Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Active Directory Domains and Trusts
Configure offline files and enable manual caching
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
802.1.x NAP

2. To build a highly secure server cluster with a reduced attack surface area
Administrators is the minimum group membership required to complete this procedure.
PowerShell 2.0
Install Windows Server Backup and modify the Windows firewall settings
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

3. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Use CISCO IP Helper command to configure.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure Audit Special Logon and define Special Groups
Offline domain join

4. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Install and share a printer on a server and then enable printer pooling.
Configure offline files and enable manual caching
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

5. You need to relocate an AD LDS instance from C: Drive to D: Drive
Back up to an external USB drive by using Windows Server Backup
Implement Network Access Protection (NAP) that uses 802.1x enforcement
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Administrators is the minimum group membership required to complete this procedure.

6. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Deploy a failover cluster that uses Node and File Share Disk Majority
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

7. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Additional DFS Targets
Software Restriction Polices
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

8. File that contains the last logon time and custom attributes values for each user in your forest.
CAPublishGP group should have the Manage CA permission.
Deploy the Root CA certificate to the external computers.
Get-ADUser cmdlet
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

9. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Test-AppLockerPolicy
Back up to an external USB drive by using Windows Server Backup
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Microsoft Application Virtualization (AppV)

10. New Password Policy needs to be created for OU different from domain password policy
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Changed manually
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

11. DFL is...
Win2000 Native
Enable Windows Remote Management (WinRM) on the servers.
Implement a domain-based DFS namespace that uses replication
Event Log Subscriptions

12. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure folder redirection

13. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
From Server A - run Create Basic Task Wizard
Microsoft System Center Data Protection Manager 2010
WSUS server in the branch office in replica mode.

14. The strongest form of NAP is
Deploy a GPO for the Sales OU
fsconfig on FSSrv2
Win2000 Native
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

15. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
A Distributed File System (DFS) namespace
Microsoft Application Virtualization (AppV)
Execute the Set-ADServiceAccount cmdlet
Create a MEDV workspace

16. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Set-ADServiceAccount cmdlet
Ntdsutil
ntdsutil
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

17. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Windows XP Mode
Configure offline files and enable manual caching
Jill came down with 2.50.

18. You need to design your WSUS infrastructure so that updates are highly available. To do so
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Zone transfer settings
Site
Utilize IFM (Install From Media)

19. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
ntdsutil
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

20. To allow connection to a 256 Kbps ISDN...
Configure offline files and enable manual caching
DISABLE slow link detection in the GPO
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

21. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
net stop ntds
An Active Directory subnet object needs to be created.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

22. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Network Load Balancing (NLB) cluster
ntdsutil
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Install Windows Server Backup and modify the Windows firewall settings

23. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

24. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Administrative Role Separation
Use the Local Roles options with dsmgmt.
Active Directory Users and Computers
Ldp

25. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Upgrading DFS to Windows Server 2008 R2
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

26. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
NOT be able to store that data on an iSCSI SAN
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
AD RMS

27. Striped volumes
Improve the performance of File Servers
Deploy a failover cluster that contains one node in each office.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

28. When service account passwords need to be changed for SQL they should be...
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Administrative Role Separation
Changed manually
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

29. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure authorization rules for Web developers on each web server
Configure caching on the shared folder (offline files)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install From Media IFM

30. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
fsconfig on FSSrv2
ntdsutil
Network Load Balancing (NLB)
Restore-ADObject cmdlet

31. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Enable Windows Remote Management (WinRM) on each server.
Authorization Manager role assignment
Configure authorization rules for Web developers on each web server
Create a MEDV workspace

32. to prevent VMs from receiving updats from a group policy
A relying party trust should be created.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

33. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Implement one LUN for the quorum and another LUN for the data
Then use Windows Deployment Services (WDS)
Then use on install image file that contains a single install image.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

34. To configure Administrator Role Separation for an RODC
Enable - ADoptionalFeature cmdlet
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Implement Shadow Copies
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

35. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Role Separation
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

36. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Printer driver isolation
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

37. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Raise the DFL to Windows Server 2008 R2.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

38. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Enable Windows Remote Management (WinRM) on the servers.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Dsmgmt

39. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Increase the tombstone lifetime for the forest.
Windows BitLocker Drive Encryption (Bit Locker)
Install Windows Server Backup and modify the Windows firewall settings

40. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
DISABLE slow link detection in the GPO
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Subnet object needs to be created
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

41. Can be used to install the Windows RE on existing servers
WDS
Add the new UPN suffix to the forest.
View properties of %systemroot%ntdsntds.dit
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

42. What utility is used to see what accounts cached on RODC?
Windows Server 2003
Active Directory Users and Computers
Authorization Manager role assignment
Data Recovery Agent

43. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Group Policy Preferences
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Configure the zone as an Activde Directory-Integrated zone.

44. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

45. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Execute the Set-ADServiceAccount cmdlet
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy a GPO to the WebSrvOU
dnscmd tool

46. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Implement Windows System Resource Manager (WSRM)
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure block inheritance on the IT OU
Microsoft Application Virtualization (AppV)

47. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Use Netsh tool from administrator's computer.
Add the new UPN suffix to the forest.

48. If you need to ensure that data is protected by BitLocker then you will...
NOT be able to store that data on an iSCSI SAN
Assign the application to all client computers by using a GPO.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Prestage the computer account in AD

49. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Windows Deployment Services (WDS)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Event Log Subscriptions

50. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Raise the DFL to Windows Server 2008 R2.
Then configure auto enrollment of certificates and Credential Roaming.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Incoming external trust