SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy the Root CA certificate to the external computers.
2. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
PowerShell 2.0
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure authorization rules for Web developers on each web server
Create an e-mail account in AD DS for your RMS users.
3. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Dfsrdiag
Restore-ADObject cmdlet
Modify zone transfer settings for company.com zone on DCA
Configure caching on the shared folder (offline files)
4. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
5. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
New ACCOUNT STORE should be added and configured
Then use Windows BitLocker Drive Encryption
Create an e-mail account in AD DS for your RMS users.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
6. To make deploying the custom Word dictionary easy
Create an e-mail account in AD DS for your RMS users
Recommend Group Policy preferences
Add the new UPN suffix to the forest.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
7. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
From Server A - run Create Basic Task Wizard
Deploy Microsoft System Center Operations Manager (SCOM)
Then use on install image file that contains a single install image.
Import-Module
8. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
IIS Manager user account
Administrative Role Separation
Deploy a failover cluster that contains one node in each office.
9. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Dsmgmt
Implement Network Access Protection (NAP)
Software Restriction Polices
10. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Zone transfer settings
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
11. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Software Restriction Polices
Certificate Templates
Deploy a failover cluster that contains one node in each office.
Configure the zone as an Activde Directory-Integrated zone.
12. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Jill came down with 2.50.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Create an e-mail account in AD DS for your RMS users
Ntfrsutil
13. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Windows XP Mode
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
14. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement one LUN for the quorum and another LUN for the data
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
16. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
IIS Manager user account
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Event Viewer
Winrm quickconfig
17. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure block inheritance on the IT OU
18. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
File Server Resource Manager (FSRM) quotas and file screens
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
19. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
20. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Additional DFS Targets
Data Recovery Agent
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
21. What should be done to resolve names by using GlobalNames zone?
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Ntdsutil
Then install new Server 2008 R2 Enterprise subordinate CA.
dnscmd tool
22. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
IIS Manager user account
Then install new Server 2008 R2 Enterprise subordinate CA.
23. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
Backup operator's domain local group
Back up to an external USB drive by using Windows Server Backup
Software Restriction Polices
24. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
NOT be able to store that data on an iSCSI SAN
Install From Media IFM
Ntdsutil
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
25. To backup GPO's in domain and minimize bakcup...
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
The Group Policy Management Console
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
26. To restore previous version of script without taking up too much of time...
DSMOD - ADUC
Import-Module
Attach VHD file created by Windows server backup
Then use Windows Deployment Services (WDS)
27. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Then use Windows BitLocker Drive Encryption
Additional DFS Targets
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install Windows Server Backup and modify the Windows firewall settings
28. 4 steps to perform authoritative restore of a deleted OU...
Dfsrdiag
DISABLE slow link detection in the GPO
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
29. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement GPO for all client computers
Create a Network Load Balancing cluster.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
30. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement folder redirection by using GPO. Then backup the folder redirection target.
Implement a GPO for each domain
Domain based Distributed File System (DFS) namespace and DFS Replication.
Dfsrdiag
31. To restore deleted user account from AD Recycle Bin...
Run adprep /forestprep and adprep /domainprep
Share and Storage Management
Restore-ADObject cmdlet
Configure RODC for Administrator Role Separation
32. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Site
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Assign the application to all client computers by using a GPO.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
33. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Windows Server 2003
Win2000
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Administrative Role Separation
34. Tools to view contents of an OU in an AD snapshot...
Storage manager for SANs
Then use Windows Deployment Services (WDS)
dsa.msc - dsamain.exe - ntdsutil.exe
Create ADMX and ADML files. Configure the GPO and link it to the domain.
35. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Add the new UPN suffix to the forest.
dnscmd
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
36. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
dnscmd tool
37. To allow a user to administer Active Directory
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Run adprep /forestprep and adprep /domainprep
Use local roles options within "dsmgmt"
Add the user to the Domain Admins global group
38. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Then use on install image file that contains a single install image.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Active Directory snapshots and Tombstone reanimation
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
39. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Multipath I/O feature
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
40. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Disable Site Link Bridging from IP Properties
Recommend GPT and basic disks
41. To identify users who bypass the new corporate security policy -
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Configure Audit Special Logon and define Special Groups
Install the RSAT tool on their workstation to provide for more efficient network management
Disable Site Link Bridging from the IP properties
42. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
From Server1 - run the Create Basic Task Wizard
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
43. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
44. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Configure offline files and enable manual caching
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Enable Windows Remote Management (WinRM) on the servers.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
45. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Basic Authentication and SSL
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
46. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Network Load Balancing (NLB)
Include a server that runs Microsoft Office SharePoint Server 2010
Incoming external trust
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
47. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
DFL needs to be Windows Server 2008
Deploy a GPO for the Sales OU
48. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use Windows Deployment Services (WDS) on DHCP1.
Create a Network Load Balancing cluster.
Administrators is the minimum group membership required to complete this procedure.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
49. To defragment and AD database...
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
net stop ntds
50. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Disable Site Link Bridging from IP Properties
Microsoft SharePoint Foundation 2010
Deploy it by using Group Policy Software Installation method
