SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To backup GPO's in domain and minimize bakcup...
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Configure caching on the shared folder and configure offline files to use encryption
The Group Policy Management Console
Windows Deployment Services (WDS)
2. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement Windows BitLocker Drive Encryption (BitLocker)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
3. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
NOT be able to store that data on an iSCSI SAN
dnscmd
Install Hyper-V role and convert physical machines into virtual machines
Include a server that runs Microsoft Office SharePoint Server 2010
5. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement GPO for all client computers
6. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Site
FFL Windows Server 2008 R2
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Disable Site Link Bridging from IP Properties
7. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Certificate Templates
Assign the application to all client computers by using a GPO.
Service user account for AD LDS
8. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Role Separation
Ldp
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
9. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Active Directory Users and Computers
Multipath I/O feature
Microsoft Desktop Optimization Pack (MDOP)
Implement Network Access Protection (NAP)
10. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Install and share a printer on a server and then enable printer pooling.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
DFL needs to be Windows Server 2008
Modify the schema of LDSInst1
11. You need to deploy a sales application that only the sales users must have access to
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Deploy a GPO for the Sales OU
Implement the Windows Search Service.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
12. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
From Server1 - run the Create Basic Task Wizard
13. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. To ensure that a file on a file server do not leave the organization you must implement this.
Deploy a GPO for the Sales OU
ntdsutil
AD RMS
Execute the Set-ADServiceAccount cmdlet
15. To compact AD database...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Administrators is the minimum group membership required to complete this procedure.
FILES option within Ntdsutil
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
16. If you want to allow single-label name resolution
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Jill came down with 2.50.
Add the Windows Server Backup feature and Windows System Image recovery.
Then configure GlobalNames zones on each domain controller.
17. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Windows XP Mode
Attach VHD file created by Windows server backup
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
AD RMS
18. When deploying an application using the Group Policy distribution method assign the...
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Offline domain join
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
19. You need to design your WSUS infrastructure so that updates are highly available. To do so
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Recommend Offline Files
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
20. What shold be done to configure AD RMS so users can protect their data?
Role Separation
AD Rights Management Services
Dfsrdiag
Create an e-mail account in AD DS for your RMS users
21. If users complain that it is hard to find the shared folders on the network implement
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Recommend Active Directory delegation
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Additional DFS Targets
22. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Disable Site Link Bridging from the IP properties
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Enable - ADoptionalFeature cmdlet
Use Netsh tool from administrator's computer.
23. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Disable Site Link Bridging from IP Properties
Configure Audit Special Logon and define Special Groups
Create a Network Load Balancing cluster.
24. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Restore-ADObject cmdlet
25. To make deploying the custom Word dictionary easy
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Recommend Group Policy preferences
DISABLE slow link detection in the GPO
26. UPN Suffix xxxx.com needs to be available for user accounts...
Service user account for AD LDS
Test-AppLockerPolicy
MEDV to deploy virtual desktops
Add the new UPN Suffix to the forest
27. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Upgrading DFS to Windows Server 2008 R2
Ldp
28. If you need to ensure that data is protected by BitLocker then you will...
DFL needs to be Windows Server 2008
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
NOT be able to store that data on an iSCSI SAN
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
29. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Autonomous mode...This allows the local administrator to approve their own updates.
Deploy the Root CA certificate to the external computers.
Microsoft SharePoint Foundation 2010
30. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Configure the zone as an Activde Directory-Integrated zone.
Prestage the computer account in AD
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
New ACCOUNT STORE should be added and configured
31. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement the Windows Search Service.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
32. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Software Restriction Polices
Offline domain join
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy it by using Group Policy Software Installation method
33. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure the zone as an Activde Directory-Integrated zone.
AD Rights Management Services
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
34. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Zone transfer settings
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
35. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
IIS Manager user account
Implement one LUN for the quorum and another LUN for the data
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
36. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Event Subscriptions
37. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
From Server A - run Create Basic Task Wizard
djoin /requesteodj from internal server - djoin /provision from outside server/PC
A Distributed File System (DFS) namespace
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
38. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
DSMOD - ADUC
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
39. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Enable Windows Remote Management (WinRM) on each server.
Passive file screens
Group Policy Preferences
MEDV to deploy virtual desktops
40. To restore deleted user account from AD Recycle Bin...
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Restore-ADObject cmdlet
Then use Windows BitLocker Drive Encryption
41. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Implement folder redirection by using GPO. Then backup the folder redirection target.
Configure separate application pools for each application
Configure RODC for Administrator Role Separation
Certificate Templates
42. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
A relying party trust should be created.
43. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
MEDV to deploy virtual desktops
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Increase the tombstone lifetime for the forest.
44. What role to keep same time as an external server?
PDC emulator with w32tm.exe
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
45. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
CAPublishGP group should have the Manage CA permission.
46. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Modify zone transfer settings for company.com zone on DCA
Then use Windows Deployment Services (WDS) on DHCP1.
MEDV to deploy virtual desktops
47. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Implement Network Access Protection (NAP)
Create a Network Load Balancing cluster.
Run the Delegation of Control Wizard on the Staff OU
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
48. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure the zone as an Activde Directory-Integrated zone.
49. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Configure block inheritance on the IT OU
Windows System Resource Manager (WSRM)
Install From Media IFM
50. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
View properties of %systemroot%ntdsntds.dit
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Registry on users computer needs to be modified
Implement File Server Resource Manager (FSRM) quotas on the desired servers
