SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Authorization Manager role assignment
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
2. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Recommend Offline Files
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
3. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Refresh the zone on DNS2
Deploy Microsoft System Center Operations Manager (SCOM)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
4. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
A relying party trust should be created.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Install From Media IFM
5. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Offline domain join
Active Directory Domains and Trusts
6. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Purchase one additional Enterprise License
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
7. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Create a MEDV workspace
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
AD RMS
Set-ADServiceAccount cmdlet
8. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Service user account for AD LDS
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
9. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Administrators is the minimum group membership required to complete this procedure.
Upgrading DFS to Windows Server 2008 R2
Add the user to the Domain Admins global group
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
10. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Configure block inheritance on the IT OU
Administrative Role Separation
Create a new Password Settings Object (PSO) for the IT users.
11. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Implement Windows System Resource Manager (WSRM)
Deploy a failover cluster that contains one node in each office.
Deploy a failover cluster that uses Node and File Share Disk Majority
12. to make shares at a remote location available to users you should implement this.
Add the Windows Server Backup feature and Windows System Image recovery.
From Server A - run Create Basic Task Wizard
Execute the Set-ADServiceAccount cmdlet
Domain based Distributed File System (DFS) namespace and DFS Replication.
13. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure the zone as an Activde Directory-Integrated zone.
Authorization Manager
14. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Then install new Server 2008 R2 Enterprise subordinate CA.
Create an Active Directory-Integrated zone.
Install From Media IFM
15. To be able to manage all the corporate servers from a workstation - you must install the
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
16. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Recommend GPT and basic disks
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Basic Authentication and SSL
Modify zone transfer settings for company.com zone on DCA
17. New Password Policy needs to be created for OU different from domain password policy
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
DISABLE slow link detection in the GPO
18. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Share and Storage Management
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Data Recovery Agent
19. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Implement GPO for all client computers
MEDV to deploy virtual desktops
Configure separate application pools for each application
20. To be able to user an application from one AD FS with authentication server to another...
AD Domains and Trusts
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
A relying party trust should be created.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
21. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Microsoft Desktop Optimization Pack (MDOP)
Then use Windows Deployment Services (WDS) on DHCP1.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
22. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Then use Windows Deployment Services (WDS)
Implement a domain-based DFS namespace that uses replication
Use the Local Roles options with dsmgmt.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
23. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Install Hyper-V role and convert physical machines into virtual machines
IIS Manager user account
A Distributed File System (DFS) namespace
24. To identify users who bypass the new corporate security policy -
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Assign the application to all client computers by using a GPO.
Configure Audit Special Logon and define Special Groups
25. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Dsmgmt
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
26. When recommending a monitoring solution for an application so that it's events can be stored in a central
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Event Subscriptions
Configure caching on the shared folder (offline files)
27. to protect file servers and hard disks that may be at risk of being accessed or stolen
Create a new Password Settings Object (PSO) for the IT users.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement Windows BitLocker Drive Encryption (BitLocker)
Attach VHD file created by Windows server backup
28. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Storage manager for SANs
Properties of PSO need modified
The Group Policy Management Console
29. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Then use Windows Deployment Services (WDS) on DHCP1.
AD RMS
30. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure event log subscriptions
Dfsrdiag
The Group Policy Management Console
31. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Recommend Active Directory delegation
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Create a Central Store
32. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Modify the schema of LDSInst1
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Create a MEDV workspace
Create an e-mail account in AD DS for your RMS users.
33. To compact AD database...
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Share and Storage Management
Passive file screens
FILES option within Ntdsutil
34. To determine size of AD database file...
Create an e-mail account in AD DS for your RMS users
Create an e-mail account in AD DS for your RMS users.
View properties of %systemroot%ntdsntds.dit
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
35. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Implement Distributed File System Replication (DFSR) on both servers
36. To allow connection to a 256 Kbps ISDN...
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
DISABLE slow link detection in the GPO
Ldp
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
37. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Implement Network Access Protection (NAP)
Group Policy Preferences
Passive file screens
38. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Dsmgmt
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
39. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
40. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Dsmgmt
41. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Perform an authoritative restore
Ldp
Recommend Offline Files
Microsoft Desktop Optimization Pack (MDOP)
42. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Zone transfer settings
Set-ADServiceAccount cmdlet
Share and Storage Management
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
43. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Configure separate application pools for each application
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Deploy Microsoft System Center Operations Manager (SCOM)
44. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Event Subscriptions
Microsoft Desktop Optimization Pack (MDOP) to your company
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Authorization Manager role assignment
45. To delegate authority to users to manage only certain areas in Hyper-V use the
Event Subscriptions
Jill came down with 2.50.
Authorization Manager role assignment
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
46. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Recommend GPT and basic disks
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Enable Windows Remote Management (WinRM) on the servers.
Ldp
47. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Service user account for AD LDS
Windows Server 2003
Implement the Windows Search Service.
48. The Computer Management snap-in allows you to create shares both on...
Deploy the Root CA certificate to the external computers.
Your machine and remote desktops
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Ntfrsutil
49. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
50. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure authorization rules for Web developers on each web server
Deploy it by using Group Policy Software Installation method
Assign the application to computers in the PC OU
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests