Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Implement Windows System Resource Manager (WSRM) and configure user policies
Offline domain join
Create and deploy a logon script that runs Auditpol.
Implement Windows System Resource Manager (WSRM)

2. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Storage manager for SANs
Configure caching on the shared folder (offline files)

3. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Jill came down with 2.50.
DFL needs to be Windows Server 2008
net stop ntds

4. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Then configure GlobalNames zones on each domain controller.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure block inheritance on the IT OU
Recommend GPT and basic disks

5. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Ldp
From Server A - run Create Basic Task Wizard
Disable Site Link Bridging from IP Properties
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

6. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Microsoft SharePoint Foundation 2010

7. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
WSUS server in the branch office in replica mode.
Passive file screens
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

8. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Then configure auto enrollment of certificates and Credential Roaming.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Then use on install image file that contains a single install image.

9. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
FFL Windows Server 2008 R2
DFL needs to be Windows Server 2008
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

10. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure event log subscriptions
File Server Resource Manager (FSRM) quotas and file screens
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

11. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
FFL Windows Server 2008 R2
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

12. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Perform an authoritative restore
Dfsrdiag
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

13. To allow a user to administer Active Directory
Add the user to the Domain Admins global group
Disable Site Link Bridging from the IP properties
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Modify properties of RODC server computer account.

14. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Configure the zone as an Activde Directory-Integrated zone.
A Distributed File System (DFS) namespace

15. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Microsoft System Center Data Protection Manager
Import-Module
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
DSMOD - ADUC

16. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
Deploy the Root CA certificate to the external computers.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Network Load Balancing (NLB)

17. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Event Subscriptions
Authorization Manager role assignment
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Repadmin

18. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Ntdsutil

19. If subnets are connected by CISCO router that is RFC-1542 compliant
PowerShell 2.0
Ldp
NOT be able to store that data on an iSCSI SAN
Use CISCO IP Helper command to configure.

20. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Restore-ADObject cmdlet
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Get-ADUser cmdlet

21. If you need to encrypt all data on all disks
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Then use Windows BitLocker Drive Encryption
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Then use on install image file that contains a single install image.

22. To allow connection to a 256 Kbps ISDN...
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Service user account for AD LDS
DISABLE slow link detection in the GPO
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

23. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Prestage the computer account in AD
Enable Credential Roaming
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

24. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Set-ADServiceAccount cmdlet
Ntfrsutil
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

25. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Storage manager for SANs
Then use on install image file that contains a single install image.

26. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. To ensure that recovery is possible if a file on a file server is deleted accidentally
Implement Shadow Copies
Windows XP Mode
Network Load Balancing (NLB)
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

28. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Install From Media IFM
Test-AppLockerPolicy
Create an Active Directory-Integrated zone.

29. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

30. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Repadmin
IIS Chared Configuration

31. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Then use Windows BitLocker Drive Encryption
Add the new UPN suffix to the forest.

32. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Configure offline files and enable manual caching
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Test-AppLockerPolicy
Storage manager for SANs

33. File that contains the last logon time and custom attributes values for each user in your forest.
AD Rights Management Services
Get-ADUser cmdlet
Ntfrsutil
Implement a GPO for each domain

34. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Windows Server 2003
Registry on users computer needs to be modified
Modify zone transfer settings for company.com zone on DCA

35. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Microsoft Desktop Optimization Pack (MDOP) to your company
Implement Windows BitLocker Drive Encryption (BitLocker)
Share and Storage Management

36. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Changed manually
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
NOT be able to store that data on an iSCSI SAN
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

37. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Zone transfer settings
net stop ntds
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

38. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Install the RSAT tool on their workstation to provide for more efficient network management
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Test-AppLockerPolicy

39. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Configure separate application pools for each application
Folder redirection. Folder redirection is also useful when using roamin profiles.
Improve the performance of File Servers

40. New Password Policy needs to be created for OU different from domain password policy
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Implement Shadow Copies
Authorization Manager role assignment
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

41. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Modify the GPO to include folder redirection
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
dsa.msc - dsamain.exe - ntdsutil.exe

42. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Network Load Balancing (NLB) cluster
Domain based Distributed File System (DFS) namespace and DFS Replication.
Enable Windows Remote Management (WinRM) on each server.

43. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Repadmin
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Restore-ADObject cmdlet
Raise the DFL to Windows Server 2008 R2.

44. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
FFL Windows Server 2008 R2

45. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Creating a data collector set that kick off a scritp that either move or delete files.
Deploy it by using Group Policy Software Installation method
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

46. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Administrative Role Separation
dnscmd
AD Rights Management Services
Dfsrdiag

47. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Configure the zone as an Activde Directory-Integrated zone.
Creating a data collector set that kick off a scritp that either move or delete files.

48. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Assign the application to computers in the PC OU
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Network Load Balancing (NLB)
Add the new UPN Suffix to the forest

49. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Import-Module
Windows XP Mode
Dynamically expanding VHD's
Enable Windows Remote Management (WinRM) on the servers.

50. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)