SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
Install Hyper-V role and convert physical machines into virtual machines
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create ADMX and ADML files. Configure the GPO and link it to the domain.
2. To allow a user to administer Active Directory
Implement folder redirection by using GPO. Then backup the folder redirection target.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Add the user to the Domain Admins global group
3. 2 ways to relocate user and computer accounts to different OUs
The Group Policy Management Console
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Implement Windows BitLocker Drive Encryption (BitLocker)
DSMOD - ADUC
4. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
5. PowerShell script to create user accounts with passwords from a file called password.csv
Utilize IFM (Install From Media)
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Set-ADServiceAccount cmdlet
6. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Then use Windows BitLocker Drive Encryption
Install From Media IFM
Configure authorization rules for Web developers on each web server
7. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Configure Firewall Group Policies and link them at the Domain level
Incoming external trust
Software Restriction Polices
Add the Windows Server Backup feature and Windows System Image recovery.
8. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
A relying party trust should be created.
Backup operator's domain local group
Implement a domain-based DFS namespace that uses replication
DSMOD
9. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Deploy the Root CA certificate to the external computers.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Windows System Resource Manager (WSRM)
10. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Raise the DFL to Windows Server 2008 R2.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Basic Authentication and SSL
Ntfrsutil
11. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
802.1.x NAP
Incoming external trust
Multipath I/O feature
12. You need to allow a user to add a single computer to a domain - without any additional rights...
Network Load Balancing (NLB)
Set-ADServiceAccount cmdlet
Prestage the computer account in AD
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
13. To prevent account password from being cached on RODC server...
Install Windows Server Backup and modify the Windows firewall settings
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Modify properties of RODC server computer account.
FFL Windows Server 2008 R2
14. When recommending a monitoring solution for an application so that it's events can be stored in a central
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Event Subscriptions
15. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud
16. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Changed manually
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure folder redirection
Software Restriction Polices
17. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Deploy Microsoft System Center Operations Manager (SCOM)
Windows XP Mode
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Implement Windows System Resource Manager (WSRM) and configure user policies
18. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Administrators is the minimum group membership required to complete this procedure.
AD RMS
19. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Implement Distributed File System Replication (DFSR) on both servers
Repadmin
Authorization Manager role assignment
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
20. Capture all replication errors from all your DCs to a central location...
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Configure event log subscriptions
Dynamically expanding VHD's
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
21. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Configure authorization rules for Web developers on each web server
Share and Storage Management
22. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
23. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be
24. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy a failover cluster that contains one node in each office.
Service user account for AD LDS
Certificate Templates
25. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Restore-ADObject cmdlet
Dfsrdiag
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement a GPO for each domain
26. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Authorization Manager role assignment
Ldp
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Distributed File System Replication (DFSR) on both servers
27. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
28. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Domain based Distributed File System (DFS) namespace and DFS Replication.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Purchase one additional Enterprise License
29. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Implement Distributed File System Replication (DFSR) on both servers
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
30. To deploy templates across the organization
Modify the GPO to include folder redirection
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Administrative Role Separation
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
31. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Import-Module
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
32. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Recommend GPT and basic disks
33. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Then use Windows BitLocker Drive Encryption
Authorization Manager
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Execute the Set-ADServiceAccount cmdlet
34. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Changed manually
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
35. What GPO setting should be configured to prevent all users from running an application?
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Software Restriction Polices
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Modify zone transfer settings for company.com zone on DCA
36. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
IIS Manager user account
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Dsmgmt
Configure offline files and enable manual caching
37. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Refresh the zone on DNS2
Then configure GlobalNames zones on each domain controller.
From Server1 - run the Create Basic Task Wizard
Test-AppLockerPolicy
38. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
AD Domains and Trusts
Dfsrdiag
Install and share a printer on a server and then enable printer pooling.
Modify properties of RODC server computer account.
39. To make deploying the custom Word dictionary easy
AD Domains and Trusts
Deploy it by using Group Policy Software Installation method
Recommend Group Policy preferences
Windows XP Mode
40. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Modify the local policy to point to the Internal WSUS server
dsa.msc - dsamain.exe - ntdsutil.exe
Microsoft System Center Data Protection Manager
41. To build a highly secure server cluster with a reduced attack surface area
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
42. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Windows XP Mode
Then use Windows BitLocker Drive Encryption
Install Windows Server Backup and modify the Windows firewall settings
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
43. What shold be done to configure AD RMS so users can protect their data?
Back up to an external USB drive by using Windows Server Backup
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Create an e-mail account in AD DS for your RMS users
Run adprep /forestprep and adprep /domainprep
44. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Event Subscriptions
Configure folder redirection
The Group Policy Management console
NOT be able to store that data on an iSCSI SAN
45. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Import-Module
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
46. To restore deleted user account from AD Recycle Bin...
Recommend Active Directory delegation
DISABLE slow link detection in the GPO
Run the Delegation of Control Wizard on the Staff OU
Restore-ADObject cmdlet
47. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Ntfrsutil
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Raise the DFL to Windows Server 2008 R2.
Use local roles options within "dsmgmt"
48. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Test-AppLockerPolicy
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Recommend Group Policy preferences
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
49. File that contains the last logon time and custom attributes values for each user in your forest.
Microsoft Desktop Optimization Pack (MDOP)
Get-ADUser cmdlet
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
50. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
The Group Policy Management Console
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
