SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Restore-ADObject cmdlet
Deploy the Root CA certificate to the external computers.
2. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Microsoft System Center Data Protection Manager
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create a new Password Settings Object (PSO) for the IT users.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
3. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Administrators is the minimum group membership required to complete this procedure.
Raise the DFL to Windows Server 2008 R2.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
FILES option within Ntdsutil
4. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Folder redirection. Folder redirection is also useful when using roamin profiles.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
A relying party trust should be created.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
5. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Import-Module
Add-ADFineGrainedPasswordPolicySubject cmdlet
Implement a Remote Desktop Connection Broker (RD Connection Broker)
6. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use Netsh tool from administrator's computer.
Use a GPO to configure device installation restrictions
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
7. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Import-Module
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Microsoft Application Virtualization (AppV)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
8. If you need to allow an external partner's computer to access internal network resources by using SSTP
Utilize IFM (Install From Media)
Install Hyper-V role and convert physical machines into virtual machines
Deploy the Root CA certificate to the external computers.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
9. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
Deploy it by using Group Policy Software Installation method
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
10. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Dsmgmt
Implement Windows System Resource Manager (WSRM)
Then use Windows BitLocker Drive Encryption
11. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Add the new UPN Suffix to the forest
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
File Server Resource Manager (FSRM) quotas and file screens
Offline domain join
12. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement the Windows Search Service.
13. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Configure offline files and enable manual caching
Create an e-mail account in AD DS for your RMS users.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Configure Audit Special Logon and define Special Groups
14. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Test-AppLockerPolicy
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
dnscmd tool
WDS
15. To be able to manage all the corporate servers from a workstation - you must install the
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Authorization Manager
Dfsrdiag
16. Capture all replication errors from all your DCs to a central location...
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Use the Local Roles options with dsmgmt.
Configure event log subscriptions
17. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Microsoft Application Virtualization (AppV)
Windows Server 2003
Win2000 Native
18. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Backup operator's domain local group
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Event Log Subscriptions
19. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Deploy Microsoft System Center Operations Manager (SCOM)
Then use Windows Deployment Services (WDS) on DHCP1.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
20. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
IIS Chared Configuration
Configure RODC for Administrator Role Separation
21. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Restore-ADObject cmdlet
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
22. To identify users who bypass the new corporate security policy -
Event Subscriptions
Configure Audit Special Logon and define Special Groups
Recommend GPT and basic disks
Implement folder redirection by using GPO. Then backup the folder redirection target.
23. Striped volumes
Improve the performance of File Servers
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Printer driver isolation
Enable - ADoptionalFeature cmdlet
24. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
From Server1 - run the Create Basic Task Wizard
Group Policy Preferences
Modify zone transfer settings for company.com zone on DCA
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
25. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
Restore-ADObject cmdlet
Deploy it by using Group Policy Software Installation method
Authorization Manager role assignment
26. To allow a specifc user or group to manage the address information for the user accounts...
Perform an authoritative restore
Then configure auto enrollment of certificates and Credential Roaming.
Recommend Active Directory delegation
Implement one LUN for the quorum and another LUN for the data
27. If you need to ensure that data is protected by BitLocker then you will...
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
NOT be able to store that data on an iSCSI SAN
File Server Resource Manager (FSRM) quotas and file screens
Deploy a failover cluster that uses Node and File Share Disk Majority
28. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Additional DFS Targets
Printer driver isolation
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Basic Authentication and SSL
29. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Software Restriction Polices
Implement Windows System Resource Manager (WSRM) and configure user policies
Test-AppLockerPolicy
Deploy the Root CA certificate to the external computers.
30. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Basic Authentication and SSL
Modify zone transfer settings for company.com zone on DCA
802.1.x NAP
31. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
File Server Resource Manager (FSRM) quotas and file screens
dnscmd
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
32. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure authorization rules for Web developers on each web server
33. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Microsoft SharePoint Foundation 2010
The Group Policy Management Console
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
34. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Recommend Active Directory delegation
Implement Network Access Protection (NAP) that uses 802.1x enforcement
35. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Ldp
FILES option within Ntdsutil
MEDV to deploy virtual desktops
Deploy a GPO for the Sales OU
36. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
37. To minimize the amount of storage required you should recommend
Your machine and remote desktops
Share and Storage Management
Disable Site Link Bridging from the IP properties
Improve the performance of File Servers
38. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Implement Windows System Resource Manager (WSRM) and configure user policies
Ntdsutil
Implement a GPO for each domain
39. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
Dynamically expanding VHD's
Recommend Group Policy preferences
Implement GPO for all client computers
40. Need to access some resources in another domain that is part of another forest...What trust is created?
IIS Manager user account
dnscmd tool
Incoming external trust
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
41. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Registry on users computer needs to be modified
Create a Network Load Balancing cluster.
Modify the schema of LDSInst1
Network Load Balancing (NLB)
42. DFL is...
Win2000 Native
Install From Media IFM
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Windows XP Mode
43. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
PDC emulator with w32tm.exe
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
44. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Dfsrdiag
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
An Active Directory subnet object needs to be created.
45. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Dsmgmt
Raise the DFL to Windows Server 2008 R2.
46. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Refresh the zone on DNS2
Microsoft System Center Data Protection Manager
Perform an authoritative restore
47. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Deploy a GPO for the Sales OU
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
48. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
CAPublishGP group should have the Manage CA permission.
Enable - ADoptionalFeature cmdlet
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
49. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Add the new UPN suffix to the forest.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
50. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Install the RSAT tool on their workstation to provide for more efficient network management
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Modify zone transfer settings for company.com zone on DCA
