SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure folder redirection
Zone transfer settings
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
2. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Configure authorization rules for Web developers on each web server
PDC emulator with w32tm.exe
3. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Active Directory Domains and Trusts
A relying party trust should be created.
Dynamically expanding VHD's
4. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install Windows Server Backup and modify the Windows firewall settings
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
5. To make deploying the custom Word dictionary easy
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy a GPO to the WebSrvOU
Then configure auto enrollment of certificates and Credential Roaming.
Recommend Group Policy preferences
6. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Recommend Group Policy preferences
7. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Discover the run Microsoft Baseline Security Analyzer (MBSA)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Then use on install image file that contains a single install image.
8. In order to manage websites without having to logon you can use
Ntdsutil
Data Recovery Agent
PowerShell 2.0
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
9. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Active Directory Domains and Trusts
FILES option within Ntdsutil
10. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement the Windows Search Service.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement a GPO for each domain
11. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Winrm quickconfig
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Recommend Group Policy preferences
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
12. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Administrators is the minimum group membership required to complete this procedure.
Event Log Subscriptions
Create an e-mail account in AD DS for your RMS users.
13. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Add the new UPN Suffix to the forest
14. An AD LDS instance needs to be replicated from one server to another...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Service user account for AD LDS
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Ntdsutil
15. If subnets are connected by CISCO router that is RFC-1542 compliant
Dsmgmt
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Use CISCO IP Helper command to configure.
16. You need to ensure that the guest account on all servers is disabled to
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Discover the run Microsoft Baseline Security Analyzer (MBSA)
WSUS server in the branch office in replica mode.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
17. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then use on install image file that contains a single install image.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
18. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Role Separation
20. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install Hyper-V role and convert physical machines into virtual machines
Active Directory Domains and Trusts
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
21. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Basic Authentication and SSL
Back up to an external USB drive by using Windows Server Backup
Test-AppLockerPolicy
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
22. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Execute the Set-ADServiceAccount cmdlet
Dsmgmt
Encrypting File System (EFS). This can be enabled locally or through a GPO.
23. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Administrators is the minimum group membership required to complete this procedure.
Microsoft Desktop Optimization Pack (MDOP) to your company
Network Load Balancing (NLB) cluster
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
24. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Then use Windows BitLocker Drive Encryption
Create a new Password Settings Object (PSO) for the IT users.
Configure the zone as an Activde Directory-Integrated zone.
802.1.x NAP
25. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Microsoft Desktop Optimization Pack (MDOP) to your company
AD Domains and Trusts
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
26. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
Prestage the computer account in AD
Add the Windows Server Backup feature and Windows System Image recovery.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
27. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Additional DFS Targets
Deploy Microsoft System Center Operations Manager (SCOM)
WSUS server in the branch office in replica mode.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
28. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
DSMOD
Active Directory Users and Computers utility
Disable Site Link Bridging from the IP properties
29. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Raise the DFL to Windows Server 2008 R2.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Run adprep /forestprep and adprep /domainprep
30. What role to keep same time as an external server?
Windows System Resource Manager (WSRM)
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
PDC emulator with w32tm.exe
31. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Windows XP Mode
Ldp
Offline domain join
AD Rights Management Services
32. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
PDC emulator with w32tm.exe
Modify properties of RODC server computer account.
Configure folder redirection
Implement a GPO for each domain
33. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
34. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
MEDV to deploy virtual desktops
Site
Implement the Windows Search Service.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
35. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
The Group Policy Management Console
Enable Credential Roaming
Run auditpol and then configure the Security settings of the Domain Controllers OU.
36. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Use the Local Roles options with dsmgmt.
Win2000 Native
Offline domain join
Dsmgmt
37. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Assign the application to computers in the PC OU
Implement one LUN for the quorum and another LUN for the data
Network Load Balancing (NLB)
38. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Disable Site Link Bridging from the IP properties
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Active Directory snapshots and Tombstone reanimation
Microsoft Desktop Optimization Pack (MDOP)
39. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Upgrading DFS to Windows Server 2008 R2
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Windows BitLocker Drive Encryption (Bit Locker)
Dfsrdiag
40. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
IIS Chared Configuration
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Network Load Balancing (NLB) cluster
41. To recover objects deleted from Active Directory you should recommend
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy a failover cluster that contains one node in each office.
Active Directory snapshots and Tombstone reanimation
42. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Create ADMX and ADML files. Configure the GPO and link it to the domain.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
43. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Implement one LUN for the quorum and another LUN for the data
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
From Server A - run Create Basic Task Wizard
44. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
PDC emulator with w32tm.exe
Active Directory Right Management Services (AD RMS)
Configure block inheritance on the IT OU
45. To add a new UPN for all user accounts...
Event Subscriptions
AD Domains and Trusts
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
46. To back up your Hyper-VMs and the Hyper-V host; for each VM -
New ACCOUNT STORE should be added and configured
Configure authorization rules for Web developers on each web server
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Windows Deployment Services (WDS)
47. DFL is...
Configure RODC for Administrator Role Separation
Microsoft System Center Data Protection Manager 2010
Win2000 Native
Recommend Group Policy preferences
48. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Dfsrdiag
Your machine and remote desktops
Create a Central Store
Assign the application to computers in the PC OU
49. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
The Group Policy Management console
50. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Configure folder redirection
Create an Active Directory-Integrated zone.
Recommend Group Policy preferences
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.