Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Printer driver isolation
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Disable Site Link Bridging from IP Properties

2. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
WDS
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Implement the Windows Search Service.

3. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
DFL needs to be Windows Server 2008
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

4. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Recommend Group Policy preferences
Network Load Balancing (NLB)
Implement GPO for all client computers

5. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Configure authorization rules for Web developers on each web server
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Deploy a failover cluster that uses Node and File Share Disk Majority

6. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Role Separation
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
FILES option within Ntdsutil

7. Need to access some resources in another domain that is part of another forest...What trust is created?
Implement Distributed File System Replication (DFSR) on both servers
Incoming external trust
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Service user account for AD LDS

8. To allow a specifc user or group to manage the address information for the user accounts...
Backup operator's domain local group
Add George to the Domain Admins group.
Recommend Active Directory delegation
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

9. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Add the new UPN Suffix to the forest
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
IIS Manager user account
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

10. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Deploy a GPO to the WebSrvOU
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

11. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

12. GPO setting to prevent all users from running an application
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Software Restriction Polices
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

13. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Dsmgmt
Share and Storage Management

14. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Enable - ADoptionalFeature cmdlet
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

15. Tool to change Directory Services Restore Mode password on Domain Controller...
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement GPO for all client computers
Install Windows Server Backup and modify the Windows firewall settings
ntdsutil

16. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Implement Network Access Protection (NAP)
Configure authorization rules for Web developers on each web server
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Domain based Distributed File System (DFS) will reduce network traffic

17. To ensure that recovery is possible if a file on a file server is deleted accidentally
Add the Windows Server Backup feature and Windows System Image recovery.
Active Directory Users and Computers utility
Implement Shadow Copies
From Server A - run Create Basic Task Wizard

18. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

19. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Add the new UPN suffix to the forest.

20. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Implement Distributed File System Replication (DFSR) on both servers
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

21. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Configure an audit policy by editing the default domain policy and configure Event Forwarding
dnscmd tool
Create a standard secondary of domain and create standard secondary of other domain.

22. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Windows System Resource Manager (WSRM)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Modify zone transfer settings for company.com zone on DCA
Autonomous mode...This allows the local administrator to approve their own updates.

23. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Back up to an external USB drive by using Windows Server Backup
MEDV to deploy virtual desktops

24. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Network Load Balancing (NLB) cluster
CAPublishGP group should have the Manage CA permission.
Configure Firewall Group Policies and link them at the Domain level

25. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Implement a GPO for each domain
Then use Windows BitLocker Drive Encryption
Authorization Manager role assignment
Run auditpol and then configure the Security settings of the Domain Controllers OU.

26. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Include a server that runs Microsoft Office SharePoint Server 2010
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
ntdsutil
Administrative Role Separation

27. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

28. Ensure password length for a group set to 12 characters long while others keep password policy
Configure folder redirection
Increase the tombstone lifetime for the forest.
Add the Windows Server Backup feature and Windows System Image recovery.
Add-ADFineGrainedPasswordPolicySubject cmdlet

29. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Software Restriction Polices
Group Policy Preferences
Install and share a printer on a server and then enable printer pooling.
Dfsrdiag

30. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
ntdsutil
Create a Network Load Balancing cluster.
Changed manually

31. A specific application requires registry modifications to be in place before installing; you should use
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Authorization Manager role assignment
Group Policy Preferences

32. Need to ensure users receive updated template within five days...
Network Load Balancing (NLB) cluster
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Registry on users computer needs to be modified
Modify the GPO to include folder redirection

33. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Configure event log subscriptions
Enable Windows Remote Management (WinRM) on each server.

34. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Deploy a GPO to the WebSrvOU
Disable Site Link Bridging from the IP properties
Group Policy Preferences
DSMOD - ADUC

35. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Ntfrsutil
Printer driver isolation
Test-AppLockerPolicy
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

36. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
From Server A - run Create Basic Task Wizard
A Distributed File System (DFS) namespace
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

37. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Basic Authentication and SSL
Autonomous mode...This allows the local administrator to approve their own updates.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

38. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure folder redirection

39. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Raise the DFL to Windows Server 2008 R2.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
PowerShell 2.0

40. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Enable Windows Remote Management (WinRM) on each server.
Additional DFS Targets
Service user account for AD LDS

41. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Discover the run Microsoft Baseline Security Analyzer (MBSA)
A Distributed File System (DFS) namespace
Implement a GPO for each domain
IIS Manager user account

42. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Ntdsutil
Modify zone transfer settings for company.com zone on DCA
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

43. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Purchase one additional Enterprise License
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

44. To configure Administrator Role Separation for an RODC
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Basic Authentication and SSL
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
New ACCOUNT STORE should be added and configured

45. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure RODC for Administrator Role Separation

46. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Authorization Manager
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Create an Active Directory-Integrated zone.
A relying party trust should be created.

47. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Add George to the Domain Admins group.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Create and deploy a logon script that runs Auditpol.

48. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Event Log Subscriptions
Then use Windows BitLocker Drive Encryption
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
AD Domains and Trusts

49. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Run net stop ntds
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

50. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
DISABLE slow link detection in the GPO
Implement a GPO for each domain
Incoming external trust
IIS Manager user account