SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Configure authorization rules for Web developers on each web server
Refresh the zone on DNS2
Modify properties of RODC server computer account.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
2. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
MEDV to deploy virtual desktops
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
3. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Ntdsutil
Distributed File System (DFS) Replication
Deploy it by using Group Policy Software Installation method
Create a Network Load Balancing cluster.
4. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Then use Windows BitLocker Drive Encryption
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create and deploy a logon script that runs Auditpol.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
5. New password settings object (PSO) created and needs to be applied to user
Properties of PSO need modified
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Windows XP Mode
Share and Storage Management
6. To build a highly secure server cluster with a reduced attack surface area
Passive file screens
Recommend Active Directory delegation
PowerShell 2.0
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
7. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
From Server A - run Create Basic Task Wizard
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
8. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Service user account for AD LDS
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
9. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Implement GPO for all client computers
Microsoft System Center Data Protection Manager
Active Directory Right Management Services (AD RMS)
10. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Modify the local policy to point to the Internal WSUS server
Utilize IFM (Install From Media)
Administrators is the minimum group membership required to complete this procedure.
11. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
IIS Chared Configuration
Changed manually
Group Policy Preferences
12. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Test-AppLockerPolicy
Configure separate application pools for each application
13. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Windows Server 2003
MEDV to deploy virtual desktops
Event Subscriptions
14. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
PDC emulator with w32tm.exe
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add the new UPN Suffix to the forest
15. DFL is...
Domain based Distributed File System (DFS) namespace and DFS Replication.
DSMOD
Win2000 Native
Implement a Remote Desktop Connection Broker (RD Connection Broker)
16. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Then install new Server 2008 R2 Enterprise subordinate CA.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then configure GlobalNames zones on each domain controller.
17. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Administrators is the minimum group membership required to complete this procedure.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
18. If you want to allow single-label name resolution
Then configure GlobalNames zones on each domain controller.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
DISABLE slow link detection in the GPO
Active Directory snapshots and Tombstone reanimation
19. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Incoming external trust
Restore-ADObject cmdlet
Software Restriction Polices
DSMOD
20. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Active Directory snapshots and Tombstone reanimation
Install From Media IFM
Then configure auto enrollment of certificates and Credential Roaming.
Purchase one additional Enterprise License
21. To allow connection to a 256 Kbps ISDN...
DISABLE slow link detection in the GPO
Configure caching on the shared folder (offline files)
Install From Media IFM
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
22. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Perform an authoritative restore
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
23. To add a new UPN for all user accounts...
AD Domains and Trusts
Configure event log subscriptions
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
24. To back up your Hyper-VMs and the Hyper-V host; for each VM -
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Event Log Subscriptions
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
25. You need to recommend a BitLocker recovery method you should recommend this.
Data Recovery Agent
Install Windows Server Backup and modify the Windows firewall settings
A Distributed File System (DFS) namespace
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
26. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
New ACCOUNT STORE should be added and configured
Microsoft Desktop Optimization Pack (MDOP)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Attach VHD file created by Windows server backup
27. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Import-Module
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Restore-ADObject cmdlet
28. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Service user account for AD LDS
Configure separate application pools for each application
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
29. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Use the Local Roles options with dsmgmt.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
30. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Dynamically expanding VHD's
Install From Media IFM
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Storage manager for SANs
31. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Domain based Distributed File System (DFS) will reduce network traffic
From Server A - run Create Basic Task Wizard
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
32. To ensure that recovery is possible if a file on a file server is deleted accidentally
Implement Shadow Copies
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Create and deploy a logon script that runs Auditpol.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
33. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Enable Credential Roaming
34. What utility is used to see what accounts cached on RODC?
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Configure RODC for Administrator Role Separation
Active Directory Users and Computers
35. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Add the new UPN suffix to the forest.
Configure caching on the shared folder and configure offline files to use encryption
WSUS server in the branch office in replica mode.
Create a standard secondary of domain and create standard secondary of other domain.
36. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Install From Media IFM
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
37. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Modify the GPO to include folder redirection
Deploy a failover cluster that uses Node and File Share Disk Majority
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
38. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
The Group Policy Management Console
Administrators is the minimum group membership required to complete this procedure.
Configure RODC for Administrator Role Separation
39. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Increase the tombstone lifetime for the forest.
From Server1 - run the Create Basic Task Wizard
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Incoming external trust
40. To compact AD database...
From Server A - run Create Basic Task Wizard
FILES option within Ntdsutil
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Use the Local Roles options with dsmgmt.
41. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Recommend Offline Files
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure caching on the shared folder (offline files)
DISABLE slow link detection in the GPO
42. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Increase the tombstone lifetime for the forest.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
43. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Your machine and remote desktops
Deploy a failover cluster that contains one node in each office.
Install From Media IFM
44. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
Create an Active Directory-Integrated zone.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Add George to the Domain Admins group.
45. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Set-ADServiceAccount cmdlet
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
46. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Configure RODC for Administrator Role Separation
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Microsoft Application Virtualization (AppV)
47. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Storage manager for SANs
Create and deploy a logon script that runs Auditpol.
48. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Offline domain join
Install Hyper-V role and convert physical machines into virtual machines
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
50. Tool to change Directory Services Restore Mode password on Domain Controller...
dnscmd
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
ntdsutil
