SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What role to keep same time as an external server?
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
PDC emulator with w32tm.exe
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
From Server1 - run the Create Basic Task Wizard
2. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
3. You need to ensure that the guest account on all servers is disabled to
Implement a Remote Desktop Connection Broker (RD Connection Broker)
PowerShell 2.0
Subnet object needs to be created
Discover the run Microsoft Baseline Security Analyzer (MBSA)
4. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Windows XP Mode
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Dfsrdiag
5. If users complain that it is hard to find the shared folders on the network implement
Disable Site Link Bridging from the IP properties
Set-ADServiceAccount cmdlet
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Additional DFS Targets
6. If you need to delegate control of server to remote admins group
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Configure RODC for Administrator Role Separation
New ACCOUNT STORE should be added and configured
Event Viewer
7. If you want to allow single-label name resolution
File Server Resource Manager (FSRM) quotas and file screens
Microsoft System Center Data Protection Manager
Then configure GlobalNames zones on each domain controller.
Enable Windows Remote Management (WinRM) on the servers.
8. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Run net stop ntds
Backup operator's domain local group
Distributed File System (DFS) Replication
9. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
DSMOD
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
10. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Test-AppLockerPolicy
DSMOD
Dfsrdiag
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
11. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Passive file screens
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
WSUS server in the branch office in replica mode.
fsconfig on FSSrv2
12. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create an e-mail account in AD DS for your RMS users
13. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Create and deploy a logon script that runs Auditpol.
14. to protect file servers and hard disks that may be at risk of being accessed or stolen
Your machine and remote desktops
Implement Windows BitLocker Drive Encryption (BitLocker)
Configure RODC for Administrator Role Separation
Modify properties of RODC server computer account.
15. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Repadmin
Implement a domain-based DFS namespace that uses replication
16. When recommending a monitoring solution for an application so that it's events can be stored in a central
Use the Local Roles options with dsmgmt.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Install Windows Server Backup and modify the Windows firewall settings
Event Subscriptions
17. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Domain based Distributed File System (DFS) namespace and DFS Replication.
Test-AppLockerPolicy
Microsoft Application Virtualization (AppV)
Subnet object needs to be created
18. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
fsconfig on FSSrv2
dsa.msc - dsamain.exe - ntdsutil.exe
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Then install new Server 2008 R2 Enterprise subordinate CA.
19. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
dnscmd
Properties of PSO need modified
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
20. Jack and Jill go up the hill - both with a buck and a quarter
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Jill came down with 2.50.
Implement a domain-based DFS namespace that uses replication
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
21. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Group Policy Preferences
22. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Install Windows Server Backup and modify the Windows firewall settings
AD Domains and Trusts
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
23. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Dynamically expanding VHD's
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement Windows System Resource Manager (WSRM)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
24. If you need to encrypt all data on all disks
Zone transfer settings
Perform an authoritative restore
Then use Windows BitLocker Drive Encryption
Administrators is the minimum group membership required to complete this procedure.
25. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Win2000
Execute the Set-ADServiceAccount cmdlet
Microsoft Desktop Optimization Pack (MDOP) to your company
26. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Windows System Resource Manager (WSRM)
Enable - ADoptionalFeature cmdlet
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
27. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
FFL Windows Server 2008 R2
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Dfsrdiag
28. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Active Directory Domains and Trusts
PowerShell 2.0
Windows Deployment Services (WDS)
Deploy a failover cluster that contains one node in each office.
29. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Create an Active Directory-Integrated zone.
Upgrading DFS to Windows Server 2008 R2
Deploy Microsoft System Center Operations Manager (SCOM)
Enable Credential Roaming
30. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
31. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
32. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Authorization Manager role assignment
33. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Install From Media IFM
34. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Disable Site Link Bridging from the IP properties
Windows Deployment Services (WDS)
Configure the zone as an Activde Directory-Integrated zone.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
35. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Create a standard secondary of domain and create standard secondary of other domain.
36. To be able to user an application from one AD FS with authentication server to another...
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
A relying party trust should be created.
37. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Install the RSAT tool on their workstation to provide for more efficient network management
Deploy a GPO to the WebSrvOU
38. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
A Distributed File System (DFS) namespace
Dfsrdiag
Active Directory Right Management Services (AD RMS)
39. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Create a Central Store
Backup operator's domain local group
Implement the Windows Search Service.
Create a MEDV workspace
40. Enables you to receive emails when domain users locked out of accounts...
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Event Viewer
Active Directory snapshots and Tombstone reanimation
41. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
42. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Creating a data collector set that kick off a scritp that either move or delete files.
Create a MEDV workspace
Configure Firewall Group Policies and link them at the Domain level
43. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Deploy a failover cluster that uses Node and File Share Disk Majority
Backup operator's domain local group
Microsoft Desktop Optimization Pack (MDOP) to your company
44. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. To determine size of AD database file...
Ensure your account - or the group is a member of the local Administrators group for that specific server.
View properties of %systemroot%ntdsntds.dit
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Execute the Set-ADServiceAccount cmdlet
46. To restore deleted user account from AD Recycle Bin...
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Restore-ADObject cmdlet
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
47. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
New ACCOUNT STORE should be added and configured
Modify the local policy to point to the Internal WSUS server
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
48. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Then use Windows BitLocker Drive Encryption
Ntfrsutil
Use CISCO IP Helper command to configure.
50. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Create an e-mail account in AD DS for your RMS users.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Dfsrdiag
Domain based Distributed File System (DFS) will reduce network traffic
