SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Authorization Manager role assignment
Microsoft Desktop Optimization Pack (MDOP) to your company
Use the Local Roles options with dsmgmt.
2. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
File Server Resource Manager (FSRM) quotas and file screens
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
DISABLE slow link detection in the GPO
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
3. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
Microsoft Application Virtualization (AppV)
Modify the GPO to include folder redirection
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
4. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create a Network Load Balancing cluster.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
5. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Additional DFS Targets
Active Directory Domains and Trusts
The Group Policy Management console
Install From Media IFM
6. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Create an Active Directory-Integrated zone.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Deploy a failover cluster that contains one node in each office.
7. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Basic Authentication and SSL
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Recommend Group Policy preferences
8. To delegate authority to users to manage only certain areas in Hyper-V use the
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
NOT be able to store that data on an iSCSI SAN
Printer driver isolation
Authorization Manager role assignment
9. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Windows BitLocker Drive Encryption (Bit Locker)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Install and share a printer on a server and then enable printer pooling.
10. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Implement a domain-based DFS namespace that uses replication
Printer driver isolation
11. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Upgrading DFS to Windows Server 2008 R2
Active Directory Users and Computers
Implement a GPO for each domain
Use the Local Roles options with dsmgmt.
12. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Install From Media IFM
Site
Import-Module
13. To ensure that recovery is possible if a file on a file server is deleted accidentally
Microsoft Application Virtualization (AppV)
Create a Central Store
Implement Shadow Copies
Your machine and remote desktops
14. When service account passwords need to be changed for SQL they should be...
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Additional DFS Targets
Implement Network Access Protection (NAP)
Changed manually
15. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Use Netsh tool from administrator's computer.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
16. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Modify the schema of LDSInst1
Incoming external trust
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
17. To allow connection to a 256 Kbps ISDN...
Disable Site Link Bridging from the IP properties
DISABLE slow link detection in the GPO
Create an e-mail account in AD DS for your RMS users
Run net stop ntds
18. To deploy templates across the organization
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Disable Site Link Bridging from the IP properties
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
19. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
802.1.x NAP
Windows Deployment Services (WDS)
20. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
FFL Windows Server 2008 R2
Use local roles options within "dsmgmt"
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
21. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Implement Windows System Resource Manager (WSRM)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
View properties of %systemroot%ntdsntds.dit
22. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Add the new UPN Suffix to the forest
IIS Chared Configuration
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
23. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
24. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Modify zone transfer settings for company.com zone on DCA
Set-ADServiceAccount cmdlet
Passive file screens
25. 4 steps to perform authoritative restore of a deleted OU...
Create and deploy a logon script that runs Auditpol.
Set-ADServiceAccount cmdlet
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Prestage the computer account in AD
26. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Microsoft Application Virtualization (AppV)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
27. A specific application requires registry modifications to be in place before installing; you should use
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Add the new UPN suffix to the forest.
Utilize IFM (Install From Media)
Group Policy Preferences
28. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Create an e-mail account in AD DS for your RMS users
Administrators is the minimum group membership required to complete this procedure.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Dsmgmt
29. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
DSMOD
Dsmgmt
dnscmd tool
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
30. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Modify the schema of LDSInst1
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Network Load Balancing (NLB) cluster
Configure caching on the shared folder (offline files)
31. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
PDC emulator with w32tm.exe
Dfsrdiag
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
32. You need to deploy a sales application that only the sales users must have access to
Zone transfer settings
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement Shadow Copies
Deploy a GPO for the Sales OU
33. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Implement a GPO for each domain
A Distributed File System (DFS) namespace
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
34. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Restore-ADObject cmdlet
Dynamically expanding VHD's
Add the user to the Domain Admins global group
35. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Data Recovery Agent
Configure RODC for Administrator Role Separation
Incoming external trust
Configure Firewall Group Policies and link them at the Domain level
36. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Microsoft Application Virtualization (AppV)
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
37. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure separate application pools for each application
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
IIS Chared Configuration
Get-ADUser cmdlet
38. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Use a GPO to configure device installation restrictions
Attach VHD file created by Windows server backup
Active Directory snapshots and Tombstone reanimation
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
39. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
AD Rights Management Services
Passive file screens
Deploy Microsoft System Center Operations Manager (SCOM)
Use the Local Roles options with dsmgmt.
40. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Dfsrdiag
Implement Windows System Resource Manager (WSRM) and configure user policies
Use a GPO to configure device installation restrictions
41. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Get-ADUser cmdlet
Modify properties of RODC server computer account.
Disable Site Link Bridging from the IP properties
42. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Ntdsutil
Data Recovery Agent
Microsoft Application Virtualization (AppV)
43. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Additional DFS Targets
44. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Implement Distributed File System Replication (DFSR) on both servers
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Zone transfer settings
Subnet object needs to be created
45. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Recommend Group Policy preferences
Increase the tombstone lifetime for the forest.
Create a Central Store
46. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Repadmin
47. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Folder redirection. Folder redirection is also useful when using roamin profiles.
Event Log Subscriptions
Microsoft System Center Data Protection Manager
48. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
AD RMS
49. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Then configure auto enrollment of certificates and Credential Roaming.
Enable - ADoptionalFeature cmdlet
Implement Distributed File System Replication (DFSR) on both servers
Use the Local Roles options with dsmgmt.
50. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
View properties of %systemroot%ntdsntds.dit
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Use the Local Roles options with dsmgmt.
