SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then use Windows Deployment Services (WDS) on DHCP1.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
2. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Configure the zone as an Activde Directory-Integrated zone.
Create a standard secondary of domain and create standard secondary of other domain.
A relying party trust should be created.
3. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Authorization Manager
Microsoft System Center Data Protection Manager 2010
Assign the application to computers in the PC OU
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
4. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
WSUS server in the branch office in replica mode.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
The Group Policy Management console
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
5. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure an audit policy by editing the default domain policy and configure Event Forwarding
6. What shold be done to configure AD RMS so users can protect their data?
Create an e-mail account in AD DS for your RMS users
Disable Site Link Bridging from the IP properties
IIS Manager user account
Create and deploy a logon script that runs Auditpol.
7. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Ldp
Implement Network Access Protection (NAP) that uses 802.1x enforcement
8. to make shares at a remote location available to users you should implement this.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Create an e-mail account in AD DS for your RMS users.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
9. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Win2000 Native
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy it by using Group Policy Software Installation method
Microsoft SharePoint Foundation 2010
10. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Jill came down with 2.50.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
11. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
A Distributed File System (DFS) namespace
Domain based Distributed File System (DFS) will reduce network traffic
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
12. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Execute the Set-ADServiceAccount cmdlet
Subnet object needs to be created
Passive file screens
Then install new Server 2008 R2 Enterprise subordinate CA.
13. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Ntdsutil
Raise the DFL to Windows Server 2008 R2.
14. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
DSMOD
MEDV to deploy virtual desktops
Run net stop ntds
Folder redirection. Folder redirection is also useful when using roamin profiles.
15. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
802.1.x NAP
Deploy Microsoft System Center Operations Manager (SCOM)
Modify the schema of LDSInst1
Network Load Balancing (NLB)
16. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Distributed File System (DFS) Replication
Configure separate application pools for each application
17. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
18. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Then configure auto enrollment of certificates and Credential Roaming.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
19. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Deploy a GPO for the Sales OU
20. Striped volumes
Recommend GPT and basic disks
Group Policy Preferences
Improve the performance of File Servers
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
21. You need to allow a user to add a single computer to a domain - without any additional rights...
Create an e-mail account in AD DS for your RMS users.
Prestage the computer account in AD
dnscmd
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
22. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Win2000
DFL needs to be Windows Server 2008
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
23. If you need to encrypt all data on all disks
Distributed File System (DFS) Replication
Creating a data collector set that kick off a scritp that either move or delete files.
Then use Windows BitLocker Drive Encryption
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
24. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Dynamically expanding VHD's
Use local roles options within "dsmgmt"
Zone transfer settings
Modify the schema of LDSInst1
25. To enable the AD Recycle Bin
Registry on users computer needs to be modified
Modify the GPO to include folder redirection
Enable - ADoptionalFeature cmdlet
Back up to an external USB drive by using Windows Server Backup
26. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Perform an authoritative restore
27. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Then configure auto enrollment of certificates and Credential Roaming.
Use local roles options within "dsmgmt"
28. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
From Server A - run Create Basic Task Wizard
Then use Windows Deployment Services (WDS)
Distributed File System (DFS) Replication
29. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
AD Domains and Trusts
Create an e-mail account in AD DS for your RMS users.
Create a standard secondary of domain and create standard secondary of other domain.
fsconfig on FSSrv2
30. To make deploying the custom Word dictionary easy
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Recommend Group Policy preferences
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install From Media IFM
31. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Dfsrdiag
Test-AppLockerPolicy
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
32. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Use CISCO IP Helper command to configure.
Configure event log subscriptions
Execute the Set-ADServiceAccount cmdlet
Get-ADUser cmdlet
33. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
WDS
34. The strongest form of NAP is
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Your machine and remote desktops
Microsoft SharePoint Foundation 2010
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
35. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Implement a GPO for each domain
Add the Windows Server Backup feature and Windows System Image recovery.
Configure Audit Special Logon and define Special Groups
36. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Add George to the Domain Admins group.
Test-AppLockerPolicy
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
37. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Windows BitLocker Drive Encryption (Bit Locker)
Multipath I/O feature
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create and deploy a logon script that runs Auditpol.
38. If you need to minimize the bandwidth for installation
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Utilize IFM (Install From Media)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
39. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Active Directory Right Management Services (AD RMS)
Administrators is the minimum group membership required to complete this procedure.
Create a Central Store
40. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Run the Delegation of Control Wizard on the Staff OU
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Add-ADFineGrainedPasswordPolicySubject cmdlet
41. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
DISABLE slow link detection in the GPO
NOT be able to store that data on an iSCSI SAN
Group Policy Preferences
42. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Deploy it by using Group Policy Software Installation method
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Add-ADFineGrainedPasswordPolicySubject cmdlet
43. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Disable Site Link Bridging from IP Properties
Then use on install image file that contains a single install image.
44. Tools to view contents of an OU in an AD snapshot...
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
IIS Manager user account
Role Separation
dsa.msc - dsamain.exe - ntdsutil.exe
45. Auditing the deletion of Registry keys on all Domain Controllers
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Administrative Role Separation
Microsoft Application Virtualization (AppV)
46. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Raise the DFL to Windows Server 2008 R2.
47. Jack and Jill go up the hill - both with a buck and a quarter
DSMOD - ADUC
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Jill came down with 2.50.
48. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Deploy a failover cluster that contains one node in each office.
The Group Policy Management Console
Dfsrdiag
49. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Group Policy Preferences
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure the zone as an Activde Directory-Integrated zone.
50. Enables you to receive emails when domain users locked out of accounts...
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Event Viewer
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Get-ADUser cmdlet
