SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Create a new Password Settings Object (PSO) for the IT users.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
PowerShell 2.0
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
2. To allow a user to administer Active Directory
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Service user account for AD LDS
Enable Credential Roaming
Add the user to the Domain Admins global group
3. To compact AD database...
Configure event log subscriptions
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
FILES option within Ntdsutil
Dsmgmt
4. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
ntdsutil
Recommend GPT and basic disks
5. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Active Directory Domains and Trusts
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
6. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Improve the performance of File Servers
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
7. 4 steps to perform authoritative restore of a deleted OU...
Create an Active Directory-Integrated zone.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
8. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Install Hyper-V role and convert physical machines into virtual machines
Ntfrsutil
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
9. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Install From Media IFM
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a Network Load Balancing cluster.
10. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Configure offline files and enable manual caching
A Distributed File System (DFS) namespace
Dsmgmt
11. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
AD Rights Management Services
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
12. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Upgrading DFS to Windows Server 2008 R2
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
13. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then install new Server 2008 R2 Enterprise subordinate CA.
Software Restriction Polices
14. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Run net stop ntds
Microsoft SharePoint Foundation 2010
Share and Storage Management
15. A specific application requires registry modifications to be in place before installing; you should use
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Group Policy Preferences
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
16. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Data Recovery Agent
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
17. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the GPO to include folder redirection
Use a GPO to configure device installation restrictions
Modify the schema of LDSInst1
dsa.msc - dsamain.exe - ntdsutil.exe
18. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Jill came down with 2.50.
Zone transfer settings
Configure offline files and enable manual caching
19. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Enable - ADoptionalFeature cmdlet
Distributed File System (DFS) Replication
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Autonomous mode...This allows the local administrator to approve their own updates.
20. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Disable Site Link Bridging from the IP properties
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Repadmin
21. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
FILES option within Ntdsutil
IIS Manager user account
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
22. New Password Policy needs to be created for OU different from domain password policy
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Then install new Server 2008 R2 Enterprise subordinate CA.
ntdsutil
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
23. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Deploy the Root CA certificate to the external computers.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Modify the local policy to point to the Internal WSUS server
Implement a Remote Desktop Connection Broker (RD Connection Broker)
24. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
net stop ntds
Create an e-mail account in AD DS for your RMS users
Dfsrdiag
25. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Jill came down with 2.50.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
26. What should be done to resolve names by using GlobalNames zone?
dsa.msc - dsamain.exe - ntdsutil.exe
MEDV to deploy virtual desktops
Ntfrsutil
dnscmd tool
27. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
802.1.x NAP
Configure offline files and enable manual caching
Event Viewer
28. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Create an e-mail account in AD DS for your RMS users
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
DISABLE slow link detection in the GPO
dnscmd
29. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use on install image file that contains a single install image.
Implement Windows System Resource Manager (WSRM)
Then use Windows Deployment Services (WDS) on DHCP1.
Assign the application to computers in the PC OU
30. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Printer driver isolation
Create a Network Load Balancing cluster.
31. To add a new UPN for all user accounts...
Test-AppLockerPolicy
Your machine and remote desktops
AD Domains and Trusts
AD Rights Management Services
32. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Purchase one additional Enterprise License
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Install and share a printer on a server and then enable printer pooling.
33. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
dnscmd
From Server A - run Create Basic Task Wizard
DSMOD - ADUC
Win2000 Native
34. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Certificate Templates
Utilize IFM (Install From Media)
35. Capture all replication errors from all your DCs to a central location...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Microsoft Desktop Optimization Pack (MDOP)
Windows BitLocker Drive Encryption (Bit Locker)
Configure event log subscriptions
36. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Raise the DFL to Windows Server 2008 R2.
37. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Domain based Distributed File System (DFS) will reduce network traffic
Modify the GPO to include folder redirection
Implement a GPO for each domain
38. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Use a GPO to configure device installation restrictions
Properties of PSO need modified
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Role Separation
39. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Dsmgmt
Windows Server 2003
Test-AppLockerPolicy
Implement Network Access Protection (NAP) that uses 802.1x enforcement
40. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
41. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Incoming external trust
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Microsoft Desktop Optimization Pack (MDOP) to your company
42. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Test-AppLockerPolicy
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Service user account for AD LDS
43. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Execute the Set-ADServiceAccount cmdlet
44. To create AD Domain Services snapshot
dsa.msc - dsamain.exe - ntdsutil.exe
802.1.x NAP
Ntdsutil
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
45. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
46. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Enable Windows Remote Management (WinRM) on each server.
Create and deploy a logon script that runs Auditpol.
47. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
48. You need to recommend a BitLocker recovery method you should recommend this.
Data Recovery Agent
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Modify zone transfer settings for company.com zone on DCA
Authorization Manager role assignment
49. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Disable Site Link Bridging from the IP properties
NOT be able to store that data on an iSCSI SAN
Configure caching on the shared folder and configure offline files to use encryption
50. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Disable Site Link Bridging from IP Properties
Deploy it by using Group Policy Software Installation method
Domain based Distributed File System (DFS) will reduce network traffic
Configure RODC for Administrator Role Separation
