SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Recommend Group Policy preferences
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Use the Local Roles options with dsmgmt.
2. To compact AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Active Directory Right Management Services (AD RMS)
FILES option within Ntdsutil
Add the new UPN Suffix to the forest
3. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Use local roles options within "dsmgmt"
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Distributed File System (DFS) Replication
4. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Event Log Subscriptions
Configure caching on the shared folder (offline files)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
5. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
dnscmd tool
Recommend Active Directory delegation
6. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. To configure Administrator Role Separation for an RODC
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
8. What should be done first to defragment the AD database?
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Then configure GlobalNames zones on each domain controller.
Run net stop ntds
Creating a data collector set that kick off a scritp that either move or delete files.
9. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
10. Striped volumes
Network Load Balancing (NLB) cluster
Improve the performance of File Servers
Configure caching on the shared folder (offline files)
Microsoft Application Virtualization (AppV)
11. What role to keep same time as an external server?
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Basic Authentication and SSL
PDC emulator with w32tm.exe
Deploy the Root CA certificate to the external computers.
12. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
FILES option within Ntdsutil
View properties of %systemroot%ntdsntds.dit
Configure the zone as an Activde Directory-Integrated zone.
13. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Configure event log subscriptions
Create an Active Directory-Integrated zone.
14. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Implement folder redirection by using GPO. Then backup the folder redirection target.
Configure block inheritance on the IT OU
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
15. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Offline domain join
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
16. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
File Server Resource Manager (FSRM) quotas and file screens
Implement Network Access Protection (NAP)
Test-AppLockerPolicy
FILES option within Ntdsutil
17. To allow a specifc user or group to manage the address information for the user accounts...
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Recommend Active Directory delegation
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
18. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Install From Media IFM
Assign the application to all client computers by using a GPO.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
19. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Microsoft Desktop Optimization Pack (MDOP) to your company
Test-AppLockerPolicy
20. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Windows System Resource Manager (WSRM) and configure user policies
New ACCOUNT STORE should be added and configured
AD Rights Management Services
21. UPN Suffix xxxx.com needs to be available for user accounts...
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Windows Deployment Services (WDS)
Add the new UPN Suffix to the forest
22. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Modify properties of RODC server computer account.
IIS Manager user account
Enable Credential Roaming
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
23. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Dsmgmt
Network Load Balancing (NLB)
Certificate Templates
24. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
AD RMS
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
IIS Chared Configuration
Recommend GPT and basic disks
25. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Create a MEDV workspace
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
26. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Administrative Role Separation
Deploy a failover cluster that uses Node and File Share Disk Majority
Add George to the Domain Admins group.
Include a server that runs Microsoft Office SharePoint Server 2010
27. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Winrm quickconfig
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement Windows System Resource Manager (WSRM)
28. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Authorization Manager role assignment
Dfsrdiag
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
29. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Add the Windows Server Backup feature and Windows System Image recovery.
Dfsrdiag
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Microsoft System Center Data Protection Manager
30. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
dnscmd tool
Enable Windows Remote Management (WinRM) on each server.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
MEDV to deploy virtual desktops
31. To modify several user accounts to a new UPN suffix
Then use Windows BitLocker Drive Encryption
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Active Directory Users and Computers utility
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
32. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
33. Auditing the deletion of Registry keys on all Domain Controllers
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
34. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Configure separate application pools for each application
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Include a server that runs Microsoft Office SharePoint Server 2010
35. What should be done to resolve names by using GlobalNames zone?
Utilize IFM (Install From Media)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Passive file screens
dnscmd tool
36. To make deploying the custom Word dictionary easy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Disable Site Link Bridging from IP Properties
Recommend Group Policy preferences
Ensure your account - or the group is a member of the local Administrators group for that specific server.
37. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Recommend GPT and basic disks
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Dsmgmt
38. To help restrict access to Windows 7 computer in the event that it gets stolen implement
IIS Chared Configuration
Event Subscriptions
Windows BitLocker Drive Encryption (Bit Locker)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
39. To minimize the amount of storage required you should recommend
View properties of %systemroot%ntdsntds.dit
Get-ADUser cmdlet
Share and Storage Management
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
40. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Recommend Active Directory delegation
dsa.msc - dsamain.exe - ntdsutil.exe
41. What GPO setting should be configured to prevent all users from running an application?
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Software Restriction Polices
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
42. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
ntdsutil
802.1.x NAP
DFL needs to be Windows Server 2008
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
43. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Configure caching on the shared folder (offline files)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Domain based Distributed File System (DFS) will reduce network traffic
44. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Purchase one additional Enterprise License
Add the Windows Server Backup feature and Windows System Image recovery.
Improve the performance of File Servers
Disable Site Link Bridging from IP Properties
45. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
A Distributed File System (DFS) namespace
Microsoft Desktop Optimization Pack (MDOP)
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
46. If you need to delegate control of server to remote admins group
Add the new UPN Suffix to the forest
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Configure RODC for Administrator Role Separation
47. File that contains the last logon time and custom attributes values for each user in your forest.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
File Server Resource Manager (FSRM) quotas and file screens
Get-ADUser cmdlet
Domain based DFS namespace and configure a DFS replication group
48. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Repadmin
Role Separation
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
49. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Configure authorization rules for Web developers on each web server
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
dnscmd tool
50. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Offline domain join
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Windows Server 2003
Distributed File System (DFS) Replication
