SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Use CISCO IP Helper command to configure.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Then install new Server 2008 R2 Enterprise subordinate CA.
Incoming external trust
2. To add a server with AD FS 2.0 role to an existing AD FS farm...
fsconfig on FSSrv2
Use Netsh tool from administrator's computer.
Upgrading DFS to Windows Server 2008 R2
Data Recovery Agent
3. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Assign the application to all client computers by using a GPO.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
4. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Registry on users computer needs to be modified
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Windows XP Mode
5. GPO setting to prevent all users from running an application
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Software Restriction Polices
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
6. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Configure RODC for Administrator Role Separation
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
File Server Resource Manager (FSRM) quotas and file screens
7. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Passive file screens
Subnet object needs to be created
Perform an authoritative restore
Use the Local Roles options with dsmgmt.
8. Enables you to receive emails when domain users locked out of accounts...
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Event Viewer
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
9. DFL is...
Active Directory snapshots and Tombstone reanimation
Then use Windows Deployment Services (WDS) on DHCP1.
Group Policy Preferences
Win2000 Native
10. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Set-ADServiceAccount cmdlet
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
ntdsutil
11. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Distributed File System (DFS) Replication
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
DFL needs to be Windows Server 2008
Event Subscriptions
12. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Include a server that runs Microsoft Office SharePoint Server 2010
Set-ADServiceAccount cmdlet
13. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Active Directory Right Management Services (AD RMS)
Service user account for AD LDS
Modify the GPO to include folder redirection
Discover the run Microsoft Baseline Security Analyzer (MBSA)
14. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Administrative Role Separation
net stop ntds
Repadmin
15. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
File Server Resource Manager (FSRM) quotas and file screens
Recommend GPT and basic disks
16. To compact AD database...
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
FILES option within Ntdsutil
Event Viewer
An Active Directory subnet object needs to be created.
17. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Site
Install Hyper-V role and convert physical machines into virtual machines
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Deploy a GPO for the Sales OU
18. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Modify the schema of LDSInst1
Test-AppLockerPolicy
Event Viewer
19. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Install the RSAT tool on their workstation to provide for more efficient network management
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
20. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Role Separation
Configure authorization rules for Web developers on each web server
21. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Modify zone transfer settings for company.com zone on DCA
Role Separation
Network Load Balancing (NLB) cluster
22. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
DISABLE slow link detection in the GPO
Configure Audit Special Logon and define Special Groups
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
23. To modify several user accounts to a new UPN suffix
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Then install new Server 2008 R2 Enterprise subordinate CA.
Active Directory Users and Computers utility
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
24. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Deploy a GPO to the WebSrvOU
Then configure auto enrollment of certificates and Credential Roaming.
Ntfrsutil
Dynamically expanding VHD's
25. To allow a user to administer Active Directory
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Deploy it by using Group Policy Software Installation method
Add the user to the Domain Admins global group
26. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Group Policy Preferences
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Test-AppLockerPolicy
27. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Recommend Offline Files
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Then use Windows Deployment Services (WDS) on DHCP1.
28. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Purchase one additional Enterprise License
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
29. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Implement Windows BitLocker Drive Encryption (BitLocker)
dnscmd
Storage manager for SANs
Modify the local policy to point to the Internal WSUS server
30. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
The Group Policy Management console
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Back up to an external USB drive by using Windows Server Backup
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
31. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Configure caching on the shared folder (offline files)
Jill came down with 2.50.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
32. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
FFL Windows Server 2008 R2
Deploy a failover cluster that contains one node in each office.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
33. Capture all replication errors from all your DCs to a central location...
Authorization Manager role assignment
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Recommend GPT and basic disks
Configure event log subscriptions
34. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Microsoft System Center Data Protection Manager 2010
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Network Load Balancing (NLB) cluster
35. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
36. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Configure event log subscriptions
Install Windows Server Backup and modify the Windows firewall settings
Additional DFS Targets
Discover the run Microsoft Baseline Security Analyzer (MBSA)
37. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Modify zone transfer settings for company.com zone on DCA
Install and share a printer on a server and then enable printer pooling.
Use Netsh tool from administrator's computer.
Ntfrsutil
38. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Role Separation
Storage manager for SANs
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
39. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Windows BitLocker Drive Encryption (Bit Locker)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
40. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add-ADFineGrainedPasswordPolicySubject cmdlet
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Incoming external trust
41. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
View properties of %systemroot%ntdsntds.dit
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Domain based DFS namespace and configure a DFS replication group
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
42. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Windows Deployment Services (WDS)
Modify the schema of LDSInst1
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
43. Tools to view contents of an OU in an AD snapshot...
Offline domain join
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
dsa.msc - dsamain.exe - ntdsutil.exe
44. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Test-AppLockerPolicy
Autonomous mode...This allows the local administrator to approve their own updates.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
45. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
dnscmd tool
The Group Policy Management Console
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
46. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Configure folder redirection
View properties of %systemroot%ntdsntds.dit
Raise the DFL to Windows Server 2008 R2.
47. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Add the Windows Server Backup feature and Windows System Image recovery.
IIS Chared Configuration
Incoming external trust
Configure caching on the shared folder (offline files)
48. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
DFL needs to be Windows Server 2008
Add the new UPN suffix to the forest.
Basic Authentication and SSL
Printer driver isolation
49. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement a GPO for each domain
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
50. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Create and deploy a logon script that runs Auditpol.
Enable Windows Remote Management (WinRM) on each server.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
