SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Then use on install image file that contains a single install image.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Microsoft Desktop Optimization Pack (MDOP)
2. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Add the new UPN suffix to the forest.
Include a server that runs Microsoft Office SharePoint Server 2010
Domain based Distributed File System (DFS) will reduce network traffic
Execute the Set-ADServiceAccount cmdlet
3. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure event log subscriptions
Incoming external trust
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Configure RODC for Administrator Role Separation
4. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
fsconfig on FSSrv2
Configure RODC for Administrator Role Separation
Recommend GPT and basic disks
5. What utility is used to see what accounts cached on RODC?
DISABLE slow link detection in the GPO
Active Directory Users and Computers
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Network Load Balancing (NLB)
6. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
7. Need to ensure users receive updated template within five days...
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Windows System Resource Manager (WSRM)
Registry on users computer needs to be modified
Group Policy Preferences
8. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
fsconfig on FSSrv2
Assign the application to all client computers by using a GPO.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy a failover cluster that uses Node and File Share Disk Majority
9. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Use CISCO IP Helper command to configure.
Implement Windows System Resource Manager (WSRM) and configure user policies
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
10. UPN Suffix xxxx.com needs to be available for user accounts...
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Add the new UPN Suffix to the forest
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Creating a data collector set that kick off a scritp that either move or delete files.
11. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
From Server A - run Create Basic Task Wizard
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
12. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Raise the DFL to Windows Server 2008 R2.
Active Directory Right Management Services (AD RMS)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
13. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Windows System Resource Manager (WSRM)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Purchase one additional Enterprise License
Configure caching on the shared folder (offline files)
14. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Modify the GPO to include folder redirection
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Microsoft System Center Data Protection Manager
15. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Deploy Microsoft System Center Operations Manager (SCOM)
Perform an authoritative restore
DSMOD
Windows BitLocker Drive Encryption (Bit Locker)
16. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Windows System Resource Manager (WSRM)
Event Viewer
17. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Deploy a GPO to the WebSrvOU
Deploy it by using Group Policy Software Installation method
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
18. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Deploy Microsoft System Center Operations Manager (SCOM)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Win2000
19. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
The Group Policy Management Console
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
20. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Backup operator's domain local group
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Certificate Templates
Install Windows Server Backup and modify the Windows firewall settings
21. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Offline domain join
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Create an Active Directory-Integrated zone.
Printer driver isolation
22. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Include a server that runs Microsoft Office SharePoint Server 2010
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Then install new Server 2008 R2 Enterprise subordinate CA.
PDC emulator with w32tm.exe
23. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Then use on install image file that contains a single install image.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement a GPO for each domain
25. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Enable Credential Roaming
Upgrading DFS to Windows Server 2008 R2
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Assign the application to computers in the PC OU
26. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Network Load Balancing (NLB) cluster
Utilize IFM (Install From Media)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
27. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
File Server Resource Manager (FSRM) quotas and file screens
Implement a GPO for each domain
Disable Site Link Bridging from IP Properties
28. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Upgrading DFS to Windows Server 2008 R2
Configure offline files and enable manual caching
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
29. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Import-Module
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Microsoft Desktop Optimization Pack (MDOP) to your company
30. If a file server reaches 15% free disk space - you could free up some disk space by
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Properties of PSO need modified
Creating a data collector set that kick off a scritp that either move or delete files.
Deploy a GPO for the Sales OU
31. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Create and deploy a logon script that runs Auditpol.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
32. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
From Server1 - run the Create Basic Task Wizard
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
AD RMS
Configure separate application pools for each application
33. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Create a standard secondary of domain and create standard secondary of other domain.
Install and share a printer on a server and then enable printer pooling.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
34. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
net stop ntds
Dsmgmt
AD Domains and Trusts
35. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Create a Network Load Balancing cluster.
Install the RSAT tool on their workstation to provide for more efficient network management
Service user account for AD LDS
DISABLE slow link detection in the GPO
36. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
NOT be able to store that data on an iSCSI SAN
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
37. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Install the RSAT tool on their workstation to provide for more efficient network management
Dynamically expanding VHD's
Configure authorization rules for Web developers on each web server
Windows System Resource Manager (WSRM)
38. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Implement Shadow Copies
Folder redirection. Folder redirection is also useful when using roamin profiles.
Enable Credential Roaming
Install and share a printer on a server and then enable printer pooling.
39. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Implement Windows System Resource Manager (WSRM) and configure user policies
Add the new UPN Suffix to the forest
Test-AppLockerPolicy
Create a Central Store
40. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Modify the GPO to include folder redirection
Subnet object needs to be created
Utilize IFM (Install From Media)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
41. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Encrypting File System (EFS). This can be enabled locally or through a GPO.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
42. PowerShell script to create user accounts with passwords from a file called password.csv
FILES option within Ntdsutil
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
43. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Changed manually
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
44. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Distributed File System (DFS) Replication
Deploy a failover cluster that contains one node in each office.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement one LUN for the quorum and another LUN for the data
45. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Implement a domain-based DFS namespace that uses replication
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Software Restriction Polices
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
46. To determine size of AD database file...
Ensure your account - or the group is a member of the local Administrators group for that specific server.
View properties of %systemroot%ntdsntds.dit
Configure separate application pools for each application
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
47. Tools to view contents of an OU in an AD snapshot...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
dsa.msc - dsamain.exe - ntdsutil.exe
Then use Windows BitLocker Drive Encryption
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
48. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Recommend GPT and basic disks
Group Policy Preferences
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
49. When deploying an application using the Group Policy distribution method assign the...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Use local roles options within "dsmgmt"
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
net stop ntds
50. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
View properties of %systemroot%ntdsntds.dit
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then use Windows Deployment Services (WDS)
From Server A - run Create Basic Task Wizard