SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
dsa.msc - dsamain.exe - ntdsutil.exe
Role Separation
Storage manager for SANs
Domain based Distributed File System (DFS) namespace and DFS Replication.
2. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
PDC emulator with w32tm.exe
Add George to the Domain Admins group.
Add the Windows Server Backup feature and Windows System Image recovery.
3. When service account passwords need to be changed for SQL they should be...
IIS Manager user account
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Changed manually
Deploy a failover cluster that uses Node and File Share Disk Majority
4. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Create an Active Directory-Integrated zone.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Add the new UPN suffix to the forest.
5. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
DFL needs to be Windows Server 2008
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
The Group Policy Management console
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
6. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Create and deploy a logon script that runs Auditpol.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
7. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
The Group Policy Management console
Recommend Active Directory delegation
Then use on install image file that contains a single install image.
8. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Configure separate application pools for each application
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
ntdsutil
9. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Active Directory Users and Computers utility
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Site
10. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Modify the schema of LDSInst1
Run net stop ntds
Configure Audit Special Logon and define Special Groups
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
11. to prevent VMs from receiving updats from a group policy
Then use Windows BitLocker Drive Encryption
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Increase the tombstone lifetime for the forest.
12. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Deploy it by using Group Policy Software Installation method
Modify the local policy to point to the Internal WSUS server
Attach VHD file created by Windows server backup
13. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Test-AppLockerPolicy
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
14. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Implement Windows BitLocker Drive Encryption (BitLocker)
Properties of PSO need modified
Enable Windows Remote Management (WinRM) on each server.
15. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. To create and additional AD LDS applicaiton directory partition in existing instance...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Ldp
Data Recovery Agent
17. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Zone transfer settings
Repadmin
dsa.msc - dsamain.exe - ntdsutil.exe
Create a new Password Settings Object (PSO) for the IT users.
18. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Raise the DFL to Windows Server 2008 R2.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
19. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Implement Distributed File System Replication (DFSR) on both servers
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy Microsoft System Center Operations Manager (SCOM)
20. To allow a specifc user or group to manage the address information for the user accounts...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
View properties of %systemroot%ntdsntds.dit
Recommend Active Directory delegation
21. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement the Windows Search Service.
22. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Dsmgmt
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Configure RODC for Administrator Role Separation
23. To ensure that a file on a file server do not leave the organization you must implement this.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install and share a printer on a server and then enable printer pooling.
AD RMS
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
24. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Improve the performance of File Servers
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
25. For the users that work remotely that need access to files from the corporate office you should...
Install the RSAT tool on their workstation to provide for more efficient network management
Recommend Offline Files
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Install Hyper-V role and convert physical machines into virtual machines
26. In order to ensure highly available Windows Update servers you should create this.
Configure Audit Special Logon and define Special Groups
Implement one LUN for the quorum and another LUN for the data
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
27. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Share and Storage Management
DFL needs to be Windows Server 2008
28. Striped volumes
Windows Server 2003
Improve the performance of File Servers
Changed manually
Windows XP Mode
29. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Microsoft Application Virtualization (AppV)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Use the Local Roles options with dsmgmt.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
30. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Disable Site Link Bridging from the IP properties
Configure block inheritance on the IT OU
Configure an audit policy by editing the default domain policy and configure Event Forwarding
31. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create a Central Store
Configure the zone as an Activde Directory-Integrated zone.
Offline domain join
32. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Deploy a GPO for the Sales OU
Dynamically expanding VHD's
Distributed File System (DFS) Replication
33. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
From Server A - run Create Basic Task Wizard
Test-AppLockerPolicy
MEDV to deploy virtual desktops
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
34. To make deploying the custom Word dictionary easy
Recommend Group Policy preferences
NOT be able to store that data on an iSCSI SAN
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Disable Site Link Bridging from the IP properties
35. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
From Server A - run Create Basic Task Wizard
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
36. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Raise the DFL to Windows Server 2008 R2.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
37. 4 steps to perform offline Defragmentation of AD database...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Then install new Server 2008 R2 Enterprise subordinate CA.
Dsmgmt
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
38. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Install and share a printer on a server and then enable printer pooling.
39. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Microsoft SharePoint Foundation 2010
Then configure auto enrollment of certificates and Credential Roaming.
Configure authorization rules for Web developers on each web server
40. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Create a MEDV workspace
Changed manually
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
41. If a file server reaches 15% free disk space - you could free up some disk space by
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Active Directory Domains and Trusts
Creating a data collector set that kick off a scritp that either move or delete files.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
42. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Service user account for AD LDS
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Then install new Server 2008 R2 Enterprise subordinate CA.
43. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. If you need to ensure that data is protected by BitLocker then you will...
Purchase one additional Enterprise License
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
NOT be able to store that data on an iSCSI SAN
45. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Then configure GlobalNames zones on each domain controller.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Microsoft System Center Data Protection Manager
Raise the DFL to Windows Server 2008 R2.
46. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Deploy Microsoft System Center Operations Manager (SCOM)
Event Viewer
Install From Media IFM
Increase the tombstone lifetime for the forest.
47. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Site
Import-Module
Implement one LUN for the quorum and another LUN for the data
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
48. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Create a Network Load Balancing cluster.
Certificate Templates
Multipath I/O feature
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
49. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Enable Credential Roaming
Storage manager for SANs
50. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Install Windows Server Backup and modify the Windows firewall settings
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
