Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Add the user to the Domain Admins global group
Configure caching on the shared folder (offline files)
From Server A - run Create Basic Task Wizard
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

2. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Create a Network Load Balancing cluster.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Use a GPO to configure device installation restrictions

3. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

4. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
802.1.x NAP
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

5. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Then use Windows Deployment Services (WDS)
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Certificate Templates

6. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Basic Authentication and SSL
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Use the Local Roles options with dsmgmt.
Ldp

7. Capture all replication errors from all your DCs to a central location...
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Printer driver isolation
Configure event log subscriptions
DFL needs to be Windows Server 2008

8. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Zone transfer settings
Microsoft Application Virtualization (AppV)
Run net stop ntds
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

9. to prevent VMs from receiving updats from a group policy
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Then use Windows Deployment Services (WDS)
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

10. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Implement one LUN for the quorum and another LUN for the data
Disable Site Link Bridging from IP Properties
Share and Storage Management

11. To deploy templates across the organization
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create a Network Load Balancing cluster.
Deploy a failover cluster that contains one node in each office.

12. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Passive file screens
Deploy a GPO for the Sales OU

13. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Dfsrdiag
Administrators is the minimum group membership required to complete this procedure.
Active Directory Users and Computers

14. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

15. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Repadmin
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Network Load Balancing (NLB) cluster
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

16. Jack and Jill go up the hill - both with a buck and a quarter
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Jill came down with 2.50.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

17. To allow a specifc user or group to manage the address information for the user accounts...
dnscmd tool
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Recommend Active Directory delegation

18. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Firewall Group Policies and link them at the Domain level
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Zone transfer settings

19. 4 steps to perform authoritative restore of a deleted OU...
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Winrm quickconfig
Modify the schema of LDSInst1
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

20. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Folder redirection. Folder redirection is also useful when using roamin profiles.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

21. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
DISABLE slow link detection in the GPO
Then configure auto enrollment of certificates and Credential Roaming.
Windows BitLocker Drive Encryption (Bit Locker)
Registry on users computer needs to be modified

22. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
Deploy the Root CA certificate to the external computers.
Incoming external trust
Win2000

23. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Administrative Role Separation
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Microsoft System Center Data Protection Manager
Dfsrdiag

24. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Test-AppLockerPolicy
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

25. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Microsoft Desktop Optimization Pack (MDOP) to your company
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Share and Storage Management

26. To ensure that a file on a file server do not leave the organization you must implement this.
Deploy a GPO to the WebSrvOU
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Assign the application to all client computers by using a GPO.
AD RMS

27. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then use on install image file that contains a single install image.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

28. To backup Virtual Machines
Install Hyper-V role and convert physical machines into virtual machines
Implement Distributed File System Replication (DFSR) on both servers
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

29. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Use CISCO IP Helper command to configure.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

30. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Then use Windows Deployment Services (WDS)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
A relying party trust should be created.
Create a new Password Settings Object (PSO) for the IT users.

31. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure offline files and enable manual caching
AD RMS
Implement Windows BitLocker Drive Encryption (BitLocker)

32. 2 ways to relocate user and computer accounts to different OUs
Dsmgmt
Add the Windows Server Backup feature and Windows System Image recovery.
Disable Site Link Bridging from the IP properties
DSMOD - ADUC

33. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Get-ADUser cmdlet
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Storage manager for SANs

34. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
DSMOD - ADUC
net stop ntds
Subnet object needs to be created

35. UPN Suffix xxxx.com needs to be available for user accounts...
Add the new UPN Suffix to the forest
Create an Active Directory-Integrated zone.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Set-ADServiceAccount cmdlet

36. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Certificate Templates
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

37. In order to manage websites without having to logon you can use
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
PowerShell 2.0
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

38. When one needs to audit files - folders - printers and the registry enable
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Raise the DFL to Windows Server 2008 R2.

39. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Modify the GPO to include folder redirection

40. To add a server with AD FS 2.0 role to an existing AD FS farm...
fsconfig on FSSrv2
Implement a domain-based DFS namespace that uses replication
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

41. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Implement Shadow Copies
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Microsoft System Center Data Protection Manager
Disable Site Link Bridging from IP Properties

42. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
IIS Chared Configuration
Configure folder redirection

43. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
From Server A - run Create Basic Task Wizard
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Properties of PSO need modified
Use the Local Roles options with dsmgmt.

44. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Restore-ADObject cmdlet
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
From Server1 - run the Create Basic Task Wizard
Configure caching on the shared folder and configure offline files to use encryption

45. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Data Recovery Agent
Then use Windows BitLocker Drive Encryption
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

46. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Install Hyper-V role and convert physical machines into virtual machines
An Active Directory subnet object needs to be created.

47. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Deploy a GPO to the WebSrvOU
Create a MEDV workspace
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Properties of PSO need modified

48. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
An Active Directory subnet object needs to be created.
Winrm quickconfig
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

49. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Disable Site Link Bridging from the IP properties
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Run net stop ntds

50. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Prestage the computer account in AD
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Incoming external trust
Set-ADServiceAccount cmdlet