SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement Network Access Protection (NAP)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Network Load Balancing (NLB)
2. For the users that work remotely that need access to files from the corporate office you should...
Create a Network Load Balancing cluster.
Recommend Offline Files
dsa.msc - dsamain.exe - ntdsutil.exe
Configure Audit Special Logon and define Special Groups
3. Can be used to install the Windows RE on existing servers
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
WDS
Configure the zone as an Activde Directory-Integrated zone.
4. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Recommend Group Policy preferences
Enable Windows Remote Management (WinRM) on the servers.
FFL Windows Server 2008 R2
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
5. A specific application requires registry modifications to be in place before installing; you should use
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Configure folder redirection
Group Policy Preferences
6. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Create an Active Directory-Integrated zone.
Share and Storage Management
PDC emulator with w32tm.exe
File Server Resource Manager (FSRM) quotas and file screens
7. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then use Windows Deployment Services (WDS) on DHCP1.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
8. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Additional DFS Targets
9. To enable the AD Recycle Bin
Enable Windows Remote Management (WinRM) on the servers.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Then use Windows Deployment Services (WDS)
Enable - ADoptionalFeature cmdlet
10. To defragment and AD database...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Microsoft Desktop Optimization Pack (MDOP) to your company
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
net stop ntds
11. What shold be done to configure AD RMS so users can protect their data?
fsconfig on FSSrv2
Create an e-mail account in AD DS for your RMS users
Install and share a printer on a server and then enable printer pooling.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
12. To add a new UPN for all user accounts...
Network Load Balancing (NLB)
AD Domains and Trusts
Include a server that runs Microsoft Office SharePoint Server 2010
PowerShell 2.0
13. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
WSUS server in the branch office in replica mode.
Implement a domain-based DFS namespace that uses replication
Basic Authentication and SSL
14. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement Network Access Protection (NAP)
Then use Windows BitLocker Drive Encryption
15. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Windows Server 2003
Microsoft Desktop Optimization Pack (MDOP) to your company
16. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
17. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
New ACCOUNT STORE should be added and configured
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement one LUN for the quorum and another LUN for the data
18. 4 steps to perform offline Defragmentation of AD database...
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Event Log Subscriptions
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
19. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Ntfrsutil
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
20. To create AD Domain Services snapshot
Certificate Templates
Create an e-mail account in AD DS for your RMS users
Install the RSAT tool on their workstation to provide for more efficient network management
Ntdsutil
21. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Active Directory Users and Computers
Recommend GPT and basic disks
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
22. If you want to allow single-label name resolution
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Upgrading DFS to Windows Server 2008 R2
Then configure GlobalNames zones on each domain controller.
Add-ADFineGrainedPasswordPolicySubject cmdlet
23. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
DISABLE slow link detection in the GPO
From Server A - run Create Basic Task Wizard
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
24. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Disable Site Link Bridging from the IP properties
Implement Network Access Protection (NAP)
Microsoft Application Virtualization (AppV)
25. What should be done to ensure changes made to AD objects can be logged?
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Dsmgmt
Passive file screens
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
26. Striped volumes
Implement Shadow Copies
Purchase one additional Enterprise License
Improve the performance of File Servers
Execute the Set-ADServiceAccount cmdlet
27. What should be done first to defragment the AD database?
Run net stop ntds
Create a standard secondary of domain and create standard secondary of other domain.
Deploy a GPO for the Sales OU
Install From Media IFM
28. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Windows Server 2003
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Configure separate application pools for each application
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
29. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Configure RODC for Administrator Role Separation
PDC emulator with w32tm.exe
Import-Module
30. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Perform an authoritative restore
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Install Hyper-V role and convert physical machines into virtual machines
31. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Event Subscriptions
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Enable Windows Remote Management (WinRM) on each server.
32. To restore deleted user account from AD Recycle Bin...
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Restore-ADObject cmdlet
33. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Deploy a GPO for the Sales OU
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
34. Ensure password length for a group set to 12 characters long while others keep password policy
Upgrading DFS to Windows Server 2008 R2
Implement the Windows Search Service.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Implement GPO for all client computers
35. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Purchase one additional Enterprise License
Deploy a GPO to the WebSrvOU
Incoming external trust
36. Capture all replication errors from all your DCs to a central location...
Group Policy Preferences
Configure event log subscriptions
Changed manually
Configure authorization rules for Web developers on each web server
37. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add the new UPN suffix to the forest.
Modify zone transfer settings for company.com zone on DCA
38. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Administrative Role Separation
Implement Windows System Resource Manager (WSRM)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Disable Site Link Bridging from IP Properties
39. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Then use Windows BitLocker Drive Encryption
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Windows BitLocker Drive Encryption (Bit Locker)
Implement folder redirection by using GPO. Then backup the folder redirection target.
40. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort
41. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
IIS Chared Configuration
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Then use Windows BitLocker Drive Encryption
42. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
43. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Then use Windows Deployment Services (WDS)
44. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Enable Credential Roaming
Windows Deployment Services (WDS)
Deploy Microsoft System Center Operations Manager (SCOM)
45. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
FILES option within Ntdsutil
Incoming external trust
Create an Active Directory-Integrated zone.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
46. To update ADRMS password...
Subnet object needs to be created
AD Rights Management Services
Recommend Group Policy preferences
Deploy a failover cluster that contains one node in each office.
47. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Authorization Manager
48. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Create a MEDV workspace
Implement Network Access Protection (NAP)
Domain based Distributed File System (DFS) namespace and DFS Replication.
49. To ensure that a file on a file server do not leave the organization you must implement this.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
AD RMS
Registry on users computer needs to be modified
DSMOD
50. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
NOT be able to store that data on an iSCSI SAN
Domain based DFS namespace and configure a DFS replication group
Get-ADUser cmdlet
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
