Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In order to reduce the administrative overhead typically involved with viewing event logs across multiple servers you should implement this.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Then use Windows Deployment Services (WDS)
Event Log Subscriptions

2. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
Enable - ADoptionalFeature cmdlet
Create and deploy a logon script that runs Auditpol.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

3. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
Create a Central Store
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
dnscmd
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

4. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Improve the performance of File Servers
Configure folder redirection
Domain based Distributed File System (DFS) namespace and DFS Replication.

5. To deploy templates across the organization
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Deploy Microsoft System Center Operations Manager (SCOM)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
A relying party trust should be created.

6. You need to ensure that the guest account on all servers is disabled to
NOT be able to store that data on an iSCSI SAN
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Properties of PSO need modified
From Server A - run Create Basic Task Wizard

7. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Service user account for AD LDS
Winrm quickconfig
Add the new UPN suffix to the forest.

8. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Run adprep /forestprep and adprep /domainprep
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions

9. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Configure separate application pools for each application
Storage manager for SANs
Active Directory Right Management Services (AD RMS)
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

10. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Group Policy Preferences
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Install the RSAT tool on their workstation to provide for more efficient network management

11. When deploying an application using the Group Policy distribution method assign the...
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Then configure auto enrollment of certificates and Credential Roaming.
Multipath I/O feature
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

12. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement one LUN for the quorum and another LUN for the data
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

13. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
PowerShell 2.0
Perform an authoritative restore
Implement Windows System Resource Manager (WSRM)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

14. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Use Netsh tool from administrator's computer.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Active Directory Right Management Services (AD RMS)
Create a Network Load Balancing cluster.

15. To allow a user to administer Active Directory
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Active Directory snapshots and Tombstone reanimation
Add the user to the Domain Admins global group
Enable - ADoptionalFeature cmdlet

16. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Assign the application to computers in the PC OU
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Enable Credential Roaming
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

17. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Implement the Windows Search Service.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Incoming external trust

18. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

19. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Active Directory Right Management Services (AD RMS)
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

20. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. To defragment and AD database...
net stop ntds
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement Network Access Protection (NAP)
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

22. You need to recommend a BitLocker recovery method you should recommend this.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Repadmin
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Data Recovery Agent

23. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Your machine and remote desktops
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Assign the application to all client computers by using a GPO.

24. You need to relocate an AD LDS instance from C: Drive to D: Drive
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Recommend GPT and basic disks
Implement Windows BitLocker Drive Encryption (BitLocker)

25. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Administrators is the minimum group membership required to complete this procedure.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
djoin /requesteodj from internal server - djoin /provision from outside server/PC

26. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Deploy a GPO to the WebSrvOU
Then use Windows BitLocker Drive Encryption
Offline domain join
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

27. To determine size of AD database file...
Registry on users computer needs to be modified
View properties of %systemroot%ntdsntds.dit
Properties of PSO need modified
Microsoft System Center Data Protection Manager 2010

28. To backup to tape/robotic tape and to backup VMs you must use...
Implement Distributed File System Replication (DFSR) on both servers
Microsoft Desktop Optimization Pack (MDOP) to your company
Microsoft System Center Data Protection Manager 2010
Microsoft SharePoint Foundation 2010

29. To backup GPO's in domain and minimize bakcup...
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Dsmgmt
The Group Policy Management Console

30. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

31. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

32. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
NOT be able to store that data on an iSCSI SAN
WDS
Disable Site Link Bridging from the IP properties

33. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Then use Windows Deployment Services (WDS) on DHCP1.
Perform an authoritative restore
Install Hyper-V role and convert physical machines into virtual machines

34. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Create an Active Directory-Integrated zone.
Site
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Microsoft System Center Data Protection Manager

35. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Implement Shadow Copies
Ntfrsutil
dnscmd tool

36. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
802.1.x NAP
WSUS server in the branch office in replica mode.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

37. You need to allow a user to add a single computer to a domain - without any additional rights...
Implement Network Access Protection (NAP) that uses 802.1x enforcement
DISABLE slow link detection in the GPO
Event Subscriptions
Prestage the computer account in AD

38. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Then use Windows BitLocker Drive Encryption
Configure the zone as an Activde Directory-Integrated zone.
Autonomous mode...This allows the local administrator to approve their own updates.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

39. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Dsmgmt
Then use Windows BitLocker Drive Encryption
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

40. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Network Load Balancing (NLB)
Domain based Distributed File System (DFS) will reduce network traffic
From Server1 - run the Create Basic Task Wizard
Purchase one additional Enterprise License

41. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Use the Local Roles options with dsmgmt.
Network Load Balancing (NLB)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Then use Windows Deployment Services (WDS) on DHCP1.

42. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Add George to the Domain Admins group.
Event Log Subscriptions

43. Files servers need to stay connected to the SAN if a NIC fails. You should recommend
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Multipath I/O feature
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

44. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Domain based Distributed File System (DFS) will reduce network traffic
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Then use Windows BitLocker Drive Encryption

45. Ensure password length for a group set to 12 characters long while others keep password policy
Modify properties of RODC server computer account.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Create and deploy a logon script that runs Auditpol.

46. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Certificate Templates
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Modify the schema of LDSInst1
Implement a Remote Desktop Connection Broker (RD Connection Broker)

47. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Enable Windows Remote Management (WinRM) on the servers.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Perform an authoritative restore
AD Rights Management Services

48. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Jill came down with 2.50.
Enable Credential Roaming
Add the new UPN suffix to the forest.
Authorization Manager

49. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Utilize IFM (Install From Media)

50. New Password Policy needs to be created for OU different from domain password policy
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
DSMOD - ADUC
A relying party trust should be created.