SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
MSITP
Start Test
Study First
Subjects
:
certifications
,
msitp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
IIS Manager user account
Basic Authentication and SSL
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Perform an authoritative restore
2. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
DSMOD - ADUC
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Use local roles options within "dsmgmt"
3. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Certificate Templates
MEDV to deploy virtual desktops
Windows Deployment Services (WDS)
4. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Use local roles options within "dsmgmt"
Deploy Microsoft System Center Operations Manager (SCOM)
Software Restriction Polices
5. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
802.1.x NAP
WDS
Execute the Set-ADServiceAccount cmdlet
6. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Administrative Role Separation
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
7. 4 steps to perform authoritative restore of a deleted OU...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Increase the tombstone lifetime for the forest.
Configure caching on the shared folder and configure offline files to use encryption
8. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Recommend GPT and basic disks
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install Windows Server Backup and modify the Windows firewall settings
10. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Creating a data collector set that kick off a scritp that either move or delete files.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Install Windows Server Backup and modify the Windows firewall settings
11. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Subnet object needs to be created
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
12. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Share and Storage Management
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
13. If you want to implement BitLocker and store recovery informaiton in a central location
Add the Windows Server Backup feature and Windows System Image recovery.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Autonomous mode...This allows the local administrator to approve their own updates.
Site
14. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Run the Delegation of Control Wizard on the Staff OU
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
15. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Event Viewer
Deploy it by using Group Policy Software Installation method
From Server A - run Create Basic Task Wizard
16. To add a server with AD FS 2.0 role to an existing AD FS farm...
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Configure Audit Special Logon and define Special Groups
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
fsconfig on FSSrv2
17. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Incoming external trust
Implement the Windows Search Service.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
18. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Zone transfer settings
Network Load Balancing (NLB) cluster
Disable Site Link Bridging from the IP properties
PDC emulator with w32tm.exe
19. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Import-Module
Then configure auto enrollment of certificates and Credential Roaming.
Create and deploy a logon script that runs Auditpol.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
20. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Microsoft SharePoint Foundation 2010
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Increase the tombstone lifetime for the forest.
21. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Event Subscriptions
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Dfsrdiag
Configure authorization rules for Web developers on each web server
22. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Deploy it by using Group Policy Software Installation method
Use Netsh tool from administrator's computer.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Configure the zone as an Activde Directory-Integrated zone.
23. The strongest form of NAP is
Zone transfer settings
Implement Distributed File System Replication (DFSR) on both servers
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
24. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Zone transfer settings
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
25. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
26. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
DISABLE slow link detection in the GPO
Recommend GPT and basic disks
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Storage manager for SANs
27. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
The Group Policy Management console
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Recommend Offline Files
Folder redirection. Folder redirection is also useful when using roamin profiles.
28. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Modify the local policy to point to the Internal WSUS server
NOT be able to store that data on an iSCSI SAN
Purchase one additional Enterprise License
Incoming external trust
29. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Configure the zone as an Activde Directory-Integrated zone.
Autonomous mode...This allows the local administrator to approve their own updates.
30. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Use Netsh tool from administrator's computer.
Then use on install image file that contains a single install image.
Disable Site Link Bridging from the IP properties
31. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Repadmin
Implement Windows System Resource Manager (WSRM) and configure user policies
Add the new UPN suffix to the forest.
32. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Use Netsh tool from administrator's computer.
Configure RODC for Administrator Role Separation
33. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Repadmin
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
34. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
Implement a GPO for each domain
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Create an Active Directory-Integrated zone.
35. To configure Administrator Role Separation for an RODC
View properties of %systemroot%ntdsntds.dit
Microsoft Desktop Optimization Pack (MDOP) to your company
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Configure separate application pools for each application
36. You need to allow a user to add a single computer to a domain - without any additional rights...
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Prestage the computer account in AD
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
37. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
38. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Implement a GPO for each domain
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Ntfrsutil
Then configure GlobalNames zones on each domain controller.
39. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Deploy it by using Group Policy Software Installation method
Event Viewer
Execute the Set-ADServiceAccount cmdlet
40. To defragment and AD database...
dnscmd
net stop ntds
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Create a Central Store
41. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Active Directory Domains and Trusts
Enable Credential Roaming
Create and deploy a logon script that runs Auditpol.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
42. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Service user account for AD LDS
Implement Distributed File System Replication (DFSR) on both servers
dnscmd tool
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
43. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Configure Firewall Group Policies and link them at the Domain level
44. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Event Subscriptions
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
45. To minimize the amount of storage required you should recommend
Microsoft Application Virtualization (AppV)
MEDV to deploy virtual desktops
Share and Storage Management
Configure block inheritance on the IT OU
46. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Create an Active Directory-Integrated zone.
A Distributed File System (DFS) namespace
47. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Modify zone transfer settings for company.com zone on DCA
Microsoft Desktop Optimization Pack (MDOP) to your company
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
48. to prevent VMs from receiving updats from a group policy
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Ldp
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
49. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Microsoft System Center Data Protection Manager
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Implement folder redirection by using GPO. Then backup the folder redirection target.
50. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
PowerShell 2.0
Run auditpol and then configure the Security settings of the Domain Controllers OU.
