SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
DISABLE slow link detection in the GPO
Implement Windows System Resource Manager (WSRM) and configure user policies
2. DFL is...
Dfsrdiag
Implement Shadow Copies
Win2000 Native
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
3. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Administrators is the minimum group membership required to complete this procedure.
Group Policy Preferences
Implement a GPO for each domain
4. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Then use Windows Deployment Services (WDS)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Dfsrdiag
Configure authorization rules for Web developers on each web server
6. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Recommend GPT and basic disks
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
7. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
PDC emulator with w32tm.exe
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Disable Site Link Bridging from IP Properties
8. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Passive file screens
Enable Windows Remote Management (WinRM) on each server.
9. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Deploy it by using Group Policy Software Installation method
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
10. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Autonomous mode...This allows the local administrator to approve their own updates.
Configure block inheritance on the IT OU
11. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
dnscmd
Deploy Microsoft System Center Operations Manager (SCOM)
Active Directory Domains and Trusts
Ntdsutil
12. 4 steps to perform authoritative restore of a deleted OU...
Create and deploy a logon script that runs Auditpol.
View properties of %systemroot%ntdsntds.dit
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Add the new UPN Suffix to the forest
13. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Run the Delegation of Control Wizard on the Staff OU
Zone transfer settings
dnscmd
14. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
CAPublishGP group should have the Manage CA permission.
Then use Windows Deployment Services (WDS) on DHCP1.
15. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Modify properties of RODC server computer account.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Incoming external trust
16. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
dnscmd
From Server A - run Create Basic Task Wizard
Administrators is the minimum group membership required to complete this procedure.
17. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
Create a Network Load Balancing cluster.
Then use on install image file that contains a single install image.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
18. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure Firewall Group Policies and link them at the Domain level
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
19. Need to ensure users receive updated template within five days...
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Registry on users computer needs to be modified
IIS Chared Configuration
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
20. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Prestage the computer account in AD
A relying party trust should be created.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
21. To delegate authority to users to manage only certain areas in Hyper-V use the
net stop ntds
Authorization Manager role assignment
Your machine and remote desktops
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
22. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Modify properties of RODC server computer account.
Implement a GPO for each domain
Data Recovery Agent
Windows Server 2003
23. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Software Restriction Polices
Win2000
Configure Firewall Group Policies and link them at the Domain level
Administrators is the minimum group membership required to complete this procedure.
24. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
NOT be able to store that data on an iSCSI SAN
Create an e-mail account in AD DS for your RMS users.
Repadmin
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
25. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploy a GPO to the WebSrvOU
Assign the application to all client computers by using a GPO.
802.1.x NAP
26. What should be done first to defragment the AD database?
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Run net stop ntds
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Active Directory snapshots and Tombstone reanimation
27. To build a highly secure server cluster with a reduced attack surface area
Configure separate application pools for each application
Deploy it by using Group Policy Software Installation method
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
28. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Restore-ADObject cmdlet
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
29. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
From Server1 - run the Create Basic Task Wizard
Raise the DFL to Windows Server 2008 R2.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Properties of PSO need modified
30. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Get-ADUser cmdlet
Improve the performance of File Servers
31. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Create an Active Directory-Integrated zone.
Add the Windows Server Backup feature and Windows System Image recovery.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
32. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
From Server A - run Create Basic Task Wizard
File Server Resource Manager (FSRM) quotas and file screens
Then use Windows Deployment Services (WDS) on DHCP1.
Configure offline files and enable manual caching
33. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Run the Delegation of Control Wizard on the Staff OU
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement Network Access Protection (NAP)
Create a MEDV workspace
34. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Set-ADServiceAccount cmdlet
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Use a GPO to configure device installation restrictions
35. If you need to allow an external partner's computer to access internal network resources by using SSTP
Back up to an external USB drive by using Windows Server Backup
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Modify the schema of LDSInst1
Deploy the Root CA certificate to the external computers.
36. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Distributed File System (DFS) Replication
Deploy Microsoft System Center Operations Manager (SCOM)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
37. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Configure separate application pools for each application
Event Log Subscriptions
Offline domain join
Subnet object needs to be created
38. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
DSMOD - ADUC
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Install Windows Server Backup and modify the Windows firewall settings
WSUS server in the branch office in replica mode.
39. You need to ensure that the guest account on all servers is disabled to
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
WDS
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure block inheritance on the IT OU
40. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Implement a GPO for each domain
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
A relying party trust should be created.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
41. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Microsoft Desktop Optimization Pack (MDOP)
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Domain based DFS namespace and configure a DFS replication group
42. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Improve the performance of File Servers
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
43. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
New ACCOUNT STORE should be added and configured
Windows Server 2003
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
44. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Add the Windows Server Backup feature and Windows System Image recovery.
Implement a domain-based DFS namespace that uses replication
Implement Network Access Protection (NAP) that uses 802.1x enforcement
45. To ensure that recovery is possible if a file on a file server is deleted accidentally
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement Shadow Copies
46. To add a server with AD FS 2.0 role to an existing AD FS farm...
Create a standard secondary of domain and create standard secondary of other domain.
Authorization Manager role assignment
fsconfig on FSSrv2
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
47. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Include a server that runs Microsoft Office SharePoint Server 2010
Test-AppLockerPolicy
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
48. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Administrators is the minimum group membership required to complete this procedure.
Configure the zone as an Activde Directory-Integrated zone.
Then use Windows Deployment Services (WDS) on DHCP1.
Microsoft System Center Data Protection Manager 2010
49. Jack and Jill go up the hill - both with a buck and a quarter
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Jill came down with 2.50.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Autonomous mode...This allows the local administrator to approve their own updates.
50. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
DFL needs to be Windows Server 2008
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
