SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To build a highly secure server cluster with a reduced attack surface area
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Use local roles options within "dsmgmt"
Properties of PSO need modified
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
2. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Zone transfer settings
Raise the DFL to Windows Server 2008 R2.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Create an Active Directory-Integrated zone.
3. When service account passwords need to be changed for SQL they should be...
Configure authorization rules for Web developers on each web server
Implement folder redirection by using GPO. Then backup the folder redirection target.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Changed manually
4. To backup to tape/robotic tape and to backup VMs you must use...
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Microsoft System Center Data Protection Manager 2010
Recommend Offline Files
Domain based Distributed File System (DFS) will reduce network traffic
5. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Dfsrdiag
DSMOD
Certificate Templates
6. The Computer Management snap-in allows you to create shares both on...
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Administrators is the minimum group membership required to complete this procedure.
Your machine and remote desktops
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
7. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Implement one LUN for the quorum and another LUN for the data
Disable Site Link Bridging from the IP properties
Configure Firewall Group Policies and link them at the Domain level
Add the new UPN Suffix to the forest
8. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Attach VHD file created by Windows server backup
Then use on install image file that contains a single install image.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Improve the performance of File Servers
9. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Then use Windows Deployment Services (WDS) on DHCP1.
dnscmd tool
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
10. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Prestage the computer account in AD
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
11. New password settings object (PSO) created and needs to be applied to user
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Use Netsh tool from administrator's computer.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Properties of PSO need modified
12. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Add the new UPN suffix to the forest.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
13. You need to design your WSUS infrastructure so that updates are highly available. To do so
Microsoft Desktop Optimization Pack (MDOP) to your company
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Domain based DFS namespace and configure a DFS replication group
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
14. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
IIS Manager user account
Active Directory snapshots and Tombstone reanimation
15. To allow a user to administer Active Directory
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Assign the application to all client computers by using a GPO.
Windows System Resource Manager (WSRM)
Add the user to the Domain Admins global group
16. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
IIS Manager user account
Repadmin
17. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement one LUN for the quorum and another LUN for the data
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
18. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
From Server A - run Create Basic Task Wizard
Raise the DFL to Windows Server 2008 R2.
Create a Central Store
Software Restriction Polices
19. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
View properties of %systemroot%ntdsntds.dit
Disable Site Link Bridging from IP Properties
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Restore-ADObject cmdlet
20. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Group Policy Preferences
Windows Deployment Services (WDS)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
21. FFL is...
Win2000
Dynamically expanding VHD's
Configure caching on the shared folder (offline files)
Deploy a GPO to the WebSrvOU
22. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Certificate Templates
Use local roles options within "dsmgmt"
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
23. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Enable - ADoptionalFeature cmdlet
24. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
dsa.msc - dsamain.exe - ntdsutil.exe
AD RMS
Event Subscriptions
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
25. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Network Load Balancing (NLB) cluster
From Server A - run Create Basic Task Wizard
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
26. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Event Log Subscriptions
Group Policy Preferences
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Run adprep /forestprep and adprep /domainprep
27. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Backup operator's domain local group
Subnet object needs to be created
28. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
DSMOD
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Run the Delegation of Control Wizard on the Staff OU
29. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Use CISCO IP Helper command to configure.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
30. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Authorization Manager role assignment
Implement Network Access Protection (NAP) that uses 802.1x enforcement
31. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Create an e-mail account in AD DS for your RMS users.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Configure separate application pools for each application
32. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Enable Windows Remote Management (WinRM) on each server.
Authorization Manager role assignment
Microsoft Desktop Optimization Pack (MDOP)
33. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Ldp
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
34. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Add George to the Domain Admins group.
35. The strongest form of NAP is
Implement Distributed File System Replication (DFSR) on both servers
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Disable Site Link Bridging from IP Properties
Add George to the Domain Admins group.
36. To ensure that recovery is possible if a file on a file server is deleted accidentally
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Service user account for AD LDS
Implement Shadow Copies
37. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Windows Server 2003
Event Viewer
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
A Distributed File System (DFS) namespace
38. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Win2000
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure block inheritance on the IT OU
Changed manually
39. To prevent account password from being cached on RODC server...
Create an Active Directory-Integrated zone.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Modify properties of RODC server computer account.
40. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
DSMOD
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
41. Jack and Jill go up the hill - both with a buck and a quarter
Install the RSAT tool on their workstation to provide for more efficient network management
fsconfig on FSSrv2
Jill came down with 2.50.
Active Directory snapshots and Tombstone reanimation
42. If a file server reaches 15% free disk space - you could free up some disk space by
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
AD RMS
Creating a data collector set that kick off a scritp that either move or delete files.
43. If subnets are connected by CISCO router that is RFC-1542 compliant
Assign the application to all client computers by using a GPO.
Use CISCO IP Helper command to configure.
Zone transfer settings
Domain based DFS namespace and configure a DFS replication group
44. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Changed manually
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Install the RSAT tool on their workstation to provide for more efficient network management
45. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Windows Deployment Services (WDS)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Share and Storage Management
46. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. To add a new UPN for all user accounts...
Winrm quickconfig
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
AD Domains and Trusts
48. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Ntfrsutil
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
49. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Repadmin
Active Directory Users and Computers
Modify properties of RODC server computer account.
50. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Deploy a failover cluster that uses Node and File Share Disk Majority
A relying party trust should be created.
