SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Dsmgmt
Add the new UPN Suffix to the forest
Event Log Subscriptions
2. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create an e-mail account in AD DS for your RMS users
Configure block inheritance on the IT OU
Administrative Role Separation
3. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Disable Site Link Bridging from IP Properties
Perform an authoritative restore
4. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement Network Access Protection (NAP)
Active Directory Domains and Trusts
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
5. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Active Directory Users and Computers
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Enable Windows Remote Management (WinRM) on the servers.
Install Hyper-V role and convert physical machines into virtual machines
6. When one needs to audit files - folders - printers and the registry enable
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install Hyper-V role and convert physical machines into virtual machines
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Add the Windows Server Backup feature and Windows System Image recovery.
7. To configure Administrator Role Separation for an RODC
Deploy the Root CA certificate to the external computers.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Enable Windows Remote Management (WinRM) on each server.
8. You need to ensure that the guest account on all servers is disabled to
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Microsoft Desktop Optimization Pack (MDOP)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Jill came down with 2.50.
9. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Use CISCO IP Helper command to configure.
New ACCOUNT STORE should be added and configured
Domain based DFS namespace and configure a DFS replication group
Create a new Password Settings Object (PSO) for the IT users.
10. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Microsoft Desktop Optimization Pack (MDOP)
Raise the DFL to Windows Server 2008 R2.
Event Subscriptions
11. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Then use Windows Deployment Services (WDS) on DHCP1.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
12. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
13. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Domain based DFS namespace and configure a DFS replication group
Create an e-mail account in AD DS for your RMS users
Create a new Password Settings Object (PSO) for the IT users.
14. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Storage manager for SANs
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Deploy a GPO for the Sales OU
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
15. DFL is...
AD Rights Management Services
Win2000 Native
Assign the application to all client computers by using a GPO.
Configure the zone as an Activde Directory-Integrated zone.
16. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Offline domain join
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Purchase one additional Enterprise License
17. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Run adprep /forestprep and adprep /domainprep
Utilize IFM (Install From Media)
Create a standard secondary of domain and create standard secondary of other domain.
Authorization Manager
18. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Administrative Role Separation
Implement GPO for all client computers
From Server1 - run the Create Basic Task Wizard
Zone transfer settings
19. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Execute the Set-ADServiceAccount cmdlet
Authorization Manager
Use CISCO IP Helper command to configure.
Windows Deployment Services (WDS)
20. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Configure Audit Special Logon and define Special Groups
Test-AppLockerPolicy
Active Directory Domains and Trusts
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
21. Tools to view contents of an OU in an AD snapshot...
AD Domains and Trusts
dnscmd
dsa.msc - dsamain.exe - ntdsutil.exe
Ensure your account - or the group is a member of the local Administrators group for that specific server.
22. UPN Suffix xxxx.com needs to be available for user accounts...
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add the new UPN Suffix to the forest
23. In order to manage websites without having to logon you can use
PowerShell 2.0
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure Audit Special Logon and define Special Groups
24. To deploy templates across the organization
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Registry on users computer needs to be modified
DSMOD - ADUC
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
25. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Deploy it by using Group Policy Software Installation method
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
26. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Enable Credential Roaming
Create a new Password Settings Object (PSO) for the IT users.
Active Directory snapshots and Tombstone reanimation
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
27. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Implement a GPO for each domain
Backup operator's domain local group
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
28. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Add the new UPN Suffix to the forest
Microsoft Application Virtualization (AppV)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Use the Local Roles options with dsmgmt.
29. 4 steps to perform offline Defragmentation of AD database...
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy the Root CA certificate to the external computers.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Backup operator's domain local group
30. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Configure Audit Special Logon and define Special Groups
Deploy a GPO to the WebSrvOU
31. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Configure caching on the shared folder (offline files)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
32. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
Event Viewer
CAPublishGP group should have the Manage CA permission.
Passive file screens
33. What utility is used to see what accounts cached on RODC?
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Active Directory Users and Computers
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
34. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Microsoft System Center Data Protection Manager 2010
Win2000
Recommend GPT and basic disks
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
35. To prevent account password from being cached on RODC server...
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Modify properties of RODC server computer account.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
36. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Basic Authentication and SSL
A Distributed File System (DFS) namespace
Install Hyper-V role and convert physical machines into virtual machines
37. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Service user account for AD LDS
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then use on install image file that contains a single install image.
38. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Implement GPO for all client computers
Create and deploy a logon script that runs Auditpol.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Then use Windows Deployment Services (WDS) on DHCP1.
39. If you want to implement BitLocker and store recovery informaiton in a central location
Storage manager for SANs
Ntdsutil
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Use local roles options within "dsmgmt"
40. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Administrative Role Separation
View properties of %systemroot%ntdsntds.dit
Network Load Balancing (NLB) cluster
41. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Enable Credential Roaming
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
42. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
43. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Recommend Group Policy preferences
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Network Load Balancing (NLB) cluster
Windows BitLocker Drive Encryption (Bit Locker)
44. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Modify zone transfer settings for company.com zone on DCA
Install Windows Server Backup and modify the Windows firewall settings
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
45. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Incoming external trust
46. To compact AD database...
Registry on users computer needs to be modified
Properties of PSO need modified
FILES option within Ntdsutil
Configure folder redirection
47. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Microsoft Application Virtualization (AppV)
Dfsrdiag
Zone transfer settings
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
48. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Run adprep /forestprep and adprep /domainprep
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
49. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Implement one LUN for the quorum and another LUN for the data
50. To minimize the amount of storage required you should recommend
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure caching on the shared folder (offline files)
Share and Storage Management
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
