Instructions:

• Answer 50 questions in 15 minutes.
• If you are not ready to take this test, you can study here.
• Match each statement with the correct term.
• Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Subnet object needs to be created
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.


2. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Windows BitLocker Drive Encryption (Bit Locker)
Certificate Templates
Use local roles options within "dsmgmt"
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.


3. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Use CISCO IP Helper command to configure.
Windows Deployment Services (WDS)
Winrm quickconfig
IIS Chared Configuration


4. FFL is...
Win2000
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Repadmin


5. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Import-Module
IIS Manager user account
Then use on install image file that contains a single install image.
Windows Server 2003


6. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Microsoft Application Virtualization (AppV)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Run auditpol and then configure the Security settings of the Domain Controllers OU.


7. Ensure password length for a group set to 12 characters long while others keep password policy
Recommend Group Policy preferences
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create an e-mail account in AD DS for your RMS users
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)


8. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Ensure your account - or the group is a member of the local Administrators group for that specific server.


9. A specific application requires registry modifications to be in place before installing; you should use
Upgrading DFS to Windows Server 2008 R2
Jill came down with 2.50.
Group Policy Preferences
Then configure GlobalNames zones on each domain controller.


10. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Basic Authentication and SSL
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Get-ADUser cmdlet


11. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


12. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Microsoft System Center Data Protection Manager
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Configure separate application pools for each application


13. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
FFL Windows Server 2008 R2
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Disable Site Link Bridging from the IP properties
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)


14. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
MEDV to deploy virtual desktops
Recommend Active Directory delegation
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Raise the DFL to Windows Server 2008 R2.


15. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Configure event log subscriptions
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Network Load Balancing (NLB)


16. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


17. To build a highly secure server cluster with a reduced attack surface area
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
New ACCOUNT STORE should be added and configured
The Group Policy Management Console
Dsmgmt


18. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Group Policy Preferences
Event Viewer
Win2000
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie


19. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Install the RSAT tool on their workstation to provide for more efficient network management
Then use Windows Deployment Services (WDS) on DHCP1.
Domain based Distributed File System (DFS) will reduce network traffic


20. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Implement Shadow Copies
Enable - ADoptionalFeature cmdlet
Enable Windows Remote Management (WinRM) on the servers.


21. GPO setting to prevent all users from running an application
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Microsoft System Center Data Protection Manager
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Software Restriction Polices


22. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.


23. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Dfsrdiag
Run the Delegation of Control Wizard on the Staff OU
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie


24. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Windows System Resource Manager (WSRM)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure block inheritance on the IT OU
Distributed File System (DFS) Replication


25. To join a server/PC outside of the domain to the network...
Use local roles options within "dsmgmt"
Zone transfer settings
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Then use Windows BitLocker Drive Encryption


26. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement Windows System Resource Manager (WSRM) and configure user policies
Microsoft Desktop Optimization Pack (MDOP)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.


27. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
View properties of %systemroot%ntdsntds.dit
dsa.msc - dsamain.exe - ntdsutil.exe


28. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Use Netsh tool from administrator's computer.
Dynamically expanding VHD's
Execute the Active Directory Diagnostics Data Collector Set and then review the report.


29. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Create an Active Directory-Integrated zone.
From Server A - run Create Basic Task Wizard
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Windows Server 2003


30. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Enable - ADoptionalFeature cmdlet
Add the new UPN Suffix to the forest
Upgrading DFS to Windows Server 2008 R2


31. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Include a server that runs Microsoft Office SharePoint Server 2010
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Event Subscriptions
Authorization Manager


32. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Implement Windows System Resource Manager (WSRM) and configure user policies
Create a MEDV workspace
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.


33. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
dsa.msc - dsamain.exe - ntdsutil.exe
Modify properties of RODC server computer account.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.


34. Need to access some resources in another domain that is part of another forest...What trust is created?
Subnet object needs to be created
From Server1 - run the Create Basic Task Wizard
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Incoming external trust


35. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Perform an authoritative restore
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Backup operator's domain local group


36. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Windows BitLocker Drive Encryption (Bit Locker)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Create and deploy a logon script that runs Auditpol.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.


37. To compact AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
FILES option within Ntdsutil
Then use Windows BitLocker Drive Encryption


38. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Then configure GlobalNames zones on each domain controller.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
fsconfig on FSSrv2


39. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Passive file screens
Windows XP Mode
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer


41. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Enable Windows Remote Management (WinRM) on the servers.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
NOT be able to store that data on an iSCSI SAN
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).


42. The Computer Management snap-in allows you to create shares both on...
Your machine and remote desktops
Event Viewer
Implement GPO for all client computers
Encrypting File System (EFS). This can be enabled locally or through a GPO.


43. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie


44. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Domain based Distributed File System (DFS) namespace and DFS Replication.
FFL Windows Server 2008 R2
Implement Network Access Protection (NAP)
Folder redirection. Folder redirection is also useful when using roamin profiles.


45. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


46. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


47. File that contains the last logon time and custom attributes values for each user in your forest.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
dsa.msc - dsamain.exe - ntdsutil.exe
Get-ADUser cmdlet


48. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
FFL Windows Server 2008 R2
Configure caching on the shared folder (offline files)
Windows BitLocker Drive Encryption (Bit Locker)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.


49. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
A relying party trust should be created.
Implement Windows System Resource Manager (WSRM) and configure user policies
AD Rights Management Services
Configure offline files and enable manual caching


50. For the users that work remotely that need access to files from the corporate office you should...
Prestage the computer account in AD
Create an e-mail account in AD DS for your RMS users
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Recommend Offline Files