SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The strongest form of NAP is
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install Windows Server Backup and modify the Windows firewall settings
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Your machine and remote desktops
2. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Create an Active Directory-Integrated zone.
Windows XP Mode
Add the new UPN Suffix to the forest
dnscmd
3. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Role Separation
CAPublishGP group should have the Manage CA permission.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Enable Windows Remote Management (WinRM) on the servers.
4. Ensure password length for a group set to 12 characters long while others keep password policy
Perform an authoritative restore
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create and deploy a logon script that runs Auditpol.
FFL Windows Server 2008 R2
5. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
View properties of %systemroot%ntdsntds.dit
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Domain based DFS namespace and configure a DFS replication group
6. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Purchase one additional Enterprise License
Test-AppLockerPolicy
Implement folder redirection by using GPO. Then backup the folder redirection target.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
7. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
File Server Resource Manager (FSRM) quotas and file screens
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install and share a printer on a server and then enable printer pooling.
Administrators is the minimum group membership required to complete this procedure.
8. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Implement folder redirection by using GPO. Then backup the folder redirection target.
Then use Windows Deployment Services (WDS) on DHCP1.
Refresh the zone on DNS2
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
9. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
11. Tool to change Directory Services Restore Mode password on Domain Controller...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Domain based Distributed File System (DFS) will reduce network traffic
ntdsutil
Creating a data collector set that kick off a scritp that either move or delete files.
12. Tools to view contents of an OU in an AD snapshot...
Creating a data collector set that kick off a scritp that either move or delete files.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Configure offline files and enable manual caching
dsa.msc - dsamain.exe - ntdsutil.exe
13. If subnets are connected by CISCO router that is RFC-1542 compliant
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Use CISCO IP Helper command to configure.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
WDS
14. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Execute the Set-ADServiceAccount cmdlet
802.1.x NAP
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
15. To add a server with AD FS 2.0 role to an existing AD FS farm...
Win2000
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
fsconfig on FSSrv2
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
16. When recommending a monitoring solution for an application so that it's events can be stored in a central
Role Separation
Event Subscriptions
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
17. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
18. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Windows Server 2003
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
AD RMS
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
19. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Software Restriction Polices
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure separate application pools for each application
20. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Microsoft SharePoint Foundation 2010
IIS Manager user account
WSUS server in the branch office in replica mode.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
21. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Use local roles options within "dsmgmt"
Authorization Manager
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
22. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Active Directory Users and Computers utility
23. If users complain that it is hard to find the shared folders on the network implement
Implement folder redirection by using GPO. Then backup the folder redirection target.
Folder redirection. Folder redirection is also useful when using roamin profiles.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Additional DFS Targets
24. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Network Load Balancing (NLB) cluster
The Group Policy Management console
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
25. Capture all replication errors from all your DCs to a central location...
Implement folder redirection by using GPO. Then backup the folder redirection target.
Configure event log subscriptions
AD Domains and Trusts
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
26. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
MEDV to deploy virtual desktops
Certificate Templates
Add the Windows Server Backup feature and Windows System Image recovery.
Increase the tombstone lifetime for the forest.
27. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Use the Local Roles options with dsmgmt.
Test-AppLockerPolicy
FILES option within Ntdsutil
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
28. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Event Log Subscriptions
Microsoft System Center Data Protection Manager
Group Policy Preferences
CAPublishGP group should have the Manage CA permission.
29. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Modify zone transfer settings for company.com zone on DCA
Execute the Set-ADServiceAccount cmdlet
Implement Windows BitLocker Drive Encryption (BitLocker)
30. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Set-ADServiceAccount cmdlet
Offline domain join
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
31. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Use the Local Roles options with dsmgmt.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Upgrading DFS to Windows Server 2008 R2
32. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Deploy a failover cluster that uses Node and File Share Disk Majority
Install From Media IFM
Incoming external trust
Create an e-mail account in AD DS for your RMS users
33. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Create an e-mail account in AD DS for your RMS users
34. To enable the AD Recycle Bin
Run adprep /forestprep and adprep /domainprep
Run the Delegation of Control Wizard on the Staff OU
Enable - ADoptionalFeature cmdlet
Dfsrdiag
35. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Back up to an external USB drive by using Windows Server Backup
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Install the RSAT tool on their workstation to provide for more efficient network management
Then configure GlobalNames zones on each domain controller.
36. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Create a Central Store
Repadmin
Then use Windows Deployment Services (WDS)
Domain based Distributed File System (DFS) will reduce network traffic
37. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Service user account for AD LDS
Subnet object needs to be created
Implement Network Access Protection (NAP) that uses 802.1x enforcement
38. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Implement a domain-based DFS namespace that uses replication
Configure block inheritance on the IT OU
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Then use on install image file that contains a single install image.
39. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Incoming external trust
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
40. To ensure that a file on a file server do not leave the organization you must implement this.
Attach VHD file created by Windows server backup
AD RMS
Group Policy Preferences
Implement GPO for all client computers
41. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Deploy a failover cluster that uses Node and File Share Disk Majority
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Enable Windows Remote Management (WinRM) on each server.
42. You need a solution that meets policy while minimizing hardware and software costs
Backup operator's domain local group
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create a new Password Settings Object (PSO) for the IT users.
43. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Raise the DFL to Windows Server 2008 R2.
Software Restriction Polices
Software Restriction Polices
44. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Active Directory Users and Computers utility
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Microsoft Application Virtualization (AppV)
Dsmgmt
45. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
46. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Create an e-mail account in AD DS for your RMS users
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Active Directory snapshots and Tombstone reanimation
47. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create an e-mail account in AD DS for your RMS users.
48. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Disable Site Link Bridging from IP Properties
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Dsmgmt
Group Policy Preferences
49. To create AD Domain Services snapshot
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Ntdsutil
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Enable Windows Remote Management (WinRM) on each server.
50. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Administrative Role Separation
Network Load Balancing (NLB) cluster
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
