SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If you need to ensure that data is protected by BitLocker then you will...
Modify properties of RODC server computer account.
Get-ADUser cmdlet
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
NOT be able to store that data on an iSCSI SAN
2. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Create an Active Directory-Integrated zone.
Add the new UPN suffix to the forest.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
3. If you want to implement BitLocker and store recovery informaiton in a central location
WSUS server in the branch office in replica mode.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Run the Delegation of Control Wizard on the Staff OU
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
4. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Ntfrsutil
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Active Directory Users and Computers utility
Create a Central Store
5. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
A Distributed File System (DFS) namespace
MEDV to deploy virtual desktops
6. New Password Policy needs to be created for OU different from domain password policy
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Modify the local policy to point to the Internal WSUS server
From Server A - run Create Basic Task Wizard
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
7. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Domain based Distributed File System (DFS) namespace and DFS Replication.
8. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Windows BitLocker Drive Encryption (Bit Locker)
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Registry on users computer needs to be modified
9. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Deploy a failover cluster that contains one node in each office.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Dsmgmt
10. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
Enable Windows Remote Management (WinRM) on the servers.
Dsmgmt
A Distributed File System (DFS) namespace
11. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
12. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Configure Firewall Group Policies and link them at the Domain level
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
13. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Offline domain join
14. Auditing the deletion of Registry keys on all Domain Controllers
Dsmgmt
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
15. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Add the new UPN Suffix to the forest
Implement a domain-based DFS namespace that uses replication
Service user account for AD LDS
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
16. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
17. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
DSMOD - ADUC
Utilize IFM (Install From Media)
Implement one LUN for the quorum and another LUN for the data
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
18. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Recommend Active Directory delegation
Dfsrdiag
The Group Policy Management Console
Configure caching on the shared folder and configure offline files to use encryption
19. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement Windows BitLocker Drive Encryption (BitLocker)
Basic Authentication and SSL
20. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
21. File that contains the last logon time and custom attributes values for each user in your forest.
Run the Delegation of Control Wizard on the Staff OU
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Get-ADUser cmdlet
22. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Install Windows Server Backup and modify the Windows firewall settings
DSMOD
PDC emulator with w32tm.exe
23. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Subnet object needs to be created
Utilize IFM (Install From Media)
24. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
A relying party trust should be created.
Jill came down with 2.50.
Perform an authoritative restore
25. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Passive file screens
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Add the Windows Server Backup feature and Windows System Image recovery.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
26. To restore deleted user account from AD Recycle Bin...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Restore-ADObject cmdlet
Microsoft Desktop Optimization Pack (MDOP) to your company
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
27. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Then configure GlobalNames zones on each domain controller.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Active Directory Right Management Services (AD RMS)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
28. To configure AD FS so tokens contain information from Active Directory domain...
Event Viewer
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
New ACCOUNT STORE should be added and configured
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
29. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Authorization Manager role assignment
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a GPO to the WebSrvOU
Configure authorization rules for Web developers on each web server
30. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Configure block inheritance on the IT OU
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
31. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Distributed File System (DFS) Replication
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
From Server1 - run the Create Basic Task Wizard
DISABLE slow link detection in the GPO
32. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
33. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Disable Site Link Bridging from the IP properties
Attach VHD file created by Windows server backup
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
34. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Dsmgmt
Create an Active Directory-Integrated zone.
35. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
The Group Policy Management Console
Disable Site Link Bridging from IP Properties
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Incoming external trust
36. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Dfsrdiag
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
37. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Install Hyper-V role and convert physical machines into virtual machines
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
38. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
PDC emulator with w32tm.exe
dsa.msc - dsamain.exe - ntdsutil.exe
Microsoft Desktop Optimization Pack (MDOP)
Install Windows Server Backup and modify the Windows firewall settings
39. To be able to user an application from one AD FS with authentication server to another...
DSMOD
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
A relying party trust should be created.
40. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Basic Authentication and SSL
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Ntdsutil
AD Domains and Trusts
41. To update ADRMS password...
AD Rights Management Services
Use local roles options within "dsmgmt"
ntdsutil
Implement Windows System Resource Manager (WSRM)
42. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
DISABLE slow link detection in the GPO
Dynamically expanding VHD's
MEDV to deploy virtual desktops
IIS Chared Configuration
43. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Add the new UPN Suffix to the forest
44. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Then use Windows BitLocker Drive Encryption
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Recommend GPT and basic disks
45. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Multipath I/O feature
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
46. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Back up to an external USB drive by using Windows Server Backup
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Add the new UPN suffix to the forest.
Test-AppLockerPolicy
47. to increase the reliability of the print server - configure...
Assign the application to computers in the PC OU
Printer driver isolation
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Configure Audit Special Logon and define Special Groups
48. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Modify zone transfer settings for company.com zone on DCA
MEDV to deploy virtual desktops
Dfsrdiag
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
49. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
AD Rights Management Services
50. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Add George to the Domain Admins group.
Then configure auto enrollment of certificates and Credential Roaming.
Configure folder redirection
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition