SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Perform an authoritative restore
Win2000 Native
Role Separation
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
3. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
An Active Directory subnet object needs to be created.
Site
Dynamically expanding VHD's
Set-ADServiceAccount cmdlet
4. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Passive file screens
WSUS server in the branch office in replica mode.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
5. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Purchase one additional Enterprise License
Deploy Microsoft System Center Operations Manager (SCOM)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
6. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Configure RODC for Administrator Role Separation
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
7. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Then install new Server 2008 R2 Enterprise subordinate CA.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Properties of PSO need modified
8. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
net stop ntds
Enable - ADoptionalFeature cmdlet
Increase the tombstone lifetime for the forest.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
9. What should be done to resolve names by using GlobalNames zone?
Use the Local Roles options with dsmgmt.
View properties of %systemroot%ntdsntds.dit
Group Policy Preferences
dnscmd tool
10. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
11. 4 steps to perform offline Defragmentation of AD database...
Basic Authentication and SSL
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Get-ADUser cmdlet
12. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Printer driver isolation
Ntfrsutil
Enable Windows Remote Management (WinRM) on the servers.
13. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Utilize IFM (Install From Media)
Install the RSAT tool on their workstation to provide for more efficient network management
Raise the DFL to Windows Server 2008 R2.
Configure RODC for Administrator Role Separation
14. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
New ACCOUNT STORE should be added and configured
15. If a file server reaches 15% free disk space - you could free up some disk space by
Administrative Role Separation
Configure Firewall Group Policies and link them at the Domain level
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Creating a data collector set that kick off a scritp that either move or delete files.
16. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
From Server1 - run the Create Basic Task Wizard
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
17. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
IIS Chared Configuration
18. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Import-Module
A Distributed File System (DFS) namespace
Subnet object needs to be created
19. To prevent account password from being cached on RODC server...
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Modify properties of RODC server computer account.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Deploy the Root CA certificate to the external computers.
20. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Utilize IFM (Install From Media)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
21. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
FFL Windows Server 2008 R2
WSUS server in the branch office in replica mode.
Group Policy Preferences
22. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Jill came down with 2.50.
Deploy a GPO for the Sales OU
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Perform an authoritative restore
23. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Install Windows Server Backup and modify the Windows firewall settings
Network Load Balancing (NLB)
Active Directory snapshots and Tombstone reanimation
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
24. If you need to minimize the bandwidth for installation
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Utilize IFM (Install From Media)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
25. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
New ACCOUNT STORE should be added and configured
Encrypting File System (EFS). This can be enabled locally or through a GPO.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
26. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Create a standard secondary of domain and create standard secondary of other domain.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Repadmin
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
27. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
28. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
NOT be able to store that data on an iSCSI SAN
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
29. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
30. To delegate authority to users to manage only certain areas in Hyper-V use the
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Authorization Manager role assignment
Jill came down with 2.50.
Recommend Group Policy preferences
31. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Perform an authoritative restore
32. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Windows BitLocker Drive Encryption (Bit Locker)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Deploy a GPO to the WebSrvOU
Add the Windows Server Backup feature and Windows System Image recovery.
33. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Software Restriction Polices
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Then use Windows Deployment Services (WDS)
dsa.msc - dsamain.exe - ntdsutil.exe
34. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
File Server Resource Manager (FSRM) quotas and file screens
Assign the application to computers in the PC OU
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
35. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Perform an authoritative restore
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
36. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. PowerShell script to create user accounts with passwords from a file called password.csv
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
38. Can be used to install the Windows RE on existing servers
Repadmin
WDS
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Windows BitLocker Drive Encryption (Bit Locker)
39. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Create an Active Directory-Integrated zone.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Implement a GPO for each domain
40. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
IIS Chared Configuration
Run adprep /forestprep and adprep /domainprep
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Assign the application to computers in the PC OU
41. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Disable Site Link Bridging from IP Properties
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implement GPO for all client computers
42. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Group Policy Preferences
Configure event log subscriptions
Implement folder redirection by using GPO. Then backup the folder redirection target.
43. What should be done first to defragment the AD database?
DFL needs to be Windows Server 2008
Windows XP Mode
Run net stop ntds
Deploy it by using Group Policy Software Installation method
44. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
MEDV to deploy virtual desktops
Active Directory Domains and Trusts
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
45. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Microsoft System Center Data Protection Manager
46. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrading DFS to Windows Server 2008 R2
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Ldp
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
47. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Deploy Microsoft System Center Operations Manager (SCOM)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Incoming external trust
48. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Active Directory Users and Computers
Windows BitLocker Drive Encryption (Bit Locker)
Raise the DFL to Windows Server 2008 R2.
Implement Windows System Resource Manager (WSRM)
49. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Passive file screens
Certificate Templates
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
50. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
