a single computer to a domain - without any additional rights...
DSMOD
Prestage the computer account in AD
Implement a domain-based DFS namespace that uses replication
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
33. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Then configure GlobalNames zones on each domain controller.
Windows BitLocker Drive Encryption (Bit Locker)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Microsoft Desktop Optimization Pack (MDOP) to your company
34. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Active Directory Users and Computers
Configure separate application pools for each application
DSMOD - ADUC
Configure authorization rules for Web developers on each web server
35. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Group Policy Preferences
FILES option within Ntdsutil
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
36. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Get-ADUser cmdlet
Configure folder redirection
37. To make deploying the custom Word dictionary easy
Recommend Group Policy preferences
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Software Restriction Polices
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
38. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Deploy a GPO for the Sales OU
A relying party trust should be created.
Backup operator's domain local group
Event Log Subscriptions
39. 2 ways to relocate user and computer accounts to different OUs
Site
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Storage manager for SANs
DSMOD - ADUC
40. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Configure block inheritance on the IT OU
41. To backup GPO's in domain and minimize bakcup...
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
The Group Policy Management Console
Enable - ADoptionalFeature cmdlet
Multipath I/O feature
42. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Authorization Manager role assignment
Create and deploy a logon script that runs Auditpol.
Windows Server 2003
43. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Dynamically expanding VHD's
44. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Then configure GlobalNames zones on each domain controller.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
45. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Enable Credential Roaming
Increase the tombstone lifetime for the forest.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
46. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Use a GPO to configure device installation restrictions
dnscmd tool
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
47. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Assign the application to computers in the PC OU
Offline domain join
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
48. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Backup operator's domain local group
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
49. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Repadmin
The Group Policy Management Console
Passive file screens
Authorization Manager role assignment
50. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Raise the DFL to Windows Server 2008 R2.
Role Separation
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure offline files and enable manual caching
