Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Create an Active Directory-Integrated zone.
Install Windows Server Backup and modify the Windows firewall settings
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

2. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Configure caching on the shared folder (offline files)
Add the new UPN suffix to the forest.
Deploy it by using Group Policy Software Installation method
Active Directory Right Management Services (AD RMS)

3. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Deploy a GPO to the WebSrvOU
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Ntfrsutil
From Server A - run Create Basic Task Wizard

4. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
DSMOD - ADUC
Implement folder redirection by using GPO. Then backup the folder redirection target.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

5. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Windows BitLocker Drive Encryption (Bit Locker)
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

6. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Recommend Offline Files

7. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Enable Windows Remote Management (WinRM) on each server.
Windows Server 2003
Microsoft Application Virtualization (AppV)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

8. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Role Separation
The Group Policy Management console
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
IIS Manager user account

9. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

10. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Microsoft System Center Data Protection Manager
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Install From Media IFM
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

11. To ensure that recovery is possible if a file on a file server is deleted accidentally
Autonomous mode...This allows the local administrator to approve their own updates.
Deploy a GPO for the Sales OU
Domain based Distributed File System (DFS) namespace and DFS Replication.
Implement Shadow Copies

12. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Assign the application to all client computers by using a GPO.
Install From Media IFM
FFL Windows Server 2008 R2
Active Directory Domains and Trusts

13. The strongest form of NAP is
Configure the zone as an Activde Directory-Integrated zone.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

14. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement Distributed File System Replication (DFSR) on both servers
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

15. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Create an e-mail account in AD DS for your RMS users
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement the Windows Search Service.
Modify properties of RODC server computer account.

16. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Ntdsutil
Printer driver isolation
DFL needs to be Windows Server 2008
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

17. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
File Server Resource Manager (FSRM) quotas and file screens
Microsoft Application Virtualization (AppV)
Upgrading DFS to Windows Server 2008 R2

18. Jack and Jill go up the hill - both with a buck and a quarter
Ldp
Domain based Distributed File System (DFS) will reduce network traffic
Jill came down with 2.50.
Zone transfer settings

19. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Raise the DFL to Windows Server 2008 R2.
Creating a data collector set that kick off a scritp that either move or delete files.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Create an Active Directory-Integrated zone.

20. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Network Load Balancing (NLB)
Win2000
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

21. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Add George to the Domain Admins group.
ntdsutil
Install From Media IFM
Microsoft SharePoint Foundation 2010

22. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Group Policy Preferences
Software Restriction Polices
Assign the application to computers in the PC OU
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

23. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
Install Hyper-V role and convert physical machines into virtual machines
Deploy a GPO to the WebSrvOU
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
IIS Manager user account

24. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Test-AppLockerPolicy
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Changed manually
Implement Network Access Protection (NAP) that uses 802.1x enforcement

25. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Add the Windows Server Backup feature and Windows System Image recovery.
Distributed File System (DFS) Replication
Install the RSAT tool on their workstation to provide for more efficient network management
Set-ADServiceAccount cmdlet

26. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Create an Active Directory-Integrated zone.
Your machine and remote desktops
CAPublishGP group should have the Manage CA permission.

27. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Role Separation
Creating a data collector set that kick off a scritp that either move or delete files.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install Windows Server Backup and modify the Windows firewall settings

28. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Dsmgmt
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Configure separate application pools for each application

29. To add a new UPN for all user accounts...
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
AD Domains and Trusts
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Install Hyper-V role and convert physical machines into virtual machines

30. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Upgrading DFS to Windows Server 2008 R2
Administrators is the minimum group membership required to complete this procedure.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

31. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
802.1.x NAP
Additional DFS Targets
Event Viewer

32. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
AD Rights Management Services
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Modify zone transfer settings for company.com zone on DCA
Implement the Windows Search Service.

33. To compact AD database...
FILES option within Ntdsutil
New ACCOUNT STORE should be added and configured
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

34. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Active Directory Users and Computers utility
Configure RODC for Administrator Role Separation
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

35. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
An Active Directory subnet object needs to be created.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Dfsrdiag
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

36. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Install the RSAT tool on their workstation to provide for more efficient network management
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
fsconfig on FSSrv2

37. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
CAPublishGP group should have the Manage CA permission.
Recommend Group Policy preferences

38. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
From Server1 - run the Create Basic Task Wizard
IIS Manager user account
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

39. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Microsoft Application Virtualization (AppV)
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy a failover cluster that contains one node in each office.

40. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Run adprep /forestprep and adprep /domainprep
Back up to an external USB drive by using Windows Server Backup
DFL needs to be Windows Server 2008

41. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Offline domain join
Add the user to the Domain Admins global group
Execute the Set-ADServiceAccount cmdlet
Implement one LUN for the quorum and another LUN for the data

42. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Then use on install image file that contains a single install image.
Configure event log subscriptions
Properties of PSO need modified

43. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Create a MEDV workspace
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

44. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create an e-mail account in AD DS for your RMS users.

45. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Incoming external trust
DSMOD - ADUC
Modify the local policy to point to the Internal WSUS server
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

46. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
The Group Policy Management Console
dnscmd
Properties of PSO need modified

47. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Deploy a GPO to the WebSrvOU
Raise the DFL to Windows Server 2008 R2.
Assign the application to computers in the PC OU
Implement GPO for all client computers

48. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Event Viewer
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Use local roles options within "dsmgmt"

49. To recover objects deleted from Active Directory you should recommend
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Active Directory snapshots and Tombstone reanimation
Disable Site Link Bridging from IP Properties

50. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
AD Rights Management Services
Use Netsh tool from administrator's computer.
Then use Windows BitLocker Drive Encryption