Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. to make shares at a remote location available to users you should implement this.
The Group Policy Management Console
Domain based Distributed File System (DFS) namespace and DFS Replication.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

2. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Assign the application to computers in the PC OU
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add the new UPN suffix to the forest.
Certificate Templates

3. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Import-Module
Basic Authentication and SSL
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

4. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Passive file screens

5. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Implement Distributed File System Replication (DFSR) on both servers
Offline domain join
Multipath I/O feature
Test-AppLockerPolicy

6. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Configure block inheritance on the IT OU
DISABLE slow link detection in the GPO

7. What role to keep same time as an external server?
Run the Delegation of Control Wizard on the Staff OU
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
PDC emulator with w32tm.exe
Modify the GPO to include folder redirection

8. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Windows System Resource Manager (WSRM)
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Restore-ADObject cmdlet

9. For the users that work remotely that need access to files from the corporate office you should...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Recommend Offline Files
Creating a data collector set that kick off a scritp that either move or delete files.

10. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
DSMOD - ADUC
Dfsrdiag

11. Need to access some resources in another domain that is part of another forest...What trust is created?
Restore-ADObject cmdlet
ntdsutil
Incoming external trust
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

12. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Assign the application to all client computers by using a GPO.
Upgrading DFS to Windows Server 2008 R2

13. To ensure that recovery is possible if a file on a file server is deleted accidentally
Install the RSAT tool on their workstation to provide for more efficient network management
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Implement Shadow Copies
Implement one LUN for the quorum and another LUN for the data

14. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Add the Windows Server Backup feature and Windows System Image recovery.
Changed manually
IIS Manager user account
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

15. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Raise the DFL to Windows Server 2008 R2.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

16. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
Active Directory Users and Computers
Dsmgmt
Dfsrdiag

17. You need to relocate an AD LDS instance from C: Drive to D: Drive
Your machine and remote desktops
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure event log subscriptions
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

18. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Configure folder redirection
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
From Server A - run Create Basic Task Wizard
Use local roles options within "dsmgmt"

19. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Implement a domain-based DFS namespace that uses replication
Data Recovery Agent
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

20. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Run the Delegation of Control Wizard on the Staff OU
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
fsconfig on FSSrv2

21. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
The Group Policy Management console
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
From Server A - run Create Basic Task Wizard
AD RMS

22. If you want to allow single-label name resolution
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Then configure GlobalNames zones on each domain controller.
Then use Windows Deployment Services (WDS)

23. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Include a server that runs Microsoft Office SharePoint Server 2010
Dsmgmt
Deploy the Root CA certificate to the external computers.
Execute the Set-ADServiceAccount cmdlet

24. To make deploying the custom Word dictionary easy
Group Policy Preferences
Recommend Group Policy preferences
Use local roles options within "dsmgmt"
Distributed File System (DFS) Replication

25. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Modify the GPO to include folder redirection
Service user account for AD LDS
Implement Windows System Resource Manager (WSRM)
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

26. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement Windows System Resource Manager (WSRM) and configure user policies
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create ADMX and ADML files. Configure the GPO and link it to the domain.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

27. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Deploy a GPO for the Sales OU
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Create an e-mail account in AD DS for your RMS users.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

28. In order to ensure highly available Windows Update servers you should create this.
Purchase one additional Enterprise License
Win2000 Native
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

29. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Properties of PSO need modified
Enable Credential Roaming
dnscmd

30. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Then configure GlobalNames zones on each domain controller.
AD RMS

31. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Test-AppLockerPolicy
Configure caching on the shared folder and configure offline files to use encryption
The Group Policy Management Console

32. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Set-ADServiceAccount cmdlet
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Configure folder redirection
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

33. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

34. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Win2000 Native
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

35. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Passive file screens
Then use on install image file that contains a single install image.
Implement one LUN for the quorum and another LUN for the data

36. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Deploy Microsoft System Center Operations Manager (SCOM)
Recommend Group Policy preferences
Create a Network Load Balancing cluster.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

37. You need to ensure that the guest account on all servers is disabled to
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement the Windows Search Service.
Test-AppLockerPolicy
Discover the run Microsoft Baseline Security Analyzer (MBSA)

38. An AD LDS instance needs to be replicated from one server to another...
Zone transfer settings
Windows XP Mode
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Service user account for AD LDS

39. Auditing the deletion of Registry keys on all Domain Controllers
Network Load Balancing (NLB)
Test-AppLockerPolicy
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement Network Access Protection (NAP) that uses 802.1x enforcement

40. DFL is...
Then configure auto enrollment of certificates and Credential Roaming.
IIS Chared Configuration
Win2000 Native
Windows System Resource Manager (WSRM)

41. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Add the new UPN Suffix to the forest
Configure caching on the shared folder (offline files)

42. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Implement Distributed File System Replication (DFSR) on both servers
Install and share a printer on a server and then enable printer pooling.
Distributed File System (DFS) Replication
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

43. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Deploy the Root CA certificate to the external computers.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Implement Network Access Protection (NAP)

45. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Windows System Resource Manager (WSRM)
Microsoft System Center Data Protection Manager
Additional DFS Targets
Ntdsutil

46. When deploying an application using the Group Policy distribution method assign the...
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install the RSAT tool on their workstation to provide for more efficient network management

47. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
DSMOD - ADUC

48. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Properties of PSO need modified
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

49. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Then use Windows Deployment Services (WDS)
Event Log Subscriptions
An Active Directory subnet object needs to be created.

50. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Deploy a failover cluster that contains one node in each office.
Event Viewer
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Raise the DFL to Windows Server 2008 R2.