SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Subnet object needs to be created
2. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add George to the Domain Admins group.
Use the Local Roles options with dsmgmt.
Disable Site Link Bridging from the IP properties
Implement a GPO for each domain
3. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Configure the zone as an Activde Directory-Integrated zone.
Test-AppLockerPolicy
Configure RODC for Administrator Role Separation
4. To defragment and AD database...
Active Directory snapshots and Tombstone reanimation
Use local roles options within "dsmgmt"
net stop ntds
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
5. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Properties of PSO need modified
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Incoming external trust
6. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Authorization Manager
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Include a server that runs Microsoft Office SharePoint Server 2010
Win2000
7. To make deploying the custom Word dictionary easy
Implement GPO for all client computers
Add the Windows Server Backup feature and Windows System Image recovery.
Windows Server 2003
Recommend Group Policy preferences
8. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Implement Distributed File System Replication (DFSR) on both servers
Install and share a printer on a server and then enable printer pooling.
Enable - ADoptionalFeature cmdlet
Folder redirection. Folder redirection is also useful when using roamin profiles.
9. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Install Hyper-V role and convert physical machines into virtual machines
Passive file screens
Add the new UPN suffix to the forest.
10. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Configure block inheritance on the IT OU
Event Log Subscriptions
11. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Implement GPO for all client computers
Implement Network Access Protection (NAP)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
12. To create AD Domain Services snapshot
Deploy a failover cluster that contains one node in each office.
Ntdsutil
djoin /requesteodj from internal server - djoin /provision from outside server/PC
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
13. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
DFL needs to be Windows Server 2008
Active Directory Right Management Services (AD RMS)
14. 4 steps to perform offline Defragmentation of AD database...
Dfsrdiag
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
15. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Configure separate application pools for each application
Purchase one additional Enterprise License
dsa.msc - dsamain.exe - ntdsutil.exe
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
16. To add a new UPN for all user accounts...
An Active Directory subnet object needs to be created.
AD Domains and Trusts
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
17. To back up your Hyper-VMs and the Hyper-V host; for each VM -
IIS Chared Configuration
Implement Windows BitLocker Drive Encryption (BitLocker)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Service user account for AD LDS
18. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Network Load Balancing (NLB) cluster
Windows Deployment Services (WDS)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Add the user to the Domain Admins global group
19. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Refresh the zone on DNS2
Add the new UPN suffix to the forest.
20. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Group Policy Preferences
Run the Delegation of Control Wizard on the Staff OU
21. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy a failover cluster that uses Node and File Share Disk Majority
Install and share a printer on a server and then enable printer pooling.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
22. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Active Directory Right Management Services (AD RMS)
FILES option within Ntdsutil
Implement a Remote Desktop Connection Broker (RD Connection Broker)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
23. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Active Directory Users and Computers utility
PDC emulator with w32tm.exe
Network Load Balancing (NLB)
24. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Microsoft System Center Data Protection Manager 2010
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
An Active Directory subnet object needs to be created.
25. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Group Policy Preferences
Dfsrdiag
Run adprep /forestprep and adprep /domainprep
26. You need to allow a user to add a single computer to a domain - without any additional rights...
Registry on users computer needs to be modified
Configure separate application pools for each application
Multipath I/O feature
Prestage the computer account in AD
27. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Add the user to the Domain Admins global group
Create an Active Directory-Integrated zone.
Winrm quickconfig
Service user account for AD LDS
28. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Implement Windows BitLocker Drive Encryption (BitLocker)
Autonomous mode...This allows the local administrator to approve their own updates.
29. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Dsmgmt
30. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement a GPO for each domain
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
31. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Configure Firewall Group Policies and link them at the Domain level
FFL Windows Server 2008 R2
Changed manually
32. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Microsoft Application Virtualization (AppV)
Implement a domain-based DFS namespace that uses replication
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
33. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Printer driver isolation
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
34. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Configure Audit Special Logon and define Special Groups
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Group Policy Preferences
AD Rights Management Services
35. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Upgrading DFS to Windows Server 2008 R2
Add the Windows Server Backup feature and Windows System Image recovery.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
File Server Resource Manager (FSRM) quotas and file screens
36. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Back up to an external USB drive by using Windows Server Backup
Dsmgmt
37. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Implement one LUN for the quorum and another LUN for the data
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Improve the performance of File Servers
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
38. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Your machine and remote desktops
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
39. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Raise the DFL to Windows Server 2008 R2.
802.1.x NAP
40. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Then use Windows BitLocker Drive Encryption
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
41. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Run adprep /forestprep and adprep /domainprep
Modify zone transfer settings for company.com zone on DCA
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Raise the DFL to Windows Server 2008 R2.
42. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
802.1.x NAP
Authorization Manager
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure the zone as an Activde Directory-Integrated zone.
43. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
44. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Deploy Microsoft System Center Operations Manager (SCOM)
Create a MEDV workspace
FILES option within Ntdsutil
From Server A - run Create Basic Task Wizard
45. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
New ACCOUNT STORE should be added and configured
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure caching on the shared folder and configure offline files to use encryption
Microsoft Application Virtualization (AppV)
46. If you need to allow an external partner's computer to access internal network resources by using SSTP
Event Subscriptions
From Server1 - run the Create Basic Task Wizard
Deploy the Root CA certificate to the external computers.
Run adprep /forestprep and adprep /domainprep
47. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Additional DFS Targets
Add-ADFineGrainedPasswordPolicySubject cmdlet
Windows System Resource Manager (WSRM)
48. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Execute the Set-ADServiceAccount cmdlet
Ntfrsutil
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Install the RSAT tool on their workstation to provide for more efficient network management
49. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy a failover cluster that uses Node and File Share Disk Majority
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
50. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
From Server1 - run the Create Basic Task Wizard
Administrative Role Separation
AD RMS
