Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
IIS Manager user account
Create a standard secondary of domain and create standard secondary of other domain.
Deploy a failover cluster that uses Node and File Share Disk Majority

2. To create and additional AD LDS applicaiton directory partition in existing instance...
Deploy the Root CA certificate to the external computers.
Recommend Active Directory delegation
Create a new Password Settings Object (PSO) for the IT users.
Ldp

3. If users complain that it is hard to find the shared folders on the network implement
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
View properties of %systemroot%ntdsntds.dit
Enable Windows Remote Management (WinRM) on each server.
Additional DFS Targets

4. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Multipath I/O feature
Active Directory Right Management Services (AD RMS)
Authorization Manager

5. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Site
DSMOD - ADUC
Install the RSAT tool on their workstation to provide for more efficient network management

6. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
FILES option within Ntdsutil
Backup operator's domain local group
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Share and Storage Management

7. What should be done to ensure changes made to AD objects can be logged?
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Microsoft Desktop Optimization Pack (MDOP) to your company
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Network Load Balancing (NLB)

8. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Then use Windows BitLocker Drive Encryption
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

9. To restore deleted user account from AD Recycle Bin...
Restore-ADObject cmdlet
Use local roles options within "dsmgmt"
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

10. When one needs to audit files - folders - printers and the registry enable
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Microsoft Desktop Optimization Pack (MDOP) to your company
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

11. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Implement Network Access Protection (NAP)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Include a server that runs Microsoft Office SharePoint Server 2010
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

12. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
Test-AppLockerPolicy
Enable Credential Roaming
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

13. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Run adprep /forestprep and adprep /domainprep
Execute the Set-ADServiceAccount cmdlet
FFL Windows Server 2008 R2

14. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Microsoft Application Virtualization (AppV)
Subnet object needs to be created
CAPublishGP group should have the Manage CA permission.

15. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

16. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Data Recovery Agent
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Win2000 Native

17. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
Deploy a failover cluster that uses Node and File Share Disk Majority
DSMOD
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

18. In order to ensure highly available Windows Update servers you should create this.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Increase the tombstone lifetime for the forest.

19. To minimize the amount of storage required you should recommend
Share and Storage Management
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Storage manager for SANs
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.

20. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
AD RMS
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

21. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Restore-ADObject cmdlet
Dsmgmt
AD RMS
Then use on install image file that contains a single install image.

22. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Deploy Microsoft System Center Operations Manager (SCOM)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

23. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Microsoft Application Virtualization (AppV)
PDC emulator with w32tm.exe
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

24. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Run adprep /forestprep and adprep /domainprep
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Back up to an external USB drive by using Windows Server Backup

25. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Disable Site Link Bridging from IP Properties
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
DSMOD - ADUC
Printer driver isolation

26. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Zone transfer settings
Group Policy Preferences
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

27. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
MEDV to deploy virtual desktops
From Server1 - run the Create Basic Task Wizard
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

28. To delegate authority to users to manage only certain areas in Hyper-V use the
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Install From Media IFM
Authorization Manager role assignment
CAPublishGP group should have the Manage CA permission.

29. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
WSUS server in the branch office in replica mode.
Autonomous mode...This allows the local administrator to approve their own updates.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Implement a GPO for each domain

30. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
DFL needs to be Windows Server 2008
Additional DFS Targets
Site

31. You need to deploy a sales application that only the sales users must have access to
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Administrative Role Separation
Deploy a GPO for the Sales OU
Implement folder redirection by using GPO. Then backup the folder redirection target.

32. To identify users who bypass the new corporate security policy -
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Create a Central Store
Configure Audit Special Logon and define Special Groups
Creating a data collector set that kick off a scritp that either move or delete files.

33. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Ldp
Attach VHD file created by Windows server backup
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

34. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Group Policy Preferences

35. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement GPO for all client computers
802.1.x NAP
Creating a data collector set that kick off a scritp that either move or delete files.
Deploy a failover cluster that uses Node and File Share Disk Majority

36. If you want to implement BitLocker and store recovery informaiton in a central location
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Implement Shadow Copies
Create an e-mail account in AD DS for your RMS users.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

37. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Incoming external trust
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

38. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Then use Windows Deployment Services (WDS)
Configure RODC for Administrator Role Separation
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

39. What utility is used to see what accounts cached on RODC?
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Incoming external trust
Active Directory Users and Computers
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

40. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Dynamically expanding VHD's
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Use a GPO to configure device installation restrictions

41. To prevent account password from being cached on RODC server...
DISABLE slow link detection in the GPO
Dsmgmt
Modify properties of RODC server computer account.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

42. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Then use Windows Deployment Services (WDS)
New ACCOUNT STORE should be added and configured
Ldp
File Server Resource Manager (FSRM) quotas and file screens

43. You need to recommend a BitLocker recovery method you should recommend this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Authorization Manager
Data Recovery Agent
Passive file screens

44. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Creating a data collector set that kick off a scritp that either move or delete files.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Ntfrsutil

45. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

46. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Then use Windows Deployment Services (WDS)
WSUS server in the branch office in replica mode.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Implement the Windows Search Service.

47. To add a new UPN for all user accounts...
IIS Manager user account
Dfsrdiag
AD Domains and Trusts
Deploy the Root CA certificate to the external computers.

48. 4 steps to perform authoritative restore of a deleted OU...
Domain based Distributed File System (DFS) will reduce network traffic
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
ntdsutil

49. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Storage manager for SANs

50. Tools to view contents of an OU in an AD snapshot...
Your machine and remote desktops
Then use Windows BitLocker Drive Encryption
Assign the application to all client computers by using a GPO.
dsa.msc - dsamain.exe - ntdsutil.exe