Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Add the new UPN suffix to the forest.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure separate application pools for each application

2. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Passive file screens
FFL Windows Server 2008 R2
From Server1 - run the Create Basic Task Wizard
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

3. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Authorization Manager
Event Log Subscriptions
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

4. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Add the user to the Domain Admins global group
Configure RODC for Administrator Role Separation
Administrative Role Separation
Your machine and remote desktops

5. If you need to encrypt all data on all disks
Use a GPO to configure device installation restrictions
Implement Windows System Resource Manager (WSRM)
Create a Network Load Balancing cluster.
Then use Windows BitLocker Drive Encryption

6. If you need to be able to create shared folders on Server 2008 R2
Enable Windows Remote Management (WinRM) on the servers.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Configure separate application pools for each application

7. If you need to delegate control of server to remote admins group
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Configure RODC for Administrator Role Separation
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
FFL Windows Server 2008 R2

8. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Distributed File System (DFS) Replication
Add the user to the Domain Admins global group
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

9. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

10. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
dnscmd
Your machine and remote desktops
Use local roles options within "dsmgmt"
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

11. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure caching on the shared folder (offline files)
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

12. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Ntfrsutil
Execute the Set-ADServiceAccount cmdlet

13. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Implement one LUN for the quorum and another LUN for the data
Configure offline files and enable manual caching

14. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Windows Deployment Services (WDS)
Implement Windows System Resource Manager (WSRM)
Create a new Password Settings Object (PSO) for the IT users.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

15. To back up your Hyper-VMs and the Hyper-V host; for each VM -
NOT be able to store that data on an iSCSI SAN
Recommend GPT and basic disks
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

16. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Then configure GlobalNames zones on each domain controller.
Add George to the Domain Admins group.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

17. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement File Server Resource Manager (FSRM) quotas on the desired servers
File Server Resource Manager (FSRM) quotas and file screens
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

18. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Your machine and remote desktops
DSMOD - ADUC
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

19. To create AD Domain Services snapshot
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Event Log Subscriptions
Ntdsutil
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

20. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
The Group Policy Management Console
Add George to the Domain Admins group.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Create a Central Store

21. To be able to manage all the corporate servers from a workstation - you must install the
Test-AppLockerPolicy
Microsoft Application Virtualization (AppV)
Assign the application to computers in the PC OU
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

22. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Run auditpol and then configure the Security settings of the Domain Controllers OU.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

23. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Use a GPO to configure device installation restrictions
NOT be able to store that data on an iSCSI SAN

24. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Install and share a printer on a server and then enable printer pooling.
Deploy a failover cluster that contains one node in each office.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

25. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Create an Active Directory-Integrated zone.
The Group Policy Management console
Create a Central Store
Configure Firewall Group Policies and link them at the Domain level

26. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Use the Local Roles options with dsmgmt.
Perform an authoritative restore
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

27. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Then configure GlobalNames zones on each domain controller.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Create a MEDV workspace
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

28. To create and additional AD LDS applicaiton directory partition in existing instance...
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Dfsrdiag
Ldp
Configure an audit policy by editing the default domain policy and configure Event Forwarding

29. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Include a server that runs Microsoft Office SharePoint Server 2010
Dynamically expanding VHD's
Assign the application to all client computers by using a GPO.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

30. to prevent VMs from receiving updats from a group policy
Backup operator's domain local group
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
dnscmd
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

31. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Backup operator's domain local group
Storage manager for SANs

32. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Microsoft System Center Data Protection Manager
Windows BitLocker Drive Encryption (Bit Locker)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Prestage the computer account in AD

33. 2 ways to relocate user and computer accounts to different OUs
Ldp
Event Log Subscriptions
DSMOD - ADUC
Add-ADFineGrainedPasswordPolicySubject cmdlet

34. To allow a specifc user or group to manage the address information for the user accounts...
Additional DFS Targets
Recommend Active Directory delegation
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
The Group Policy Management console

35. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Configure caching on the shared folder (offline files)
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Ntdsutil

36. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Event Viewer
Create a Central Store
Deploy it by using Group Policy Software Installation method
Authorization Manager role assignment

37. GPO setting to prevent all users from running an application
Increase the tombstone lifetime for the forest.
Configure block inheritance on the IT OU
Software Restriction Polices
Offline domain join

38. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Create an e-mail account in AD DS for your RMS users
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Configure caching on the shared folder and configure offline files to use encryption

39. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Raise the DFL to Windows Server 2008 R2.
Windows BitLocker Drive Encryption (Bit Locker)
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

40. to increase the reliability of the print server - configure...
Configure offline files and enable manual caching
Jill came down with 2.50.
Printer driver isolation
Implement Windows System Resource Manager (WSRM)

41. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Implement Windows BitLocker Drive Encryption (BitLocker)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

42. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Enable Windows Remote Management (WinRM) on the servers.
Test-AppLockerPolicy

43. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Deploy a failover cluster that contains one node in each office.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

44. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Upgrading DFS to Windows Server 2008 R2
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Install and share a printer on a server and then enable printer pooling.

45. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
IIS Chared Configuration
Authorization Manager
Set-ADServiceAccount cmdlet
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

46. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Folder redirection. Folder redirection is also useful when using roamin profiles.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

47. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Upgrading DFS to Windows Server 2008 R2
From Server A - run Create Basic Task Wizard
Configure event log subscriptions
Modify zone transfer settings for company.com zone on DCA

48. To prevent account password from being cached on RODC server...
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
IIS Manager user account
Offline domain join
Modify properties of RODC server computer account.

49. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

50. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Configure offline files and enable manual caching
Create a new Password Settings Object (PSO) for the IT users.
Group Policy Preferences
Windows XP Mode