Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The strongest form of NAP is
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Enable - ADoptionalFeature cmdlet

2. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
WSUS server in the branch office in replica mode.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

3. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Disable Site Link Bridging from the IP properties
Add the user to the Domain Admins global group

4. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Backup operator's domain local group

5. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Windows Server 2003
Increase the tombstone lifetime for the forest.
Configure caching on the shared folder (offline files)
Active Directory Users and Computers utility

6. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
802.1.x NAP
Add the user to the Domain Admins global group
Get-ADUser cmdlet

7. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Then configure GlobalNames zones on each domain controller.
Raise the DFL to Windows Server 2008 R2.
Certificate Templates
Improve the performance of File Servers

8. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Configure the zone as an Activde Directory-Integrated zone.
Back up to an external USB drive by using Windows Server Backup
Domain based Distributed File System (DFS) namespace and DFS Replication.
Win2000 Native

9. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Group Policy Preferences
Network Load Balancing (NLB) cluster
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

10. To update ADRMS password...
Additional DFS Targets
Share and Storage Management
AD Rights Management Services
Active Directory Domains and Trusts

11. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
Configure offline files and enable manual caching
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Win2000

12. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

13. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Site
Zone transfer settings

14. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Microsoft System Center Data Protection Manager
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
DSMOD - ADUC
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

15. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Domain based DFS namespace and configure a DFS replication group
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Site

16. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Implement Network Access Protection (NAP)
Certificate Templates
Winrm quickconfig

17. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Certificate Templates
Attach VHD file created by Windows server backup
Configure Firewall Group Policies and link them at the Domain level

18. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
From Server A - run Create Basic Task Wizard
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Autonomous mode...This allows the local administrator to approve their own updates.

19. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
View properties of %systemroot%ntdsntds.dit
Implement a Remote Desktop Connection Broker (RD Connection Broker)

20. To backup Virtual Machines
Deploy a failover cluster that contains one node in each office.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Ntdsutil
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

21. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure authorization rules for Web developers on each web server
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

22. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure event log subscriptions

23. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

24. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Administrative Role Separation
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

25. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Creating a data collector set that kick off a scritp that either move or delete files.
Enable Windows Remote Management (WinRM) on each server.
Use a GPO to configure device installation restrictions
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

26. To determine size of AD database file...
Add the Windows Server Backup feature and Windows System Image recovery.
Passive file screens
View properties of %systemroot%ntdsntds.dit
FILES option within Ntdsutil

27. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Then use Windows Deployment Services (WDS) on DHCP1.
Execute the Set-ADServiceAccount cmdlet
The Group Policy Management Console
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

28. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Additional DFS Targets
A Distributed File System (DFS) namespace
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Repadmin

29. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Printer driver isolation
Implement a GPO for each domain
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

30. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Windows BitLocker Drive Encryption (Bit Locker)
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Create and deploy a logon script that runs Auditpol.
A Distributed File System (DFS) namespace

31. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create a Network Load Balancing cluster.
A Distributed File System (DFS) namespace
Then use on install image file that contains a single install image.

32. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
New ACCOUNT STORE should be added and configured
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

33. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Enable Windows Remote Management (WinRM) on each server.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Microsoft System Center Data Protection Manager 2010

34. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Role Separation

35. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Ntdsutil
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Group Policy Preferences

36. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Authorization Manager role assignment
Install Windows Server Backup and modify the Windows firewall settings
From Server1 - run the Create Basic Task Wizard
Disable Site Link Bridging from the IP properties

37. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
ntdsutil
Enable Credential Roaming

38. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Then install new Server 2008 R2 Enterprise subordinate CA.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

39. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
WSUS server in the branch office in replica mode.
Dfsrdiag
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

40. You need to ensure that the guest account on all servers is disabled to
Raise the DFL to Windows Server 2008 R2.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Distributed File System (DFS) Replication
Run auditpol and then configure the Security settings of the Domain Controllers OU.

41. To recover objects deleted from Active Directory you should recommend
Install Hyper-V role and convert physical machines into virtual machines
Configure block inheritance on the IT OU
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Active Directory snapshots and Tombstone reanimation

42. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Raise the DFL to Windows Server 2008 R2.
Windows Server 2003
Deploy a GPO to the WebSrvOU

43. To create and additional AD LDS applicaiton directory partition in existing instance...
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Ldp
Enable Credential Roaming
Win2000 Native

44. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

45. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

46. You need to recommend a BitLocker recovery method you should recommend this.
Modify properties of RODC server computer account.
Then configure GlobalNames zones on each domain controller.
Dsmgmt
Data Recovery Agent

47. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Windows XP Mode
Repadmin
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

48. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Windows System Resource Manager (WSRM)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

49. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Microsoft Desktop Optimization Pack (MDOP) to your company
Assign the application to computers in the PC OU
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Deploy a GPO to the WebSrvOU

50. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure the zone as an Activde Directory-Integrated zone.
Configure caching on the shared folder and configure offline files to use encryption
DSMOD
Create an e-mail account in AD DS for your RMS users.