SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Basic Authentication and SSL
Modify properties of RODC server computer account.
3. If you want to allow single-label name resolution
Add the new UPN Suffix to the forest
Raise the DFL to Windows Server 2008 R2.
Test-AppLockerPolicy
Then configure GlobalNames zones on each domain controller.
4. Striped volumes
Deploy a failover cluster that uses Node and File Share Disk Majority
Improve the performance of File Servers
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Configure Audit Special Logon and define Special Groups
5. If you need to ensure that data is protected by BitLocker then you will...
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Jill came down with 2.50.
NOT be able to store that data on an iSCSI SAN
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
6. To modify several user accounts to a new UPN suffix
Deploy a GPO to the WebSrvOU
Active Directory Users and Computers utility
Configure caching on the shared folder and configure offline files to use encryption
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
7. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Modify the local policy to point to the Internal WSUS server
Import-Module
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Windows Deployment Services (WDS)
8. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Deploy Microsoft System Center Operations Manager (SCOM)
9. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Back up to an external USB drive by using Windows Server Backup
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy Microsoft System Center Operations Manager (SCOM)
10. Need to access some resources in another domain that is part of another forest...What trust is created?
View properties of %systemroot%ntdsntds.dit
Back up to an external USB drive by using Windows Server Backup
Incoming external trust
Network Load Balancing (NLB)
11. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
File Server Resource Manager (FSRM) quotas and file screens
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Authorization Manager
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
12. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
IIS Chared Configuration
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Prestage the computer account in AD
13. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure block inheritance on the IT OU
802.1.x NAP
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
14. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Import-Module
Domain based Distributed File System (DFS) namespace and DFS Replication.
Create a MEDV workspace
Increase the tombstone lifetime for the forest.
15. What should be done to resolve names by using GlobalNames zone?
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Incoming external trust
dnscmd tool
Active Directory Users and Computers
16. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Use the Local Roles options with dsmgmt.
Group Policy Preferences
Modify the GPO to include folder redirection
17. To configure Administrator Role Separation for an RODC
Authorization Manager role assignment
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Create an Active Directory-Integrated zone.
18. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Modify properties of RODC server computer account.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Printer driver isolation
19. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Ntdsutil
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Winrm quickconfig
20. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a standard secondary of domain and create standard secondary of other domain.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Enable Windows Remote Management (WinRM) on the servers.
21. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Deploy a GPO to the WebSrvOU
Deploy Microsoft System Center Operations Manager (SCOM)
Event Log Subscriptions
Autonomous mode...This allows the local administrator to approve their own updates.
22. If you need to encrypt all data on all disks
Administrators is the minimum group membership required to complete this procedure.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Then use Windows BitLocker Drive Encryption
Deploy a GPO for the Sales OU
23. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
NOT be able to store that data on an iSCSI SAN
Configure separate application pools for each application
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Windows Deployment Services (WDS)
24. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Microsoft Desktop Optimization Pack (MDOP) to your company
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
25. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Domain based DFS namespace and configure a DFS replication group
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy a GPO for the Sales OU
26. To prevent account password from being cached on RODC server...
Administrative Role Separation
Create a Central Store
Modify properties of RODC server computer account.
Share and Storage Management
27. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Disable Site Link Bridging from the IP properties
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Site
An Active Directory subnet object needs to be created.
28. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Run the Delegation of Control Wizard on the Staff OU
Deploy a failover cluster that contains one node in each office.
Configure Audit Special Logon and define Special Groups
29. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Configure separate application pools for each application
Active Directory Users and Computers
Ntdsutil
30. For the users that work remotely that need access to files from the corporate office you should...
DSMOD
Registry on users computer needs to be modified
Configure event log subscriptions
Recommend Offline Files
31. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
NOT be able to store that data on an iSCSI SAN
32. To compact AD database...
Create and deploy a logon script that runs Auditpol.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Enable - ADoptionalFeature cmdlet
FILES option within Ntdsutil
33. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
NOT be able to store that data on an iSCSI SAN
Raise the DFL to Windows Server 2008 R2.
Add George to the Domain Admins group.
34. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Offline domain join
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Configure folder redirection
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
35. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then use Windows Deployment Services (WDS) on DHCP1.
Passive file screens
36. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
DISABLE slow link detection in the GPO
Assign the application to all client computers by using a GPO.
37. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Disable Site Link Bridging from IP Properties
NOT be able to store that data on an iSCSI SAN
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
38. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Dfsrdiag
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Use local roles options within "dsmgmt"
39. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Incoming external trust
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Use local roles options within "dsmgmt"
40. To configure AD FS so tokens contain information from Active Directory domain...
FILES option within Ntdsutil
New ACCOUNT STORE should be added and configured
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
41. to protect file servers and hard disks that may be at risk of being accessed or stolen
Implement Windows BitLocker Drive Encryption (BitLocker)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Offline domain join
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
42. To create AD Domain Services snapshot
Ntdsutil
Implement Distributed File System Replication (DFSR) on both servers
net stop ntds
A Distributed File System (DFS) namespace
43. The strongest form of NAP is
Increase the tombstone lifetime for the forest.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
44. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Create a standard secondary of domain and create standard secondary of other domain.
Raise the DFL to Windows Server 2008 R2.
Jill came down with 2.50.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
45. To backup to tape/robotic tape and to backup VMs you must use...
Windows Server 2003
Microsoft Application Virtualization (AppV)
Active Directory Domains and Trusts
Microsoft System Center Data Protection Manager 2010
46. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
DSMOD
Implement Distributed File System Replication (DFSR) on both servers
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Incoming external trust
47. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Install the RSAT tool on their workstation to provide for more efficient network management
48. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Dsmgmt
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
49. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
AD RMS
Folder redirection. Folder redirection is also useful when using roamin profiles.
Event Log Subscriptions
DSMOD
50. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Windows XP Mode
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement a GPO for each domain