SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Event Viewer
Modify properties of RODC server computer account.
Install Windows Server Backup and modify the Windows firewall settings
PDC emulator with w32tm.exe
2. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Configure Audit Special Logon and define Special Groups
Create an e-mail account in AD DS for your RMS users.
Domain based DFS namespace and configure a DFS replication group
3. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
Deploy Microsoft System Center Operations Manager (SCOM)
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Storage manager for SANs
4. What utility is used to see what accounts cached on RODC?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Active Directory Users and Computers
Network Load Balancing (NLB) cluster
Encrypting File System (EFS). This can be enabled locally or through a GPO.
5. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
6. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Dynamically expanding VHD's
Raise the DFL to Windows Server 2008 R2.
Configure caching on the shared folder and configure offline files to use encryption
net stop ntds
7. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Domain based DFS namespace and configure a DFS replication group
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Backup operator's domain local group
8. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Set-ADServiceAccount cmdlet
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Incoming external trust
9. What shold be done to configure AD RMS so users can protect their data?
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Implement Network Access Protection (NAP)
Create an e-mail account in AD DS for your RMS users
Certificate Templates
10. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Add the user to the Domain Admins global group
Registry on users computer needs to be modified
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Winrm quickconfig
11. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Enable Windows Remote Management (WinRM) on each server.
Windows BitLocker Drive Encryption (Bit Locker)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
12. To allow connection to a 256 Kbps ISDN...
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Deploy the Root CA certificate to the external computers.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
DISABLE slow link detection in the GPO
13. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Configure separate application pools for each application
CAPublishGP group should have the Manage CA permission.
Then use on install image file that contains a single install image.
14. to increase the reliability of the print server - configure...
Printer driver isolation
Then use Windows Deployment Services (WDS) on DHCP1.
dnscmd
Administrative Role Separation
15. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install the RSAT tool on their workstation to provide for more efficient network management
Improve the performance of File Servers
A Distributed File System (DFS) namespace
16. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
17. Enables you to receive emails when domain users locked out of accounts...
Use CISCO IP Helper command to configure.
Event Viewer
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Enable Windows Remote Management (WinRM) on the servers.
18. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Add the new UPN Suffix to the forest
Perform an authoritative restore
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install and share a printer on a server and then enable printer pooling.
19. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
20. To ensure that a file on a file server do not leave the organization you must implement this.
FFL Windows Server 2008 R2
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Ensure your account - or the group is a member of the local Administrators group for that specific server.
AD RMS
21. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Backup operator's domain local group
Windows Deployment Services (WDS)
22. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Data Recovery Agent
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Group Policy Preferences
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
24. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Install the RSAT tool on their workstation to provide for more efficient network management
Perform an authoritative restore
Deploy the Root CA certificate to the external computers.
25. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Recommend Offline Files
DSMOD
Microsoft SharePoint Foundation 2010
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
26. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Install Windows Server Backup and modify the Windows firewall settings
Utilize IFM (Install From Media)
Storage manager for SANs
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
27. If you want to implement BitLocker and store recovery informaiton in a central location
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Modify properties of RODC server computer account.
AD Rights Management Services
28. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement Distributed File System Replication (DFSR) on both servers
Disable Site Link Bridging from the IP properties
29. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Recommend Offline Files
AD Rights Management Services
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Implement a GPO for each domain
30. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Data Recovery Agent
Disable Site Link Bridging from the IP properties
Then install new Server 2008 R2 Enterprise subordinate CA.
31. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Distributed File System (DFS) Replication
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Software Restriction Polices
Improve the performance of File Servers
32. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Deploy it by using Group Policy Software Installation method
Network Load Balancing (NLB) cluster
DFL needs to be Windows Server 2008
Then use Windows Deployment Services (WDS) on DHCP1.
33. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Windows XP Mode
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
34. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
NOT be able to store that data on an iSCSI SAN
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Active Directory Domains and Trusts
35. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Enable Windows Remote Management (WinRM) on each server.
Basic Authentication and SSL
Dfsrdiag
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
36. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install Windows Server Backup and modify the Windows firewall settings
Configure the zone as an Activde Directory-Integrated zone.
37. PowerShell script to create user accounts with passwords from a file called password.csv
IIS Chared Configuration
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Zone transfer settings
38. To configure Administrator Role Separation for an RODC
The Group Policy Management Console
Increase the tombstone lifetime for the forest.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
39. Tool to change Directory Services Restore Mode password on Domain Controller...
Raise the DFL to Windows Server 2008 R2.
ntdsutil
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
40. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
Service user account for AD LDS
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Enable Windows Remote Management (WinRM) on the servers.
41. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Assign the application to all client computers by using a GPO.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Network Load Balancing (NLB)
42. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Ntfrsutil
Administrators is the minimum group membership required to complete this procedure.
Then use on install image file that contains a single install image.
43. To be able to user an application from one AD FS with authentication server to another...
Implement Windows System Resource Manager (WSRM)
Share and Storage Management
A relying party trust should be created.
Get-ADUser cmdlet
44. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Active Directory Right Management Services (AD RMS)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
45. You need to deploy a sales application that only the sales users must have access to
Create a standard secondary of domain and create standard secondary of other domain.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Share and Storage Management
Deploy a GPO for the Sales OU
46. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Active Directory snapshots and Tombstone reanimation
Administrative Role Separation
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
47. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Domain based Distributed File System (DFS) namespace and DFS Replication.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
48. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
49. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Deploy it by using Group Policy Software Installation method
IIS Manager user account
802.1.x NAP
50. If a file server reaches 15% free disk space - you could free up some disk space by
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Incoming external trust
Creating a data collector set that kick off a scritp that either move or delete files.
