Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
File Server Resource Manager (FSRM) quotas and file screens

2. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Encrypting File System (EFS). This can be enabled locally or through a GPO.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Implement Distributed File System Replication (DFSR) on both servers
Microsoft Application Virtualization (AppV)

3. To allow connection to a 256 Kbps ISDN...
Implement the Windows Search Service.
DISABLE slow link detection in the GPO
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
From Server1 - run the Create Basic Task Wizard

4. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Deploy a GPO to the WebSrvOU
Use the Local Roles options with dsmgmt.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

5. To build a highly secure server cluster with a reduced attack surface area
Import-Module
Active Directory Domains and Trusts
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

6. Enables you to receive emails when domain users locked out of accounts...
Active Directory Users and Computers
Event Viewer
An Active Directory subnet object needs to be created.
Deploy the Root CA certificate to the external computers.

7. To prevent account password from being cached on RODC server...
Your machine and remote desktops
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Modify properties of RODC server computer account.

8. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
DSMOD - ADUC
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

9. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Attach VHD file created by Windows server backup
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

10. To allow a specifc user or group to manage the address information for the user accounts...
Offline domain join
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Recommend Active Directory delegation
Configure authorization rules for Web developers on each web server

11. UPN Suffix xxxx.com needs to be available for user accounts...
Import-Module
Add the new UPN Suffix to the forest
Add-ADFineGrainedPasswordPolicySubject cmdlet
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

12. If you want to allow single-label name resolution
The Group Policy Management console
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Then configure GlobalNames zones on each domain controller.

13. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Use Netsh tool from administrator's computer.
Restore-ADObject cmdlet

14. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
WDS
Active Directory snapshots and Tombstone reanimation
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

15. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Printer driver isolation
Winrm quickconfig
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

16. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Restore-ADObject cmdlet
Configure caching on the shared folder (offline files)
Use the Local Roles options with dsmgmt.
Back up to an external USB drive by using Windows Server Backup

17. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Role Separation
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

18. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Create an Active Directory-Integrated zone.
Then use Windows BitLocker Drive Encryption
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

19. To add a new UPN for all user accounts...
AD Domains and Trusts
Assign the application to all client computers by using a GPO.
Microsoft Application Virtualization (AppV)
Microsoft System Center Data Protection Manager 2010

20. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Your machine and remote desktops
Implement a domain-based DFS namespace that uses replication
Creating a data collector set that kick off a scritp that either move or delete files.

21. To create and additional AD LDS applicaiton directory partition in existing instance...
Implement a GPO for each domain
Ldp
IIS Manager user account
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

22. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Then use on install image file that contains a single install image.
Improve the performance of File Servers
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

23. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implement one LUN for the quorum and another LUN for the data
DSMOD
Implement a domain-based DFS namespace that uses replication

24. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
DSMOD - ADUC
Enable Credential Roaming
Create a standard secondary of domain and create standard secondary of other domain.
Then install new Server 2008 R2 Enterprise subordinate CA.

25. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Create a standard secondary of domain and create standard secondary of other domain.
Windows System Resource Manager (WSRM)
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Implement a domain-based DFS namespace that uses replication

26. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Enable Windows Remote Management (WinRM) on the servers.
Authorization Manager
From Server1 - run the Create Basic Task Wizard
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

27. What should be done to resolve names by using GlobalNames zone?
Purchase one additional Enterprise License
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
dnscmd tool
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

28. If you need to delegate control of server to remote admins group
Configure RODC for Administrator Role Separation
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Discover the run Microsoft Baseline Security Analyzer (MBSA)
djoin /requesteodj from internal server - djoin /provision from outside server/PC

29. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Microsoft SharePoint Foundation 2010
Active Directory Domains and Trusts
Raise the DFL to Windows Server 2008 R2.
Deploy a failover cluster that contains one node in each office.

30. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
PDC emulator with w32tm.exe
An Active Directory subnet object needs to be created.

31. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Then install new Server 2008 R2 Enterprise subordinate CA.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Microsoft Desktop Optimization Pack (MDOP)
Winrm quickconfig

32. You need to relocate an AD LDS instance from C: Drive to D: Drive
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Deploy the Root CA certificate to the external computers.
Active Directory Right Management Services (AD RMS)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

33. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Microsoft Desktop Optimization Pack (MDOP) to your company
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Use the Local Roles options with dsmgmt.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

34. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Increase the tombstone lifetime for the forest.
Add the Windows Server Backup feature and Windows System Image recovery.
IIS Manager user account
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

35. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Additional DFS Targets
Recommend Offline Files

36. To ensure that recovery is possible if a file on a file server is deleted accidentally
Implement Shadow Copies
Deploy a GPO to the WebSrvOU
Refresh the zone on DNS2
Then use Windows BitLocker Drive Encryption

37. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Add George to the Domain Admins group.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

38. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Your machine and remote desktops
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

39. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Purchase one additional Enterprise License
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement the Windows Search Service.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

40. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
net stop ntds
Configure an audit policy by editing the default domain policy and configure Event Forwarding
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

41. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Ntdsutil
Enable Windows Remote Management (WinRM) on each server.
Repadmin

42. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Multipath I/O feature
Create a MEDV workspace

43. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Deploy the Root CA certificate to the external computers.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

44. To backup Virtual Machines
Install Windows Server Backup and modify the Windows firewall settings
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

45. To be able to user an application from one AD FS with authentication server to another...
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
A relying party trust should be created.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

46. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Authorization Manager role assignment
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Configure block inheritance on the IT OU

47. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
MEDV to deploy virtual desktops
Configure block inheritance on the IT OU
Enable Credential Roaming
Increase the tombstone lifetime for the forest.

48. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Use local roles options within "dsmgmt"
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Then configure auto enrollment of certificates and Credential Roaming.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

49. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Ntfrsutil
The Group Policy Management Console
Software Restriction Polices

50. Ensure password length for a group set to 12 characters long while others keep password policy
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}