SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a failover cluster that uses Node and File Share Disk Majority
NOT be able to store that data on an iSCSI SAN
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
2. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Configure event log subscriptions
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
3. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Configure folder redirection
Configure an audit policy by editing the default domain policy and configure Event Forwarding
4. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
DSMOD - ADUC
AD Rights Management Services
5. To allow a specifc user or group to manage the address information for the user accounts...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
AD RMS
Use a GPO to configure device installation restrictions
Recommend Active Directory delegation
6. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
7. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Microsoft Desktop Optimization Pack (MDOP)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
8. You need to relocate an AD LDS instance from C: Drive to D: Drive
Dynamically expanding VHD's
Properties of PSO need modified
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
9. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Autonomous mode...This allows the local administrator to approve their own updates.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Configure separate application pools for each application
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
10. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Configure authorization rules for Web developers on each web server
11. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Improve the performance of File Servers
Autonomous mode...This allows the local administrator to approve their own updates.
Execute the Set-ADServiceAccount cmdlet
12. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Authorization Manager role assignment
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Dfsrdiag
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
13. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
The Group Policy Management console
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Deploy Microsoft System Center Operations Manager (SCOM)
IIS Chared Configuration
14. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
ntdsutil
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
15. To recover objects deleted from Active Directory you should recommend
Restore-ADObject cmdlet
An Active Directory subnet object needs to be created.
Active Directory snapshots and Tombstone reanimation
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
16. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. If users complain that it is hard to find the shared folders on the network implement
Import-Module
Additional DFS Targets
CAPublishGP group should have the Manage CA permission.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
18. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then use on install image file that contains a single install image.
Configure the zone as an Activde Directory-Integrated zone.
19. File that contains the last logon time and custom attributes values for each user in your forest.
Dsmgmt
Get-ADUser cmdlet
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Execute the Set-ADServiceAccount cmdlet
20. What should be done to resolve names by using GlobalNames zone?
Backup operator's domain local group
Use Netsh tool from administrator's computer.
dnscmd tool
Include a server that runs Microsoft Office SharePoint Server 2010
21. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Configure the zone as an Activde Directory-Integrated zone.
Active Directory Domains and Trusts
Run the Delegation of Control Wizard on the Staff OU
Offline domain join
22. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Dfsrdiag
Configure caching on the shared folder and configure offline files to use encryption
23. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Modify the local policy to point to the Internal WSUS server
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Then configure GlobalNames zones on each domain controller.
Install Windows Server Backup and modify the Windows firewall settings
24. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
A Distributed File System (DFS) namespace
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Enable Windows Remote Management (WinRM) on the servers.
View properties of %systemroot%ntdsntds.dit
25. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Add George to the Domain Admins group.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
26. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
DFL needs to be Windows Server 2008
Active Directory Users and Computers
Folder redirection. Folder redirection is also useful when using roamin profiles.
27. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Modify the local policy to point to the Internal WSUS server
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Windows Deployment Services (WDS)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
28. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
IIS Manager user account
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
29. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Use local roles options within "dsmgmt"
Add the new UPN suffix to the forest.
Share and Storage Management
Recommend Offline Files
30. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
The Group Policy Management Console
Implement Distributed File System Replication (DFSR) on both servers
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
31. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Active Directory Users and Computers utility
Share and Storage Management
Install the RSAT tool on their workstation to provide for more efficient network management
Add George to the Domain Admins group.
32. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then configure GlobalNames zones on each domain controller.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
33. To be able to manage all the corporate servers from a workstation - you must install the
Raise the DFL to Windows Server 2008 R2.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Additional DFS Targets
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
34. To modify several user accounts to a new UPN suffix
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Active Directory Users and Computers utility
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
35. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Implement Windows BitLocker Drive Encryption (BitLocker)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Then install new Server 2008 R2 Enterprise subordinate CA.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
36. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Microsoft SharePoint Foundation 2010
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Implement Shadow Copies
37. For the users that work remotely that need access to files from the corporate office you should...
Create a standard secondary of domain and create standard secondary of other domain.
Ldp
Recommend Offline Files
Share and Storage Management
38. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Active Directory Users and Computers utility
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Group Policy Preferences
39. What utility is used to see what accounts cached on RODC?
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Active Directory Users and Computers
Configure separate application pools for each application
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
40. New password settings object (PSO) created and needs to be applied to user
Implement Windows System Resource Manager (WSRM)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Properties of PSO need modified
Software Restriction Polices
41. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Active Directory Right Management Services (AD RMS)
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
42. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Create a Central Store
Modify the local policy to point to the Internal WSUS server
DFL needs to be Windows Server 2008
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
43. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Create a MEDV workspace
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Subnet object needs to be created
DSMOD - ADUC
44. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Microsoft Desktop Optimization Pack (MDOP) to your company
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
45. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Create a new Password Settings Object (PSO) for the IT users.
Passive file screens
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Then use on install image file that contains a single install image.
46. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Configure offline files and enable manual caching
Passive file screens
Restore-ADObject cmdlet
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
47. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Group Policy Preferences
Autonomous mode...This allows the local administrator to approve their own updates.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
48. GPO setting to prevent all users from running an application
Software Restriction Polices
Windows Deployment Services (WDS)
Raise the DFL to Windows Server 2008 R2.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
49. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
dnscmd tool
Create an Active Directory-Integrated zone.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Deploy the Root CA certificate to the external computers.
50. Need to access some resources in another domain that is part of another forest...What trust is created?
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Printer driver isolation
Microsoft SharePoint Foundation 2010
Incoming external trust
