Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Create an e-mail account in AD DS for your RMS users.
Improve the performance of File Servers
Configure block inheritance on the IT OU
Add George to the Domain Admins group.

2. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Install Windows Server Backup and modify the Windows firewall settings
A Distributed File System (DFS) namespace
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

3. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
A relying party trust should be created.
Increase the tombstone lifetime for the forest.
Use a GPO to configure device installation restrictions
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

4. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Raise the DFL to Windows Server 2008 R2.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Data Recovery Agent
Prestage the computer account in AD

5. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Modify the GPO to include folder redirection
Create a Central Store
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

6. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Deploy it by using Group Policy Software Installation method
Back up to an external USB drive by using Windows Server Backup
CAPublishGP group should have the Manage CA permission.
Active Directory snapshots and Tombstone reanimation

7. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Add the user to the Domain Admins global group
Windows XP Mode
Raise the DFL to Windows Server 2008 R2.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

8. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Then configure GlobalNames zones on each domain controller.
View properties of %systemroot%ntdsntds.dit
File Server Resource Manager (FSRM) quotas and file screens

9. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Microsoft SharePoint Foundation 2010
Implement Windows System Resource Manager (WSRM)

10. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Encrypting File System (EFS). This can be enabled locally or through a GPO.
net stop ntds
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

11. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
An Active Directory subnet object needs to be created.

12. When recommending a monitoring solution for an application so that it's events can be stored in a central
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Modify the schema of LDSInst1
Creating a data collector set that kick off a scritp that either move or delete files.
Event Subscriptions

13. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
802.1.x NAP

14. You need to deploy a sales application that only the sales users must have access to
Deploy a GPO for the Sales OU
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

15. To be able to manage all the corporate servers from a workstation - you must install the
From Server A - run Create Basic Task Wizard
Network Load Balancing (NLB)
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

16. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Configure caching on the shared folder (offline files)
Administrative Role Separation

17. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Create an Active Directory-Integrated zone.
Offline domain join
Service user account for AD LDS
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

18. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Enable Windows Remote Management (WinRM) on the servers.
dsa.msc - dsamain.exe - ntdsutil.exe
Windows XP Mode

19. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Configure authorization rules for Web developers on each web server
Use Netsh tool from administrator's computer.
Winrm quickconfig
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

20. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Modify the GPO to include folder redirection
Test-AppLockerPolicy
Microsoft SharePoint Foundation 2010

21. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
NOT be able to store that data on an iSCSI SAN
Install From Media IFM
WDS

22. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Basic Authentication and SSL
Role Separation
Create a Network Load Balancing cluster.
An Active Directory subnet object needs to be created.

23. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Active Directory Right Management Services (AD RMS)
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Use CISCO IP Helper command to configure.
Configure authorization rules for Web developers on each web server

24. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Dynamically expanding VHD's
Raise the DFL to Windows Server 2008 R2.
Properties of PSO need modified
Configure offline files and enable manual caching

25. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Configure event log subscriptions
Add the Windows Server Backup feature and Windows System Image recovery.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Then configure GlobalNames zones on each domain controller.

26. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Create a MEDV workspace
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Deploy it by using Group Policy Software Installation method

27. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Create an e-mail account in AD DS for your RMS users
Network Load Balancing (NLB) cluster
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

28. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
802.1.x NAP
Software Restriction Polices

29. To join a server/PC outside of the domain to the network...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Raise the DFL to Windows Server 2008 R2.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

30. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Active Directory snapshots and Tombstone reanimation
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
A relying party trust should be created.
Assign the application to computers in the PC OU

31. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Use a GPO to configure device installation restrictions
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

32. You need to recommend a BitLocker recovery method you should recommend this.
Create and deploy a logon script that runs Auditpol.
Data Recovery Agent
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify the schema of LDSInst1

33. To determine size of AD database file...
View properties of %systemroot%ntdsntds.dit
Raise the DFL to Windows Server 2008 R2.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

34. What GPO setting should be configured to prevent all users from running an application?
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Software Restriction Polices
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

35. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Event Subscriptions
Incoming external trust
Implement folder redirection by using GPO. Then backup the folder redirection target.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

36. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Create a new Password Settings Object (PSO) for the IT users.
Disable Site Link Bridging from the IP properties
Microsoft System Center Data Protection Manager
Add the user to the Domain Admins global group

37. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Recommend Group Policy preferences
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure Audit Special Logon and define Special Groups
An Active Directory subnet object needs to be created.

38. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
DFL needs to be Windows Server 2008
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
ntdsutil
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

39. to make shares at a remote location available to users you should implement this.
Configure offline files and enable manual caching
Domain based Distributed File System (DFS) namespace and DFS Replication.
Modify the schema of LDSInst1
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

40. to protect file servers and hard disks that may be at risk of being accessed or stolen
Implement Windows BitLocker Drive Encryption (BitLocker)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
AD Rights Management Services
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

41. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
802.1.x NAP
Create a Central Store

42. To update ADRMS password...
Configure authorization rules for Web developers on each web server
AD Rights Management Services
Your machine and remote desktops
Configure the zone as an Activde Directory-Integrated zone.

43. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

45. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
FFL Windows Server 2008 R2
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Upgrading DFS to Windows Server 2008 R2

46. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Domain based Distributed File System (DFS) will reduce network traffic
Site
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

47. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
CAPublishGP group should have the Manage CA permission.
The Group Policy Management Console
Microsoft Desktop Optimization Pack (MDOP) to your company
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

48. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Domain based Distributed File System (DFS) will reduce network traffic
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Implement GPO for all client computers

49. Tool to change Directory Services Restore Mode password on Domain Controller...
Implement Windows System Resource Manager (WSRM)
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
ntdsutil
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

50. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Group Policy Preferences
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office