SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
2. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
DSMOD - ADUC
Network Load Balancing (NLB) cluster
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
3. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Software Restriction Polices
Offline domain join
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Dynamically expanding VHD's
4. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Use CISCO IP Helper command to configure.
Software Restriction Polices
DSMOD - ADUC
5. To delegate authority to users to manage only certain areas in Hyper-V use the
Jill came down with 2.50.
ntdsutil
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Authorization Manager role assignment
6. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Win2000 Native
AD Domains and Trusts
7. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Purchase one additional Enterprise License
Authorization Manager
Recommend GPT and basic disks
8. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
WSUS server in the branch office in replica mode.
WDS
Implement Windows System Resource Manager (WSRM)
9. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Printer driver isolation
Install Windows Server Backup and modify the Windows firewall settings
Properties of PSO need modified
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
10. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Disable Site Link Bridging from the IP properties
Configure event log subscriptions
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
11. To be able to manage all the corporate servers from a workstation - you must install the
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Create an Active Directory-Integrated zone.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Then use on install image file that contains a single install image.
12. Need to ensure users receive updated template within five days...
Incoming external trust
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Registry on users computer needs to be modified
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
13. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Passive file screens
Then use on install image file that contains a single install image.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
14. What shold be done to configure AD RMS so users can protect their data?
Create an e-mail account in AD DS for your RMS users
Implement Windows System Resource Manager (WSRM) and configure user policies
Windows Server 2003
Implement Network Access Protection (NAP)
15. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Create and deploy a logon script that runs Auditpol.
An Active Directory subnet object needs to be created.
Configure event log subscriptions
Enable - ADoptionalFeature cmdlet
16. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Test-AppLockerPolicy
Winrm quickconfig
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
A relying party trust should be created.
17. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Incoming external trust
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Modify zone transfer settings for company.com zone on DCA
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
18. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Recommend Offline Files
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
19. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
The Group Policy Management console
Create an e-mail account in AD DS for your RMS users
20. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Use a GPO to configure device installation restrictions
Properties of PSO need modified
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
21. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
An Active Directory subnet object needs to be created.
Repadmin
Microsoft Desktop Optimization Pack (MDOP)
Install Hyper-V role and convert physical machines into virtual machines
22. To add a new UPN for all user accounts...
Implement Windows System Resource Manager (WSRM)
Install Windows Server Backup and modify the Windows firewall settings
AD Domains and Trusts
Folder redirection. Folder redirection is also useful when using roamin profiles.
23. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
24. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Data Recovery Agent
Configure block inheritance on the IT OU
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
25. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Additional DFS Targets
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
26. If you need to be able to create shared folders on Server 2008 R2
Domain based Distributed File System (DFS) will reduce network traffic
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
27. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Create an e-mail account in AD DS for your RMS users.
Get-ADUser cmdlet
28. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Modify the GPO to include folder redirection
The Group Policy Management console
Implement Network Access Protection (NAP)
Attach VHD file created by Windows server backup
29. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Install Hyper-V role and convert physical machines into virtual machines
Modify zone transfer settings for company.com zone on DCA
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
30. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Deploy a GPO for the Sales OU
Perform an authoritative restore
A Distributed File System (DFS) namespace
Creating a data collector set that kick off a scritp that either move or delete files.
31. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Offline domain join
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement folder redirection by using GPO. Then backup the folder redirection target.
Install Hyper-V role and convert physical machines into virtual machines
32. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
33. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Create and deploy a logon script that runs Auditpol.
Additional DFS Targets
Enable Windows Remote Management (WinRM) on the servers.
34. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Administrators is the minimum group membership required to complete this procedure.
Increase the tombstone lifetime for the forest.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Enable Windows Remote Management (WinRM) on each server.
35. UPN Suffix xxxx.com needs to be available for user accounts...
PowerShell 2.0
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy a failover cluster that uses Node and File Share Disk Majority
Add the new UPN Suffix to the forest
36. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Administrators is the minimum group membership required to complete this procedure.
FILES option within Ntdsutil
Implement a domain-based DFS namespace that uses replication
37. When recommending a monitoring solution for an application so that it's events can be stored in a central
Add the Windows Server Backup feature and Windows System Image recovery.
Event Subscriptions
Run net stop ntds
IIS Manager user account
38. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
AD Rights Management Services
Deploy it by using Group Policy Software Installation method
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
39. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Configure RODC for Administrator Role Separation
Deploy a GPO to the WebSrvOU
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
40. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Active Directory Domains and Trusts
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
41. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
Then use Windows BitLocker Drive Encryption
Dfsrdiag
Offline domain join
42. To deploy templates across the organization
Event Viewer
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Raise the DFL to Windows Server 2008 R2.
Use CISCO IP Helper command to configure.
43. To determine size of AD database file...
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
View properties of %systemroot%ntdsntds.dit
Your machine and remote desktops
Deploy a GPO to the WebSrvOU
44. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Printer driver isolation
MEDV to deploy virtual desktops
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
45. File that contains the last logon time and custom attributes values for each user in your forest.
Implement the Windows Search Service.
Microsoft SharePoint Foundation 2010
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Get-ADUser cmdlet
46. To identify users who bypass the new corporate security policy -
Configure Audit Special Logon and define Special Groups
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy a failover cluster that uses Node and File Share Disk Majority
47. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure separate application pools for each application
Import-Module
Active Directory Users and Computers utility
48. The strongest form of NAP is
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
djoin /requesteodj from internal server - djoin /provision from outside server/PC
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Windows XP Mode
49. to prevent VMs from receiving updats from a group policy
Ldp
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Raise the DFL to Windows Server 2008 R2.
50. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
CAPublishGP group should have the Manage CA permission.
Configure offline files and enable manual caching
Autonomous mode...This allows the local administrator to approve their own updates.
