SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Back up to an external USB drive by using Windows Server Backup
Dynamically expanding VHD's
2. To defragment and AD database...
net stop ntds
Authorization Manager
Configure offline files and enable manual caching
Run auditpol and then configure the Security settings of the Domain Controllers OU.
3. To make deploying the custom Word dictionary easy
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Recommend Group Policy preferences
Implement Network Access Protection (NAP)
Dynamically expanding VHD's
4. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
fsconfig on FSSrv2
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
5. An AD LDS instance needs to be replicated from one server to another...
WSUS server in the branch office in replica mode.
Add the Windows Server Backup feature and Windows System Image recovery.
Service user account for AD LDS
Implement a GPO for each domain
6. To build a highly secure server cluster with a reduced attack surface area
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Get-ADUser cmdlet
7. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Test-AppLockerPolicy
Zone transfer settings
Use the Local Roles options with dsmgmt.
8. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Implement Distributed File System Replication (DFSR) on both servers
Create an e-mail account in AD DS for your RMS users.
DSMOD
9. When recommending a monitoring solution for an application so that it's events can be stored in a central
Repadmin
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Event Subscriptions
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
10. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Configure RODC for Administrator Role Separation
Autonomous mode...This allows the local administrator to approve their own updates.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Domain based DFS namespace and configure a DFS replication group
11. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Create a Central Store
dnscmd
Ldp
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
12. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Administrators is the minimum group membership required to complete this procedure.
13. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
14. You need a solution that meets policy while minimizing hardware and software costs
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Create a new Password Settings Object (PSO) for the IT users.
Increase the tombstone lifetime for the forest.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
15. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Restore-ADObject cmdlet
Run the Delegation of Control Wizard on the Staff OU
Implement Shadow Copies
16. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Create and deploy a logon script that runs Auditpol.
Ntfrsutil
Implement Windows BitLocker Drive Encryption (BitLocker)
Run net stop ntds
17. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Deploy a failover cluster that uses Node and File Share Disk Majority
Modify properties of RODC server computer account.
Enable Windows Remote Management (WinRM) on the servers.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
18. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
File Server Resource Manager (FSRM) quotas and file screens
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Ntfrsutil
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
19. The Computer Management snap-in allows you to create shares both on...
Then use Windows BitLocker Drive Encryption
Add-ADFineGrainedPasswordPolicySubject cmdlet
Offline domain join
Your machine and remote desktops
20. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Distributed File System (DFS) Replication
Dsmgmt
21. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Distributed File System (DFS) Replication
Deploy a failover cluster that uses Node and File Share Disk Majority
IIS Manager user account
22. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Implement Network Access Protection (NAP)
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Configure Firewall Group Policies and link them at the Domain level
23. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Authorization Manager
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement GPO for all client computers
Active Directory snapshots and Tombstone reanimation
24. Tools to view contents of an OU in an AD snapshot...
MEDV to deploy virtual desktops
dsa.msc - dsamain.exe - ntdsutil.exe
Microsoft Application Virtualization (AppV)
File Server Resource Manager (FSRM) quotas and file screens
25. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Configure block inheritance on the IT OU
Basic Authentication and SSL
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
26. to make shares at a remote location available to users you should implement this.
Microsoft Desktop Optimization Pack (MDOP)
Domain based Distributed File System (DFS) namespace and DFS Replication.
DSMOD - ADUC
Recommend Group Policy preferences
27. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Create an Active Directory-Integrated zone.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Then configure auto enrollment of certificates and Credential Roaming.
28. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
View properties of %systemroot%ntdsntds.dit
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Encrypting File System (EFS). This can be enabled locally or through a GPO.
29. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
FFL Windows Server 2008 R2
Configure Firewall Group Policies and link them at the Domain level
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
30. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
IIS Manager user account
Create an e-mail account in AD DS for your RMS users.
Modify zone transfer settings for company.com zone on DCA
Then use Windows Deployment Services (WDS)
31. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Ntdsutil
An Active Directory subnet object needs to be created.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Then use Windows Deployment Services (WDS) on DHCP1.
32. DFL is...
Win2000 Native
Then use Windows Deployment Services (WDS) on DHCP1.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Create a standard secondary of domain and create standard secondary of other domain.
33. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
FILES option within Ntdsutil
Microsoft Desktop Optimization Pack (MDOP) to your company
Changed manually
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
34. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
A relying party trust should be created.
Dsmgmt
Then configure GlobalNames zones on each domain controller.
Assign the application to all client computers by using a GPO.
35. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
dnscmd
Disable Site Link Bridging from the IP properties
Network Load Balancing (NLB)
36. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Share and Storage Management
Microsoft System Center Data Protection Manager
37. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Create a new Password Settings Object (PSO) for the IT users.
38. To minimize the amount of storage required you should recommend
Set-ADServiceAccount cmdlet
Then use Windows BitLocker Drive Encryption
Share and Storage Management
Network Load Balancing (NLB)
39. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Active Directory snapshots and Tombstone reanimation
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Refresh the zone on DNS2
40. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify the schema of LDSInst1
Configure authorization rules for Web developers on each web server
Set-ADServiceAccount cmdlet
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
41. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Then use Windows Deployment Services (WDS) on DHCP1.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
DSMOD - ADUC
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
42. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Share and Storage Management
View properties of %systemroot%ntdsntds.dit
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
43. New Password Policy needs to be created for OU different from domain password policy
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Storage manager for SANs
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Use the Local Roles options with dsmgmt.
44. To compact AD database...
Add the user to the Domain Admins global group
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Data Recovery Agent
FILES option within Ntdsutil
45. If subnets are connected by CISCO router that is RFC-1542 compliant
Deploy a failover cluster that uses Node and File Share Disk Majority
Use CISCO IP Helper command to configure.
AD Domains and Trusts
DSMOD - ADUC
46. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
dnscmd
Create a Network Load Balancing cluster.
Then install new Server 2008 R2 Enterprise subordinate CA.
Back up to an external USB drive by using Windows Server Backup
47. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Active Directory Domains and Trusts
DISABLE slow link detection in the GPO
48. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Deploy a GPO for the Sales OU
Create a MEDV workspace
Test-AppLockerPolicy
Disable Site Link Bridging from IP Properties
49. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Get-ADUser cmdlet
Install Hyper-V role and convert physical machines into virtual machines
Then configure GlobalNames zones on each domain controller.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
50. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Add the new UPN Suffix to the forest
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Microsoft Desktop Optimization Pack (MDOP) to your company
