SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Implement the Windows Search Service.
Implement a domain-based DFS namespace that uses replication
Microsoft System Center Data Protection Manager
IIS Chared Configuration
2. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Implement Windows System Resource Manager (WSRM) and configure user policies
3. If a file server reaches 15% free disk space - you could free up some disk space by
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
PDC emulator with w32tm.exe
Creating a data collector set that kick off a scritp that either move or delete files.
Software Restriction Polices
4. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Assign the application to all client computers by using a GPO.
Implement GPO for all client computers
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
5. Capture all replication errors from all your DCs to a central location...
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Configure event log subscriptions
6. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Run adprep /forestprep and adprep /domainprep
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Restore-ADObject cmdlet
A Distributed File System (DFS) namespace
7. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Configure Firewall Group Policies and link them at the Domain level
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
8. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
A Distributed File System (DFS) namespace
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Add the new UPN Suffix to the forest
9. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Network Load Balancing (NLB) cluster
Refresh the zone on DNS2
Autonomous mode...This allows the local administrator to approve their own updates.
Configure caching on the shared folder (offline files)
10. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Implement Windows System Resource Manager (WSRM)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
11. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
AD Rights Management Services
A Distributed File System (DFS) namespace
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
12. To add a new UPN for all user accounts...
Attach VHD file created by Windows server backup
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Passive file screens
AD Domains and Trusts
13. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Microsoft Application Virtualization (AppV)
Set-ADServiceAccount cmdlet
DFL needs to be Windows Server 2008
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
14. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Get-ADUser cmdlet
Implement a Remote Desktop Connection Broker (RD Connection Broker)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
15. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Then use on install image file that contains a single install image.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Incoming external trust
16. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Test-AppLockerPolicy
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Implement a GPO for each domain
Run auditpol and then configure the Security settings of the Domain Controllers OU.
17. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Modify the local policy to point to the Internal WSUS server
Implement folder redirection by using GPO. Then backup the folder redirection target.
Add the new UPN suffix to the forest.
Deploy the Root CA certificate to the external computers.
18. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Backup operator's domain local group
Basic Authentication and SSL
19. A specific application requires registry modifications to be in place before installing; you should use
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Create a new Password Settings Object (PSO) for the IT users.
Group Policy Preferences
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
20. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Implement a domain-based DFS namespace that uses replication
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Zone transfer settings
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
21. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
WSUS server in the branch office in replica mode.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
22. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Role Separation
DSMOD - ADUC
The Group Policy Management console
23. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Enable Credential Roaming
Configure Firewall Group Policies and link them at the Domain level
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Distributed File System Replication (DFSR) on both servers
24. In order to manage websites without having to logon you can use
PowerShell 2.0
New ACCOUNT STORE should be added and configured
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
25. New password settings object (PSO) created and needs to be applied to user
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Properties of PSO need modified
Active Directory Users and Computers utility
26. To configure AD FS so tokens contain information from Active Directory domain...
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Repadmin
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
New ACCOUNT STORE should be added and configured
27. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Enable - ADoptionalFeature cmdlet
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
28. If you need to ensure that data is protected by BitLocker then you will...
Microsoft System Center Data Protection Manager
NOT be able to store that data on an iSCSI SAN
Disable Site Link Bridging from IP Properties
AD RMS
29. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Active Directory Right Management Services (AD RMS)
Event Subscriptions
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
30. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Create a MEDV workspace
Deploy a failover cluster that contains one node in each office.
Microsoft Desktop Optimization Pack (MDOP) to your company
31. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Software Restriction Polices
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Authorization Manager
Execute the Set-ADServiceAccount cmdlet
32. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Add the new UPN suffix to the forest.
Share and Storage Management
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
33. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Administrators is the minimum group membership required to complete this procedure.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
34. Auditing the deletion of Registry keys on all Domain Controllers
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure event log subscriptions
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
35. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
dsa.msc - dsamain.exe - ntdsutil.exe
36. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
DFL needs to be Windows Server 2008
Implement File Server Resource Manager (FSRM) quotas on the desired servers
WSUS server in the branch office in replica mode.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
37. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement the Windows Search Service.
Implement a domain-based DFS namespace that uses replication
DISABLE slow link detection in the GPO
38. You need to relocate an AD LDS instance from C: Drive to D: Drive
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Add-ADFineGrainedPasswordPolicySubject cmdlet
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
39. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Assign the application to all client computers by using a GPO.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
40. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
DISABLE slow link detection in the GPO
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Refresh the zone on DNS2
41. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Enable - ADoptionalFeature cmdlet
Then use Windows Deployment Services (WDS) on DHCP1.
42. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Group Policy Preferences
43. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Test-AppLockerPolicy
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Win2000 Native
44. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Prestage the computer account in AD
MEDV to deploy virtual desktops
Back up to an external USB drive by using Windows Server Backup
45. to increase the reliability of the print server - configure...
Incoming external trust
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Printer driver isolation
46. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Perform an authoritative restore
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
fsconfig on FSSrv2
47. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement the Windows Search Service.
From Server A - run Create Basic Task Wizard
48. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Create an Active Directory-Integrated zone.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Windows Deployment Services (WDS)
49. To be able to user an application from one AD FS with authentication server to another...
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
A relying party trust should be created.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Add the new UPN suffix to the forest.
50. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Administrative Role Separation
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.