SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Enables you to receive emails when domain users locked out of accounts...
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
WDS
Ntdsutil
Event Viewer
2. To ensure that recovery is possible if a file on a file server is deleted accidentally
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
dnscmd tool
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement Shadow Copies
3. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Configure block inheritance on the IT OU
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
4. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. In order to manage websites without having to logon you can use
CAPublishGP group should have the Manage CA permission.
Microsoft System Center Data Protection Manager
PowerShell 2.0
Create ADMX and ADML files. Configure the GPO and link it to the domain.
6. To prevent account password from being cached on RODC server...
Add the new UPN suffix to the forest.
Modify properties of RODC server computer account.
Use a GPO to configure device installation restrictions
Enable Windows Remote Management (WinRM) on the servers.
7. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Perform an authoritative restore
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Service user account for AD LDS
8. To backup GPO's in domain and minimize bakcup...
Then configure auto enrollment of certificates and Credential Roaming.
Data Recovery Agent
The Group Policy Management Console
Configure an audit policy by editing the default domain policy and configure Event Forwarding
9. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Ensure your account - or the group is a member of the local Administrators group for that specific server.
A Distributed File System (DFS) namespace
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
10. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Backup operator's domain local group
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Storage manager for SANs
11. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Use CISCO IP Helper command to configure.
Test-AppLockerPolicy
Administrative Role Separation
12. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Domain based Distributed File System (DFS) will reduce network traffic
File Server Resource Manager (FSRM) quotas and file screens
13. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Microsoft Application Virtualization (AppV)
Recommend GPT and basic disks
FFL Windows Server 2008 R2
14. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
16. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Configure Firewall Group Policies and link them at the Domain level
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create an e-mail account in AD DS for your RMS users.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
17. To modify several user accounts to a new UPN suffix
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Active Directory Users and Computers utility
File Server Resource Manager (FSRM) quotas and file screens
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
18. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Software Restriction Polices
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Passive file screens
19. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Increase the tombstone lifetime for the forest.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
20. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Modify the GPO to include folder redirection
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Add the Windows Server Backup feature and Windows System Image recovery.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
21. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Add George to the Domain Admins group.
Microsoft System Center Data Protection Manager 2010
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
22. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Certificate Templates
23. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Add the new UPN suffix to the forest.
Win2000
Modify the schema of LDSInst1
24. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Jill came down with 2.50.
Configure authorization rules for Web developers on each web server
Add the Windows Server Backup feature and Windows System Image recovery.
New ACCOUNT STORE should be added and configured
25. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
DSMOD
Subnet object needs to be created
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
26. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Network Load Balancing (NLB) cluster
Microsoft Desktop Optimization Pack (MDOP)
27. To allow a user to administer Active Directory
Perform an authoritative restore
Recommend Offline Files
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Add the user to the Domain Admins global group
28. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
29. To delegate authority to users to manage only certain areas in Hyper-V use the
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Use Netsh tool from administrator's computer.
Storage manager for SANs
Authorization Manager role assignment
30. To create and additional AD LDS applicaiton directory partition in existing instance...
Include a server that runs Microsoft Office SharePoint Server 2010
Ldp
Authorization Manager
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
31. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Passive file screens
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Incoming external trust
33. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Active Directory Users and Computers utility
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Dsmgmt
34. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Windows Server 2003
Add the new UPN suffix to the forest.
35. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Windows BitLocker Drive Encryption (Bit Locker)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Windows XP Mode
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
36. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Administrators is the minimum group membership required to complete this procedure.
From Server A - run Create Basic Task Wizard
Microsoft System Center Data Protection Manager
Add-ADFineGrainedPasswordPolicySubject cmdlet
37. What role to keep same time as an external server?
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Registry on users computer needs to be modified
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
PDC emulator with w32tm.exe
38. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Active Directory Domains and Trusts
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Recommend Group Policy preferences
Run adprep /forestprep and adprep /domainprep
39. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Dsmgmt
Configure the zone as an Activde Directory-Integrated zone.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
40. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
fsconfig on FSSrv2
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
41. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Distributed File System (DFS) Replication
Configure authorization rules for Web developers on each web server
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Software Restriction Polices
42. If you want to implement BitLocker and store recovery informaiton in a central location
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Printer driver isolation
43. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Create an e-mail account in AD DS for your RMS users
Create and deploy a logon script that runs Auditpol.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
44. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Windows XP Mode
Test-AppLockerPolicy
Enable - ADoptionalFeature cmdlet
45. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
46. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Event Viewer
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
47. To backup Virtual Machines
Create a standard secondary of domain and create standard secondary of other domain.
Software Restriction Polices
Configure block inheritance on the IT OU
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
48. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Run the Delegation of Control Wizard on the Staff OU
Your machine and remote desktops
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
49. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Implement File Server Resource Manager (FSRM) quotas on the desired servers
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
DISABLE slow link detection in the GPO
Ntfrsutil
