SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Get-ADUser cmdlet
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Add the new UPN suffix to the forest.
Then install new Server 2008 R2 Enterprise subordinate CA.
3. DFL is...
Win2000 Native
Test-AppLockerPolicy
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
4. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Folder redirection. Folder redirection is also useful when using roamin profiles.
MEDV to deploy virtual desktops
Your machine and remote desktops
5. UPN Suffix xxxx.com needs to be available for user accounts...
Deploy a GPO to the WebSrvOU
Active Directory Users and Computers utility
Add the new UPN Suffix to the forest
Encrypting File System (EFS). This can be enabled locally or through a GPO.
6. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Utilize IFM (Install From Media)
Refresh the zone on DNS2
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
7. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
FILES option within Ntdsutil
Create a new Password Settings Object (PSO) for the IT users.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
8. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Create a MEDV workspace
Active Directory Right Management Services (AD RMS)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Configure event log subscriptions
9. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Creating a data collector set that kick off a scritp that either move or delete files.
Incoming external trust
10. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Execute the Set-ADServiceAccount cmdlet
Assign the application to all client computers by using a GPO.
Test-AppLockerPolicy
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
11. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Ntfrsutil
Disable Site Link Bridging from IP Properties
12. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Create an e-mail account in AD DS for your RMS users
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
net stop ntds
13. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Deploy a GPO to the WebSrvOU
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
A Distributed File System (DFS) namespace
Modify zone transfer settings for company.com zone on DCA
14. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Deploy a failover cluster that uses Node and File Share Disk Majority
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Configure Audit Special Logon and define Special Groups
Network Load Balancing (NLB) cluster
15. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Windows XP Mode
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Install Hyper-V role and convert physical machines into virtual machines
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
16. You need to deploy a sales application that only the sales users must have access to
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Deploy a GPO for the Sales OU
Include a server that runs Microsoft Office SharePoint Server 2010
Authorization Manager
17. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Then use on install image file that contains a single install image.
New ACCOUNT STORE should be added and configured
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
18. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Recommend Group Policy preferences
Subnet object needs to be created
19. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Site
DFL needs to be Windows Server 2008
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
20. What should be done first to defragment the AD database?
Deploy it by using Group Policy Software Installation method
Install Hyper-V role and convert physical machines into virtual machines
Run net stop ntds
Add the new UPN Suffix to the forest
21. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
22. In order to manage websites without having to logon you can use
Enable Windows Remote Management (WinRM) on each server.
Recommend Active Directory delegation
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
PowerShell 2.0
23. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Ntfrsutil
Create a Central Store
24. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Win2000
25. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
From Server A - run Create Basic Task Wizard
dnscmd tool
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Windows BitLocker Drive Encryption (Bit Locker)
26. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Administrative Role Separation
CAPublishGP group should have the Manage CA permission.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Authorization Manager
27. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Software Restriction Polices
Windows XP Mode
Jill came down with 2.50.
29. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Then use Windows Deployment Services (WDS) on DHCP1.
Implement a domain-based DFS namespace that uses replication
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
30. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Winrm quickconfig
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Additional DFS Targets
New ACCOUNT STORE should be added and configured
31. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Assign the application to all client computers by using a GPO.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add the Windows Server Backup feature and Windows System Image recovery.
Deploy it by using Group Policy Software Installation method
32. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Configure RODC for Administrator Role Separation
Create a Network Load Balancing cluster.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Microsoft System Center Data Protection Manager 2010
33. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Enable Windows Remote Management (WinRM) on the servers.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
34. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Then configure auto enrollment of certificates and Credential Roaming.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure event log subscriptions
Configure Firewall Group Policies and link them at the Domain level
35. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Active Directory Domains and Trusts
Microsoft Application Virtualization (AppV)
FFL Windows Server 2008 R2
36. Tool to change Directory Services Restore Mode password on Domain Controller...
Certificate Templates
Windows System Resource Manager (WSRM)
ntdsutil
NOT be able to store that data on an iSCSI SAN
37. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Restore-ADObject cmdlet
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure authorization rules for Web developers on each web server
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
38. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Add George to the Domain Admins group.
Configure authorization rules for Web developers on each web server
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Install Hyper-V role and convert physical machines into virtual machines
39. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Backup operator's domain local group
Winrm quickconfig
Deploy Microsoft System Center Operations Manager (SCOM)
40. To backup GPO's in domain and minimize bakcup...
Dfsrdiag
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
The Group Policy Management Console
dsa.msc - dsamain.exe - ntdsutil.exe
41. Capture all replication errors from all your DCs to a central location...
IIS Manager user account
Subnet object needs to be created
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Configure event log subscriptions
42. A specific application requires registry modifications to be in place before installing; you should use
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Run adprep /forestprep and adprep /domainprep
Group Policy Preferences
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
43. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Event Viewer
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
DSMOD - ADUC
Run adprep /forestprep and adprep /domainprep
44. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Run the Delegation of Control Wizard on the Staff OU
The Group Policy Management console
Execute the Set-ADServiceAccount cmdlet
Basic Authentication and SSL
45. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Then use Windows Deployment Services (WDS) on DHCP1.
Site
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Recommend Offline Files
46. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Configure the zone as an Activde Directory-Integrated zone.
Software Restriction Polices
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
47. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
A relying party trust should be created.
Event Log Subscriptions
Active Directory Domains and Trusts
Dfsrdiag
48. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Microsoft System Center Data Protection Manager 2010
Then install new Server 2008 R2 Enterprise subordinate CA.
Create an e-mail account in AD DS for your RMS users.
Get-ADUser cmdlet
49. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Implement Windows BitLocker Drive Encryption (BitLocker)
Include a server that runs Microsoft Office SharePoint Server 2010
50. To configure AD FS so tokens contain information from Active Directory domain...
Backup operator's domain local group
New ACCOUNT STORE should be added and configured
Modify the schema of LDSInst1
Autonomous mode...This allows the local administrator to approve their own updates.