Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To be able to manage all the corporate servers from a workstation - you must install the
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
DSMOD
Windows Server 2003
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

2. If you need to minimize the number of install images and support Win Server 2008 R2 deployment
FILES option within Ntdsutil
Add George to the Domain Admins group.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Then use on install image file that contains a single install image.

3. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Software Restriction Polices
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Disable Site Link Bridging from IP Properties
Implement Network Access Protection (NAP) that uses 802.1x enforcement

4. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Deploy a failover cluster that contains one node in each office.
Distributed File System (DFS) Replication
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Network Load Balancing (NLB)

5. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
dnscmd
Event Log Subscriptions
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

6. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Incoming external trust
Implement a domain-based DFS namespace that uses replication

7. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Ntfrsutil
Add George to the Domain Admins group.
Basic Authentication and SSL
Then use Windows Deployment Services (WDS)

8. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then configure auto enrollment of certificates and Credential Roaming.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
New ACCOUNT STORE should be added and configured
Implement folder redirection by using GPO. Then backup the folder redirection target.

9. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Passive file screens
FFL Windows Server 2008 R2
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Role Separation

10. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Increase the tombstone lifetime for the forest.
Enable - ADoptionalFeature cmdlet

11. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Event Subscriptions
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Winrm quickconfig
net stop ntds

12. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Assign the application to computers in the PC OU
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

13. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Implement Windows System Resource Manager (WSRM)
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

14. To create and additional AD LDS applicaiton directory partition in existing instance...
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Ldp
MEDV to deploy virtual desktops
Event Subscriptions

15. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrading DFS to Windows Server 2008 R2
Add the Windows Server Backup feature and Windows System Image recovery.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

16. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
Increase the tombstone lifetime for the forest.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Authorization Manager role assignment

17. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Utilize IFM (Install From Media)
Refresh the zone on DNS2
Properties of PSO need modified
ntdsutil

18. To ensure that recovery is possible if a file on a file server is deleted accidentally
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Implement Shadow Copies
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

19. Need to ensure users receive updated template within five days...
Assign the application to computers in the PC OU
Registry on users computer needs to be modified
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Creating a data collector set that kick off a scritp that either move or delete files.

20. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Site
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Administrative Role Separation
MEDV to deploy virtual desktops

21. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Back up to an external USB drive by using Windows Server Backup
Distributed File System (DFS) Replication
Install the RSAT tool on their workstation to provide for more efficient network management
Assign the application to all client computers by using a GPO.

22. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

23. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Configure event log subscriptions
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

24. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Restore-ADObject cmdlet
Execute the Set-ADServiceAccount cmdlet
FFL Windows Server 2008 R2
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

25. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Incoming external trust
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Backup operator's domain local group
Authorization Manager

26. What GPO setting should be configured to prevent all users from running an application?
Modify the schema of LDSInst1
Software Restriction Polices
Configure the zone as an Activde Directory-Integrated zone.
Create an Active Directory-Integrated zone.

27. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Configure separate application pools for each application
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Use the Local Roles options with dsmgmt.

28. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Offline domain join
Configure Audit Special Logon and define Special Groups
Event Log Subscriptions
Implement GPO for all client computers

29. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
WSUS server in the branch office in replica mode.
fsconfig on FSSrv2

30. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Implement Distributed File System Replication (DFSR) on both servers
Incoming external trust
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Disable Site Link Bridging from the IP properties

31. To modify several user accounts to a new UPN suffix
Windows XP Mode
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Refresh the zone on DNS2
Active Directory Users and Computers utility

32. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Back up to an external USB drive by using Windows Server Backup
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure folder redirection
Create an e-mail account in AD DS for your RMS users.

33. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Recommend GPT and basic disks
AD Domains and Trusts
Folder redirection. Folder redirection is also useful when using roamin profiles.

34. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Then use Windows BitLocker Drive Encryption
NOT be able to store that data on an iSCSI SAN
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

35. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Distributed File System Replication (DFSR) on both servers
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Group Policy Preferences
fsconfig on FSSrv2

36. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Dynamically expanding VHD's
Implement Windows System Resource Manager (WSRM) and configure user policies
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

37. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Run the Delegation of Control Wizard on the Staff OU
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then use Windows Deployment Services (WDS) on DHCP1.
Your machine and remote desktops

38. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Recommend Offline Files
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Microsoft Desktop Optimization Pack (MDOP) to your company
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

39. To backup Virtual Machines
Purchase one additional Enterprise License
Network Load Balancing (NLB) cluster
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

40. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Then install new Server 2008 R2 Enterprise subordinate CA.
fsconfig on FSSrv2
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

41. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
dsa.msc - dsamain.exe - ntdsutil.exe
AD RMS
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure the zone as an Activde Directory-Integrated zone.

42. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Deploy the Root CA certificate to the external computers.
Deploy a failover cluster that contains one node in each office.
Microsoft SharePoint Foundation 2010
Create a new Password Settings Object (PSO) for the IT users.

43. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Certificate Templates
Deploy a GPO for the Sales OU
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

44. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Event Subscriptions
Create and deploy a logon script that runs Auditpol.

45. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

46. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Distributed File System (DFS) Replication
Modify the local policy to point to the Internal WSUS server
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

47. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

48. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Back up to an external USB drive by using Windows Server Backup
Deploy the Root CA certificate to the external computers.

49. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Test-AppLockerPolicy
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Add-ADFineGrainedPasswordPolicySubject cmdlet
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

50. To update ADRMS password...
AD Rights Management Services
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure block inheritance on the IT OU
Implement a domain-based DFS namespace that uses replication