Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To make deploying the custom Word dictionary easy
Implement Windows System Resource Manager (WSRM) and configure user policies
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Recommend Group Policy preferences
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

2. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

3. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement Shadow Copies
Deploy a GPO to the WebSrvOU
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

4. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Configure the zone as an Activde Directory-Integrated zone.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

5. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
dnscmd tool
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure separate application pools for each application
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

6. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Enable Credential Roaming
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
PowerShell 2.0

7. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Software Restriction Polices
Folder redirection. Folder redirection is also useful when using roamin profiles.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

8. To backup GPO's in domain and minimize bakcup...
Properties of PSO need modified
AD Domains and Trusts
The Group Policy Management Console
Use a GPO to configure device installation restrictions

9. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Distributed File System (DFS) Replication
Execute the Set-ADServiceAccount cmdlet

10. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Run net stop ntds
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

11. To identify users who bypass the new corporate security policy -
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure Audit Special Logon and define Special Groups
Dsmgmt

12. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Configure block inheritance on the IT OU
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Create a standard secondary of domain and create standard secondary of other domain.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

13. If you want to allow single-label name resolution
Then install new Server 2008 R2 Enterprise subordinate CA.
Then configure GlobalNames zones on each domain controller.
Then use on install image file that contains a single install image.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

14. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Administrative Role Separation
Upgrading DFS to Windows Server 2008 R2
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Folder redirection. Folder redirection is also useful when using roamin profiles.

15. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Then use Windows Deployment Services (WDS)
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Event Subscriptions

16. to prevent VMs from receiving updats from a group policy
Then install new Server 2008 R2 Enterprise subordinate CA.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Data Recovery Agent

17. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
FFL Windows Server 2008 R2
Recommend Active Directory delegation
Dynamically expanding VHD's
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

18. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Implement Windows BitLocker Drive Encryption (BitLocker)
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Test-AppLockerPolicy

19. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Windows System Resource Manager (WSRM)
Deploy a failover cluster that uses Node and File Share Disk Majority
Windows BitLocker Drive Encryption (Bit Locker)

20. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
dnscmd

21. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Configure separate application pools for each application
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

22. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Multipath I/O feature
Implement Windows System Resource Manager (WSRM) and configure user policies
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Install Hyper-V role and convert physical machines into virtual machines

23. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Run auditpol and then configure the Security settings of the Domain Controllers OU.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Encrypting File System (EFS). This can be enabled locally or through a GPO.

24. To deploy templates across the organization
View properties of %systemroot%ntdsntds.dit
Configure Audit Special Logon and define Special Groups
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

25. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Enable Windows Remote Management (WinRM) on the servers.
Dsmgmt
Use a GPO to configure device installation restrictions
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

26. You need to design your WSUS infrastructure so that updates are highly available. To do so
Printer driver isolation
Group Policy Preferences
Authorization Manager role assignment
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

27. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
AD Domains and Trusts
Use Netsh tool from administrator's computer.
Implement a domain-based DFS namespace that uses replication
Then use Windows BitLocker Drive Encryption

28. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Prestage the computer account in AD
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Dsmgmt
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

29. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrading DFS to Windows Server 2008 R2
Software Restriction Polices
Implement a GPO for each domain
Implement Network Access Protection (NAP) that uses 802.1x enforcement

30. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Prestage the computer account in AD
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

31. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Configure RODC for Administrator Role Separation
Configure an audit policy by editing the default domain policy and configure Event Forwarding

32. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure caching on the shared folder and configure offline files to use encryption
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

33. To minimize the amount of storage required you should recommend
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Share and Storage Management
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Create a MEDV workspace

34. To restore previous version of script without taking up too much of time...
Create a Network Load Balancing cluster.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Attach VHD file created by Windows server backup
Domain based Distributed File System (DFS) namespace and DFS Replication.

35. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
A relying party trust should be created.
Then use Windows BitLocker Drive Encryption

36. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Then install new Server 2008 R2 Enterprise subordinate CA.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Modify the GPO to include folder redirection

37. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Configure event log subscriptions
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Autonomous mode...This allows the local administrator to approve their own updates.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

38. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
IIS Chared Configuration
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement a domain-based DFS namespace that uses replication
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

39. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

40. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Create a MEDV workspace
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implement the Windows Search Service.

41. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Run the Delegation of Control Wizard on the Staff OU
Install and share a printer on a server and then enable printer pooling.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

42. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
The Group Policy Management console
Attach VHD file created by Windows server backup
Backup operator's domain local group

43. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Configure Audit Special Logon and define Special Groups
Use the Local Roles options with dsmgmt.
Dynamically expanding VHD's
Authorization Manager

44. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Implement a GPO for each domain
Storage manager for SANs
Enable Credential Roaming
Windows System Resource Manager (WSRM)

45. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Test-AppLockerPolicy
Event Viewer

46. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Run adprep /forestprep and adprep /domainprep
Create an Active Directory-Integrated zone.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Implement Distributed File System Replication (DFSR) on both servers

47. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Configure block inheritance on the IT OU
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Distributed File System (DFS) Replication
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

48. To restore deleted user account from AD Recycle Bin...
Dfsrdiag
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Restore-ADObject cmdlet
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

49. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

50. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Implement a domain-based DFS namespace that uses replication
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer