SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Computer Management snap-in allows you to create shares both on...
Configure caching on the shared folder (offline files)
Multipath I/O feature
Your machine and remote desktops
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
2. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Win2000 Native
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
3. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Implement a GPO for each domain
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
4. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Printer driver isolation
Add the user to the Domain Admins global group
Refresh the zone on DNS2
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
5. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Install and share a printer on a server and then enable printer pooling.
DSMOD - ADUC
Use a GPO to configure device installation restrictions
Role Separation
6. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Create an e-mail account in AD DS for your RMS users.
The Group Policy Management Console
7. to protect file servers and hard disks that may be at risk of being accessed or stolen
Disable Site Link Bridging from the IP properties
Microsoft SharePoint Foundation 2010
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement Windows BitLocker Drive Encryption (BitLocker)
8. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Implement Network Access Protection (NAP)
Then use Windows Deployment Services (WDS) on DHCP1.
Active Directory snapshots and Tombstone reanimation
9. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
10. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Ntfrsutil
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
11. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Microsoft SharePoint Foundation 2010
Implement folder redirection by using GPO. Then backup the folder redirection target.
Implement a domain-based DFS namespace that uses replication
Recommend Offline Files
12. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
fsconfig on FSSrv2
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
From Server1 - run the Create Basic Task Wizard
Configure caching on the shared folder (offline files)
13. If you need to encrypt all data on all disks
Purchase one additional Enterprise License
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement the Windows Search Service.
Then use Windows BitLocker Drive Encryption
14. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Ntdsutil
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
FILES option within Ntdsutil
Administrative Role Separation
15. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Multipath I/O feature
Refresh the zone on DNS2
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Execute the Set-ADServiceAccount cmdlet
16. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Purchase one additional Enterprise License
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
AD Rights Management Services
17. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
New ACCOUNT STORE should be added and configured
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
dnscmd tool
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
18. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Modify the GPO to include folder redirection
Then install new Server 2008 R2 Enterprise subordinate CA.
19. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Windows BitLocker Drive Encryption (Bit Locker)
Event Subscriptions
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
20. If a file server reaches 15% free disk space - you could free up some disk space by
Active Directory snapshots and Tombstone reanimation
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Creating a data collector set that kick off a scritp that either move or delete files.
21. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
802.1.x NAP
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
22. What should be done to ensure changes made to AD objects can be logged?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Windows Deployment Services (WDS)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
23. To prevent account password from being cached on RODC server...
Modify the local policy to point to the Internal WSUS server
Add the new UPN suffix to the forest.
Modify properties of RODC server computer account.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
24. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
DSMOD - ADUC
Distributed File System (DFS) Replication
Run auditpol and then configure the Security settings of the Domain Controllers OU.
25. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Event Viewer
Implement the Windows Search Service.
IIS Chared Configuration
Set-ADServiceAccount cmdlet
26. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
DISABLE slow link detection in the GPO
Implement a GPO for each domain
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
27. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Configure folder redirection
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
The Group Policy Management Console
28. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Configure caching on the shared folder and configure offline files to use encryption
Deploy the Root CA certificate to the external computers.
Dfsrdiag
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
29. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Administrators is the minimum group membership required to complete this procedure.
Configure Audit Special Logon and define Special Groups
FFL Windows Server 2008 R2
30. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Ntdsutil
Enable - ADoptionalFeature cmdlet
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
PowerShell 2.0
31. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Autonomous mode...This allows the local administrator to approve their own updates.
32. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
33. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Run the Delegation of Control Wizard on the Staff OU
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Windows Server 2003
Dsmgmt
34. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Dfsrdiag
Modify the GPO to include folder redirection
Test-AppLockerPolicy
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
35. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install the RSAT tool on their workstation to provide for more efficient network management
Raise the DFL to Windows Server 2008 R2.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
36. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
WDS
Recommend Group Policy preferences
Add the new UPN suffix to the forest.
Then use Windows Deployment Services (WDS)
37. To create AD Domain Services snapshot
Then configure GlobalNames zones on each domain controller.
MEDV to deploy virtual desktops
Event Subscriptions
Ntdsutil
38. If you want to implement BitLocker and store recovery informaiton in a central location
Registry on users computer needs to be modified
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure caching on the shared folder (offline files)
The Group Policy Management console
39. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Use the Local Roles options with dsmgmt.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
40. To delegate authority to users to manage only certain areas in Hyper-V use the
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Registry on users computer needs to be modified
802.1.x NAP
Authorization Manager role assignment
41. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
802.1.x NAP
A relying party trust should be created.
Active Directory Domains and Trusts
Improve the performance of File Servers
42. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Win2000 Native
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Configure authorization rules for Web developers on each web server
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
43. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
44. What role to keep same time as an external server?
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
PDC emulator with w32tm.exe
dsa.msc - dsamain.exe - ntdsutil.exe
45. To backup to tape/robotic tape and to backup VMs you must use...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Microsoft System Center Data Protection Manager 2010
Properties of PSO need modified
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
46. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Recommend Active Directory delegation
Include a server that runs Microsoft Office SharePoint Server 2010
47. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Active Directory snapshots and Tombstone reanimation
Configure the zone as an Activde Directory-Integrated zone.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
48. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Certificate Templates
Windows XP Mode
Get-ADUser cmdlet
Configure separate application pools for each application
49. To defragment and AD database...
Then use on install image file that contains a single install image.
Back up to an external USB drive by using Windows Server Backup
Modify the GPO to include folder redirection
net stop ntds
50. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
The Group Policy Management Console
Microsoft System Center Data Protection Manager 2010