SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy Microsoft System Center Operations Manager (SCOM)
Network Load Balancing (NLB) cluster
Modify zone transfer settings for company.com zone on DCA
2. What should be done to resolve names by using GlobalNames zone?
Implement a GPO for each domain
Software Restriction Polices
dnscmd tool
Implement Windows System Resource Manager (WSRM)
3. If you need to be able to create shared folders on Server 2008 R2
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
fsconfig on FSSrv2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
4. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Recommend Active Directory delegation
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
5. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Create ADMX and ADML files. Configure the GPO and link it to the domain.
IIS Chared Configuration
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
6. to protect file servers and hard disks that may be at risk of being accessed or stolen
Recommend Active Directory delegation
Modify the GPO to include folder redirection
Implement Windows BitLocker Drive Encryption (BitLocker)
Then configure auto enrollment of certificates and Credential Roaming.
7. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
IIS Chared Configuration
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
8. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
The Group Policy Management console
Incoming external trust
9. To build a highly secure server cluster with a reduced attack surface area
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Include a server that runs Microsoft Office SharePoint Server 2010
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
10. If you want to allow single-label name resolution
Dfsrdiag
Back up to an external USB drive by using Windows Server Backup
Group Policy Preferences
Then configure GlobalNames zones on each domain controller.
11. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Event Subscriptions
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
DFL needs to be Windows Server 2008
Configure block inheritance on the IT OU
12. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Active Directory Users and Computers
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
fsconfig on FSSrv2
13. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
WDS
IIS Manager user account
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
14. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
A relying party trust should be created.
15. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
Changed manually
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Microsoft Desktop Optimization Pack (MDOP) to your company
16. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Disable Site Link Bridging from IP Properties
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Winrm quickconfig
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
17. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
View properties of %systemroot%ntdsntds.dit
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Enable Credential Roaming
Microsoft Desktop Optimization Pack (MDOP)
18. You need to deploy a sales application that only the sales users must have access to
Attach VHD file created by Windows server backup
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Deploy a GPO for the Sales OU
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
19. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Upgrading DFS to Windows Server 2008 R2
DFL needs to be Windows Server 2008
Use CISCO IP Helper command to configure.
20. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Use a GPO to configure device installation restrictions
21. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Configure separate application pools for each application
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Modify the local policy to point to the Internal WSUS server
22. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Configure folder redirection
Add the new UPN suffix to the forest.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Windows XP Mode
23. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Microsoft System Center Data Protection Manager 2010
Recommend GPT and basic disks
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
24. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Restore-ADObject cmdlet
Create a Network Load Balancing cluster.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
25. to make shares at a remote location available to users you should implement this.
CAPublishGP group should have the Manage CA permission.
Microsoft Desktop Optimization Pack (MDOP) to your company
Assign the application to all client computers by using a GPO.
Domain based Distributed File System (DFS) namespace and DFS Replication.
26. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Assign the application to computers in the PC OU
Add the new UPN Suffix to the forest
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
27. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Service user account for AD LDS
Install Windows Server Backup and modify the Windows firewall settings
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Implement a domain-based DFS namespace that uses replication
28. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
DSMOD
Dfsrdiag
Disable Site Link Bridging from IP Properties
29. To ensure that recovery is possible if a file on a file server is deleted accidentally
Run adprep /forestprep and adprep /domainprep
dnscmd
Implement Shadow Copies
Service user account for AD LDS
30. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Deploy it by using Group Policy Software Installation method
Then use on install image file that contains a single install image.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
31. What should be done so application does not fail after 30 days while still keeping password policy in mind?
net stop ntds
Set-ADServiceAccount cmdlet
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Modify properties of RODC server computer account.
32. Need to ensure users receive updated template within five days...
Offline domain join
Registry on users computer needs to be modified
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
33. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Incoming external trust
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
34. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Add the new UPN suffix to the forest.
Back up to an external USB drive by using Windows Server Backup
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
35. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Role Separation
Windows Server 2003
Active Directory Right Management Services (AD RMS)
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
36. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Deploy a failover cluster that contains one node in each office.
Dynamically expanding VHD's
Create and deploy a logon script that runs Auditpol.
37. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Use the Local Roles options with dsmgmt.
Create an e-mail account in AD DS for your RMS users
38. To defragment and AD database...
Event Log Subscriptions
Disable Site Link Bridging from IP Properties
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
net stop ntds
39. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Perform an authoritative restore
FFL Windows Server 2008 R2
40. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
DISABLE slow link detection in the GPO
Add the user to the Domain Admins global group
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
41. An AD LDS instance needs to be replicated from one server to another...
Configure offline files and enable manual caching
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Service user account for AD LDS
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
42. Capture all replication errors from all your DCs to a central location...
Properties of PSO need modified
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure event log subscriptions
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
43. To identify users who bypass the new corporate security policy -
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Windows System Resource Manager (WSRM)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure Audit Special Logon and define Special Groups
44. In order to ensure highly available Windows Update servers you should create this.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
45. The Computer Management snap-in allows you to create shares both on...
AD Rights Management Services
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Your machine and remote desktops
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
46. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Offline domain join
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then use on install image file that contains a single install image.
Configure caching on the shared folder and configure offline files to use encryption
47. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Windows Server 2003
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
48. To allow connection to a 256 Kbps ISDN...
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Enable Credential Roaming
DISABLE slow link detection in the GPO
Implement a GPO for each domain
49. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Repadmin
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Software Restriction Polices
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
50. If you want to implement BitLocker and store recovery informaiton in a central location
Enable - ADoptionalFeature cmdlet
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Dynamically expanding VHD's