SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Configure the zone as an Activde Directory-Integrated zone.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
2. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
DSMOD - ADUC
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
3. To build a highly secure server cluster with a reduced attack surface area
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Service user account for AD LDS
Use a GPO to configure device installation restrictions
4. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure Audit Special Logon and define Special Groups
An Active Directory subnet object needs to be created.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
5. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Then configure GlobalNames zones on each domain controller.
DSMOD - ADUC
Raise the DFL to Windows Server 2008 R2.
6. The strongest form of NAP is
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
7. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Windows BitLocker Drive Encryption (Bit Locker)
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Group Policy Preferences
Implement Network Access Protection (NAP)
8. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
9. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Deploy a GPO to the WebSrvOU
Perform an authoritative restore
Back up to an external USB drive by using Windows Server Backup
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
10. To add a new UPN for all user accounts...
Authorization Manager
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Group Policy Preferences
AD Domains and Trusts
11. To compact AD database...
IIS Chared Configuration
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
FILES option within Ntdsutil
Recommend Group Policy preferences
12. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Modify the schema of LDSInst1
Modify the GPO to include folder redirection
13. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
DFL needs to be Windows Server 2008
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Then use Windows Deployment Services (WDS)
14. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
An Active Directory subnet object needs to be created.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement Windows System Resource Manager (WSRM) and configure user policies
15. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
16. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Modify the GPO to include folder redirection
Distributed File System (DFS) Replication
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
IIS Chared Configuration
17. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Share and Storage Management
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Then use Windows Deployment Services (WDS) on DHCP1.
Implement Windows System Resource Manager (WSRM)
18. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Deploy Microsoft System Center Operations Manager (SCOM)
Administrative Role Separation
Test-AppLockerPolicy
Multipath I/O feature
19. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Upgrading DFS to Windows Server 2008 R2
20. To configure Administrator Role Separation for an RODC
Share and Storage Management
Import-Module
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Backup operator's domain local group
21. What utility is used to see what accounts cached on RODC?
Microsoft System Center Data Protection Manager 2010
Then configure auto enrollment of certificates and Credential Roaming.
Disable Site Link Bridging from IP Properties
Active Directory Users and Computers
22. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Domain based Distributed File System (DFS) will reduce network traffic
Storage manager for SANs
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
23. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Ntfrsutil
Role Separation
Implement a Remote Desktop Connection Broker (RD Connection Broker)
24. To backup Virtual Machines
Distributed File System (DFS) Replication
Subnet object needs to be created
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
25. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Administrators is the minimum group membership required to complete this procedure.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
26. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Site
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
27. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
IIS Manager user account
Passive file screens
Domain based Distributed File System (DFS) namespace and DFS Replication.
Repadmin
28. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Run the Delegation of Control Wizard on the Staff OU
fsconfig on FSSrv2
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Domain based Distributed File System (DFS) will reduce network traffic
29. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Perform an authoritative restore
AD RMS
Microsoft System Center Data Protection Manager
Properties of PSO need modified
30. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
FILES option within Ntdsutil
Incoming external trust
Execute the Set-ADServiceAccount cmdlet
Network Load Balancing (NLB)
31. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Passive file screens
Domain based Distributed File System (DFS) will reduce network traffic
Implement a Remote Desktop Connection Broker (RD Connection Broker)
32. If you want to implement BitLocker and store recovery informaiton in a central location
Then use Windows Deployment Services (WDS)
Configure folder redirection
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
IIS Manager user account
33. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Jill came down with 2.50.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Incoming external trust
34. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
WDS
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
802.1.x NAP
Then use Windows Deployment Services (WDS)
35. You need a solution that meets policy while minimizing hardware and software costs
Software Restriction Polices
Ntfrsutil
net stop ntds
Create a new Password Settings Object (PSO) for the IT users.
36. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Ntfrsutil
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
37. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
38. To enable the AD Recycle Bin
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Enable - ADoptionalFeature cmdlet
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Service user account for AD LDS
39. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
IIS Chared Configuration
Assign the application to computers in the PC OU
The Group Policy Management Console
Prestage the computer account in AD
40. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
New ACCOUNT STORE should be added and configured
Windows BitLocker Drive Encryption (Bit Locker)
PowerShell 2.0
41. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
42. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Ntfrsutil
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
From Server A - run Create Basic Task Wizard
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
43. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Enable Windows Remote Management (WinRM) on the servers.
Domain based Distributed File System (DFS) will reduce network traffic
44. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Implement Windows BitLocker Drive Encryption (BitLocker)
Then configure auto enrollment of certificates and Credential Roaming.
AD Domains and Trusts
Dsmgmt
45. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
IIS Manager user account
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Implement GPO for all client computers
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
46. What should be done to ensure changes made to AD objects can be logged?
Include a server that runs Microsoft Office SharePoint Server 2010
Create an e-mail account in AD DS for your RMS users
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Zone transfer settings
47. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
Implement one LUN for the quorum and another LUN for the data
Then configure auto enrollment of certificates and Credential Roaming.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
48. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Deploy the Root CA certificate to the external computers.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
49. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Active Directory Right Management Services (AD RMS)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Service user account for AD LDS
50. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Ntfrsutil
Deploy a failover cluster that contains one node in each office.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events