SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
New ACCOUNT STORE should be added and configured
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Network Load Balancing (NLB)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
2. To add a server with AD FS 2.0 role to an existing AD FS farm...
fsconfig on FSSrv2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Winrm quickconfig
Folder redirection. Folder redirection is also useful when using roamin profiles.
3. If users complain that it is hard to find the shared folders on the network implement
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Modify the GPO to include folder redirection
Configure caching on the shared folder (offline files)
Additional DFS Targets
4. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Offline domain join
Event Log Subscriptions
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Properties of PSO need modified
5. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Configure folder redirection
Role Separation
Include a server that runs Microsoft Office SharePoint Server 2010
Modify the schema of LDSInst1
6. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
7. To add a new UPN for all user accounts...
AD Domains and Trusts
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
DSMOD - ADUC
Implement Windows System Resource Manager (WSRM) and configure user policies
8. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Changed manually
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
9. To compact AD database...
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Group Policy Preferences
View properties of %systemroot%ntdsntds.dit
FILES option within Ntdsutil
10. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
WDS
Use Netsh tool from administrator's computer.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
11. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Basic Authentication and SSL
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Enable Credential Roaming
12. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Then install new Server 2008 R2 Enterprise subordinate CA.
Get-ADUser cmdlet
File Server Resource Manager (FSRM) quotas and file screens
13. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Subnet object needs to be created
15. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Subnet object needs to be created
Enable - ADoptionalFeature cmdlet
Recommend Active Directory delegation
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
16. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
dnscmd
Basic Authentication and SSL
17. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Multipath I/O feature
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
18. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Then use on install image file that contains a single install image.
Assign the application to all client computers by using a GPO.
Upgrading DFS to Windows Server 2008 R2
Then use Windows Deployment Services (WDS)
19. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Implement folder redirection by using GPO. Then backup the folder redirection target.
The Group Policy Management Console
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
20. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Raise the DFL to Windows Server 2008 R2.
Event Viewer
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
21. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Increase the tombstone lifetime for the forest.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Deploy Microsoft System Center Operations Manager (SCOM)
Repadmin
22. To be able to manage all the corporate servers from a workstation - you must install the
Install Windows Server Backup and modify the Windows firewall settings
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy a GPO to the WebSrvOU
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
23. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Configure Audit Special Logon and define Special Groups
Deploy a GPO to the WebSrvOU
Test-AppLockerPolicy
24. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
FILES option within Ntdsutil
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
25. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
From Server1 - run the Create Basic Task Wizard
Refresh the zone on DNS2
26. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Your machine and remote desktops
Dfsrdiag
FILES option within Ntdsutil
Install From Media IFM
27. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Modify the schema of LDSInst1
Jill came down with 2.50.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
28. If subnets are connected by CISCO router that is RFC-1542 compliant
Storage manager for SANs
Domain based DFS namespace and configure a DFS replication group
Use CISCO IP Helper command to configure.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
29. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Dfsrdiag
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Enable - ADoptionalFeature cmdlet
30. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Configure folder redirection
Role Separation
Microsoft SharePoint Foundation 2010
From Server A - run Create Basic Task Wizard
31. to make shares at a remote location available to users you should implement this.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Enable Windows Remote Management (WinRM) on each server.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Modify the GPO to include folder redirection
32. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
33. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Distributed File System (DFS) Replication
AD RMS
Modify the schema of LDSInst1
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
34. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Install and share a printer on a server and then enable printer pooling.
Active Directory snapshots and Tombstone reanimation
Create ADMX and ADML files. Configure the GPO and link it to the domain.
The Group Policy Management Console
35. An AD LDS instance needs to be replicated from one server to another...
Event Log Subscriptions
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Service user account for AD LDS
36. To build a highly secure server cluster with a reduced attack surface area
The Group Policy Management Console
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement Windows BitLocker Drive Encryption (BitLocker)
37. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Active Directory Users and Computers utility
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
38. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Windows XP Mode
Autonomous mode...This allows the local administrator to approve their own updates.
39. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
DISABLE slow link detection in the GPO
Event Log Subscriptions
40. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Use CISCO IP Helper command to configure.
Event Viewer
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Disable Site Link Bridging from the IP properties
41. To backup to tape/robotic tape and to backup VMs you must use...
Windows XP Mode
Microsoft System Center Data Protection Manager 2010
Modify the GPO to include folder redirection
Dfsrdiag
42. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Active Directory Right Management Services (AD RMS)
Creating a data collector set that kick off a scritp that either move or delete files.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
43. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Configure Firewall Group Policies and link them at the Domain level
Create an e-mail account in AD DS for your RMS users.
Test-AppLockerPolicy
Windows Deployment Services (WDS)
44. You need to relocate an AD LDS instance from C: Drive to D: Drive
Assign the application to all client computers by using a GPO.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
45. If you need to be able to create shared folders on Server 2008 R2
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Deploy it by using Group Policy Software Installation method
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Enable Windows Remote Management (WinRM) on each server.
46. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Properties of PSO need modified
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Configure block inheritance on the IT OU
47. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Registry on users computer needs to be modified
Modify the GPO to include folder redirection
48. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Autonomous mode...This allows the local administrator to approve their own updates.
802.1.x NAP
Multipath I/O feature
Active Directory Domains and Trusts
49. In order to ensure highly available Windows Update servers you should create this.
Add George to the Domain Admins group.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Execute the Set-ADServiceAccount cmdlet
50. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Printer driver isolation
Windows BitLocker Drive Encryption (Bit Locker)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Domain based DFS namespace and configure a DFS replication group
