Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. When deploying an application using the Group Policy distribution method assign the...
Ntdsutil
Then configure auto enrollment of certificates and Credential Roaming.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
View properties of %systemroot%ntdsntds.dit

2. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Ldp
Recommend Offline Files
Use local roles options within "dsmgmt"
AD Domains and Trusts

3. To defragment and AD database...
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Jill came down with 2.50.
net stop ntds

4. What role to keep same time as an external server?
PDC emulator with w32tm.exe
Add the new UPN suffix to the forest.
Run the Delegation of Control Wizard on the Staff OU
Raise the DFL to Windows Server 2008 R2.

5. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Implement GPO for all client computers
Create a MEDV workspace
Prestage the computer account in AD
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

6. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Set-ADServiceAccount cmdlet
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Install Windows Server Backup and modify the Windows firewall settings

7. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
FFL Windows Server 2008 R2
Domain based Distributed File System (DFS) will reduce network traffic
Active Directory Users and Computers

8. Striped volumes
Improve the performance of File Servers
Install Hyper-V role and convert physical machines into virtual machines
Use Netsh tool from administrator's computer.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

9. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Folder redirection. Folder redirection is also useful when using roamin profiles.
Dsmgmt
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

10. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Folder redirection. Folder redirection is also useful when using roamin profiles.
IIS Chared Configuration
Use the Local Roles options with dsmgmt.

11. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Offline domain join
DSMOD - ADUC
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

12. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Configure caching on the shared folder and configure offline files to use encryption
Autonomous mode...This allows the local administrator to approve their own updates.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
PowerShell 2.0

13. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Test-AppLockerPolicy
Domain based Distributed File System (DFS) namespace and DFS Replication.

14. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

15. You need to recommend a BitLocker recovery method you should recommend this.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Data Recovery Agent
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

16. Capture all replication errors from all your DCs to a central location...
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Configure event log subscriptions
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Active Directory Users and Computers

17. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
DFL needs to be Windows Server 2008

18. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Winrm quickconfig
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
dsa.msc - dsamain.exe - ntdsutil.exe
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

19. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Modify the local policy to point to the Internal WSUS server
Enable Credential Roaming
Add the new UPN Suffix to the forest
802.1.x NAP

20. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. If users complain that it is hard to find the shared folders on the network implement
Configure folder redirection
Assign the application to computers in the PC OU
Software Restriction Polices
Additional DFS Targets

22. In order to manage websites without having to logon you can use
Add the user to the Domain Admins global group
PowerShell 2.0
Then use Windows Deployment Services (WDS)
Configure the zone as an Activde Directory-Integrated zone.

23. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Raise the DFL to Windows Server 2008 R2.
Active Directory Right Management Services (AD RMS)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

24. You need to ensure that the guest account on all servers is disabled to
FILES option within Ntdsutil
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

25. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Import-Module
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

26. To allow a specifc user or group to manage the address information for the user accounts...
Additional DFS Targets
Administrators is the minimum group membership required to complete this procedure.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Recommend Active Directory delegation

27. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Assign the application to all client computers by using a GPO.
Active Directory snapshots and Tombstone reanimation
Implement one LUN for the quorum and another LUN for the data

28. To make deploying the custom Word dictionary easy
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Modify the GPO to include folder redirection
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Recommend Group Policy preferences

29. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Event Subscriptions
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Use local roles options within "dsmgmt"
WSUS server in the branch office in replica mode.

30. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Then use Windows BitLocker Drive Encryption
Import-Module
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

31. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Win2000
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

32. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Backup operator's domain local group

33. 4 steps to perform offline Defragmentation of AD database...
Refresh the zone on DNS2
Zone transfer settings
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

34. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
IIS Chared Configuration
ntdsutil
Import-Module
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

35. to increase the reliability of the print server - configure...
Printer driver isolation
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Configure block inheritance on the IT OU
802.1.x NAP

36. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement Distributed File System Replication (DFSR) on both servers
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Multipath I/O feature

37. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Configure event log subscriptions

38. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Changed manually
Create a new Password Settings Object (PSO) for the IT users.

39. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
Deploy a failover cluster that uses Node and File Share Disk Majority
Implement Distributed File System Replication (DFSR) on both servers
Certificate Templates

40. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Software Restriction Polices
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
IIS Chared Configuration

41. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Modify properties of RODC server computer account.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

42. To restore deleted user account from AD Recycle Bin...
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Restore-ADObject cmdlet
WSUS server in the branch office in replica mode.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

43. Tools to view contents of an OU in an AD snapshot...
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
AD Domains and Trusts
dsa.msc - dsamain.exe - ntdsutil.exe

44. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a MEDV workspace
Disable Site Link Bridging from IP Properties
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

45. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Dsmgmt
Upgrading DFS to Windows Server 2008 R2
Modify the local policy to point to the Internal WSUS server
Repadmin

46. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Incoming external trust
Add the user to the Domain Admins global group
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

47. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
Create a Network Load Balancing cluster.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

48. To build a highly secure server cluster with a reduced attack surface area
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Ensure your account - or the group is a member of the local Administrators group for that specific server.
WSUS server in the branch office in replica mode.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

49. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Configure event log subscriptions
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
dnscmd tool
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

50. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Certificate Templates
Incoming external trust
View properties of %systemroot%ntdsntds.dit
Recommend Offline Files