SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
From Server A - run Create Basic Task Wizard
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
3. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Role Separation
Create a Network Load Balancing cluster.
4. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Incoming external trust
Administrative Role Separation
Then use Windows Deployment Services (WDS)
5. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Recommend Group Policy preferences
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Group Policy Preferences
6. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Dfsrdiag
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
7. To configure Administrator Role Separation for an RODC
Role Separation
Creating a data collector set that kick off a scritp that either move or delete files.
Use CISCO IP Helper command to configure.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
8. What utility is used to see what accounts cached on RODC?
Configure Audit Special Logon and define Special Groups
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Active Directory Users and Computers
Group Policy Preferences
9. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Disable Site Link Bridging from the IP properties
AD Rights Management Services
Configure folder redirection
10. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
IIS Manager user account
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure authorization rules for Web developers on each web server
Subnet object needs to be created
11. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement GPO for all client computers
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Administrative Role Separation
12. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
dnscmd tool
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
13. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Create and deploy a logon script that runs Auditpol.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
14. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Incoming external trust
Event Subscriptions
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
15. To allow connection to a 256 Kbps ISDN...
Dfsrdiag
DISABLE slow link detection in the GPO
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Configure caching on the shared folder (offline files)
16. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Active Directory Right Management Services (AD RMS)
Incoming external trust
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
17. To compact AD database...
Use CISCO IP Helper command to configure.
FILES option within Ntdsutil
Administrators is the minimum group membership required to complete this procedure.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
18. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Event Subscriptions
19. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Modify zone transfer settings for company.com zone on DCA
Run net stop ntds
Distributed File System (DFS) Replication
Win2000 Native
20. If you need to allow an external partner's computer to access internal network resources by using SSTP
FILES option within Ntdsutil
Deploy the Root CA certificate to the external computers.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Implement the Windows Search Service.
21. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Implement GPO for all client computers
Repadmin
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
22. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Create an e-mail account in AD DS for your RMS users
WSUS server in the branch office in replica mode.
23. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Enable Credential Roaming
Raise the DFL to Windows Server 2008 R2.
Recommend GPT and basic disks
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
24. In order to manage websites without having to logon you can use
Role Separation
Create and deploy a logon script that runs Auditpol.
Dfsrdiag
PowerShell 2.0
25. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add the Windows Server Backup feature and Windows System Image recovery.
Add George to the Domain Admins group.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
26. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy the Root CA certificate to the external computers.
Create a Central Store
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
27. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
IIS Chared Configuration
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
28. You need to ensure that the guest account on all servers is disabled to
DSMOD
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
WDS
29. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Utilize IFM (Install From Media)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
30. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Configure Firewall Group Policies and link them at the Domain level
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
AD RMS
dnscmd
31. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Configure block inheritance on the IT OU
Active Directory Users and Computers
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
32. Auditing the deletion of Registry keys on all Domain Controllers
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Utilize IFM (Install From Media)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Enable Windows Remote Management (WinRM) on each server.
33. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Upgrading DFS to Windows Server 2008 R2
FFL Windows Server 2008 R2
Registry on users computer needs to be modified
34. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Microsoft System Center Data Protection Manager
Modify the schema of LDSInst1
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
35. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Win2000 Native
New ACCOUNT STORE should be added and configured
Active Directory Users and Computers
37. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Import-Module
Modify zone transfer settings for company.com zone on DCA
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Prestage the computer account in AD
38. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
From Server A - run Create Basic Task Wizard
Add the Windows Server Backup feature and Windows System Image recovery.
Implement one LUN for the quorum and another LUN for the data
Active Directory Domains and Trusts
39. GPO setting to prevent all users from running an application
Software Restriction Polices
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Recommend Offline Files
40. To update ADRMS password...
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
802.1.x NAP
Administrative Role Separation
AD Rights Management Services
41. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Site
MEDV to deploy virtual desktops
Configure block inheritance on the IT OU
802.1.x NAP
42. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
CAPublishGP group should have the Manage CA permission.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Dfsrdiag
43. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Restore-ADObject cmdlet
Dsmgmt
Deploy a failover cluster that contains one node in each office.
Windows System Resource Manager (WSRM)
44. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Utilize IFM (Install From Media)
Folder redirection. Folder redirection is also useful when using roamin profiles.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
45. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Enable Credential Roaming
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
46. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
ntdsutil
Back up to an external USB drive by using Windows Server Backup
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
47. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Enable Windows Remote Management (WinRM) on each server.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
DFL needs to be Windows Server 2008
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
48. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Recommend Group Policy preferences
Then use on install image file that contains a single install image.
49. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Create a Network Load Balancing cluster.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Deploy a failover cluster that contains one node in each office.
50. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Ntfrsutil
PDC emulator with w32tm.exe
Microsoft SharePoint Foundation 2010
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
