SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Improve the performance of File Servers
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
2. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Create a MEDV workspace
Use a GPO to configure device installation restrictions
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
The Group Policy Management Console
3. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Test-AppLockerPolicy
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Create an Active Directory-Integrated zone.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
4. You need to allow a user to add a single computer to a domain - without any additional rights...
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Prestage the computer account in AD
Test-AppLockerPolicy
Dsmgmt
5. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Install and share a printer on a server and then enable printer pooling.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Microsoft SharePoint Foundation 2010
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
6. You need to recommend a BitLocker recovery method you should recommend this.
Data Recovery Agent
Active Directory Domains and Trusts
Modify properties of RODC server computer account.
Implement GPO for all client computers
7. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Dsmgmt
Deploy it by using Group Policy Software Installation method
8. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
File Server Resource Manager (FSRM) quotas and file screens
Ntfrsutil
Improve the performance of File Servers
9. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Win2000
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Dfsrdiag
10. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Attach VHD file created by Windows server backup
Configure the zone as an Activde Directory-Integrated zone.
Then use on install image file that contains a single install image.
11. To allow a specifc user or group to manage the address information for the user accounts...
Basic Authentication and SSL
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Recommend Active Directory delegation
FILES option within Ntdsutil
12. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
A relying party trust should be created.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Windows Deployment Services (WDS)
13. To modify several user accounts to a new UPN suffix
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Network Load Balancing (NLB) cluster
Active Directory Users and Computers utility
Execute the Set-ADServiceAccount cmdlet
14. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Raise the DFL to Windows Server 2008 R2.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Domain based Distributed File System (DFS) will reduce network traffic
Then use Windows Deployment Services (WDS) on DHCP1.
15. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Implement GPO for all client computers
WDS
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Deploy a failover cluster that uses Node and File Share Disk Majority
16. Tools to view contents of an OU in an AD snapshot...
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
dsa.msc - dsamain.exe - ntdsutil.exe
17. What shold be done to configure AD RMS so users can protect their data?
Create and deploy a logon script that runs Auditpol.
Create an e-mail account in AD DS for your RMS users
Modify the GPO to include folder redirection
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
18. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Software Restriction Polices
Add the new UPN Suffix to the forest
AD RMS
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
19. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Autonomous mode...This allows the local administrator to approve their own updates.
Implement Distributed File System Replication (DFSR) on both servers
Create a Central Store
20. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Basic Authentication and SSL
Implement GPO for all client computers
Windows Deployment Services (WDS)
21. When service account passwords need to be changed for SQL they should be...
Run the Delegation of Control Wizard on the Staff OU
Changed manually
Refresh the zone on DNS2
Printer driver isolation
22. To compact AD database...
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
FILES option within Ntdsutil
Active Directory Right Management Services (AD RMS)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
23. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Then use on install image file that contains a single install image.
Create an Active Directory-Integrated zone.
Jill came down with 2.50.
Windows XP Mode
24. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Administrative Role Separation
25. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Recommend Group Policy preferences
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the new UPN suffix to the forest.
26. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Active Directory snapshots and Tombstone reanimation
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
CAPublishGP group should have the Manage CA permission.
27. When one needs to audit files - folders - printers and the registry enable
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Administrators is the minimum group membership required to complete this procedure.
28. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Software Restriction Polices
29. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Install and share a printer on a server and then enable printer pooling.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
30. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Modify zone transfer settings for company.com zone on DCA
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
31. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Import-Module
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Perform an authoritative restore
32. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Test-AppLockerPolicy
Event Log Subscriptions
33. GPO setting to prevent all users from running an application
dnscmd
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Software Restriction Polices
DSMOD
34. Tool to change Directory Services Restore Mode password on Domain Controller...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Refresh the zone on DNS2
ntdsutil
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
35. Striped volumes
Microsoft System Center Data Protection Manager 2010
Create an e-mail account in AD DS for your RMS users.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Improve the performance of File Servers
36. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Autonomous mode...This allows the local administrator to approve their own updates.
Multipath I/O feature
37. UPN Suffix xxxx.com needs to be available for user accounts...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Role Separation
Install and share a printer on a server and then enable printer pooling.
Add the new UPN Suffix to the forest
38. To update ADRMS password...
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
AD Rights Management Services
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Win2000 Native
39. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Additional DFS Targets
Modify properties of RODC server computer account.
DSMOD - ADUC
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
40. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Backup operator's domain local group
Dfsrdiag
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
41. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
Ntdsutil
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement one LUN for the quorum and another LUN for the data
42. To ensure that recovery is possible if a file on a file server is deleted accidentally
FFL Windows Server 2008 R2
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Implement Shadow Copies
43. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Win2000 Native
Configure Audit Special Logon and define Special Groups
A relying party trust should be created.
44. What should be done to ensure changes made to AD objects can be logged?
Implement Distributed File System Replication (DFSR) on both servers
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
45. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Create an Active Directory-Integrated zone.
A relying party trust should be created.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Execute the Set-ADServiceAccount cmdlet
46. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Include a server that runs Microsoft Office SharePoint Server 2010
Assign the application to all client computers by using a GPO.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
47. If you need to ensure that data is protected by BitLocker then you will...
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Deploy Microsoft System Center Operations Manager (SCOM)
NOT be able to store that data on an iSCSI SAN
Share and Storage Management
48. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
Administrators is the minimum group membership required to complete this procedure.
Modify zone transfer settings for company.com zone on DCA
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
49. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
Ntfrsutil
WSUS server in the branch office in replica mode.
Improve the performance of File Servers
50. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Set-ADServiceAccount cmdlet
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Zone transfer settings
fsconfig on FSSrv2
