Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Administrative Role Separation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

2. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Improve the performance of File Servers
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Domain based Distributed File System (DFS) namespace and DFS Replication.
Create an Active Directory-Integrated zone.

3. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Recommend Active Directory delegation
A relying party trust should be created.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

5. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Create a new Password Settings Object (PSO) for the IT users.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Install Hyper-V role and convert physical machines into virtual machines

6. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
Modify the GPO to include folder redirection
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Offline domain join

7. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Ntdsutil
Administrative Role Separation
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Implement a GPO for each domain

8. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Then use on install image file that contains a single install image.
Attach VHD file created by Windows server backup

9. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Software Restriction Polices
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Microsoft System Center Data Protection Manager 2010

10. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then use Windows BitLocker Drive Encryption
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

11. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
WSUS server in the branch office in replica mode.
Attach VHD file created by Windows server backup
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

12. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Upgrading DFS to Windows Server 2008 R2

13. What should be done first to defragment the AD database?
Install the RSAT tool on their workstation to provide for more efficient network management
Use the Local Roles options with dsmgmt.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Run net stop ntds

14. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
The Group Policy Management Console
Disable Site Link Bridging from the IP properties
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

15. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Install and share a printer on a server and then enable printer pooling.
Disable Site Link Bridging from IP Properties
Domain based Distributed File System (DFS) will reduce network traffic
Windows System Resource Manager (WSRM)

16. To enable the AD Recycle Bin
Enable - ADoptionalFeature cmdlet
Changed manually
Deploy a failover cluster that contains one node in each office.
Include a server that runs Microsoft Office SharePoint Server 2010

17. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
dnscmd

18. To create AD Domain Services snapshot
Zone transfer settings
Certificate Templates
Import-Module
Ntdsutil

19. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Configure offline files and enable manual caching
Improve the performance of File Servers
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office

20. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Disable Site Link Bridging from IP Properties
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

21. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Registry on users computer needs to be modified
Active Directory Right Management Services (AD RMS)
Implement Network Access Protection (NAP)
Microsoft Desktop Optimization Pack (MDOP)

22. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Modify the local policy to point to the Internal WSUS server
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Then use Windows Deployment Services (WDS)

23. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Dfsrdiag
Active Directory Domains and Trusts
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Windows System Resource Manager (WSRM)

24. If you need to be able to create shared folders on Server 2008 R2
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
802.1.x NAP
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Ensure your account - or the group is a member of the local Administrators group for that specific server.

25. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Modify zone transfer settings for company.com zone on DCA
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

26. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Configure authorization rules for Web developers on each web server
Implement a GPO for each domain

27. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
Group Policy Preferences
Create an e-mail account in AD DS for your RMS users.
Implement Windows System Resource Manager (WSRM) and configure user policies

28. to make shares at a remote location available to users you should implement this.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Configure offline files and enable manual caching
Windows Server 2003

29. To delegate authority to users to manage only certain areas in Hyper-V use the
Folder redirection. Folder redirection is also useful when using roamin profiles.
Authorization Manager role assignment
Zone transfer settings
From Server1 - run the Create Basic Task Wizard

30. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

31. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
From Server A - run Create Basic Task Wizard
Then use on install image file that contains a single install image.

32. Jack and Jill go up the hill - both with a buck and a quarter
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement Windows BitLocker Drive Encryption (BitLocker)
Jill came down with 2.50.
Include a server that runs Microsoft Office SharePoint Server 2010

33. New password settings object (PSO) created and needs to be applied to user
Incoming external trust
Properties of PSO need modified
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

34. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

35. To identify users who bypass the new corporate security policy -
Implement GPO for all client computers
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Then use Windows Deployment Services (WDS) on DHCP1.
Configure Audit Special Logon and define Special Groups

36. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Add the Windows Server Backup feature and Windows System Image recovery.
Configure caching on the shared folder and configure offline files to use encryption
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Add George to the Domain Admins group.

37. To defragment and AD database...
Passive file screens
AD RMS
net stop ntds
Configure authorization rules for Web developers on each web server

38. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Utilize IFM (Install From Media)
Create an e-mail account in AD DS for your RMS users
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

39. To be able to user an application from one AD FS with authentication server to another...
A relying party trust should be created.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Microsoft System Center Data Protection Manager
Raise the DFL to Windows Server 2008 R2.

40. You need to allow a user to add a single computer to a domain - without any additional rights...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Prestage the computer account in AD
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

41. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Create a standard secondary of domain and create standard secondary of other domain.
Attach VHD file created by Windows server backup
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

42. To be able to manage all the corporate servers from a workstation - you must install the
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Install and share a printer on a server and then enable printer pooling.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

43. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Microsoft Desktop Optimization Pack (MDOP) to your company

44. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Refresh the zone on DNS2
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Active Directory Users and Computers utility
Group Policy Preferences

45. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Folder redirection. Folder redirection is also useful when using roamin profiles.
Increase the tombstone lifetime for the forest.
Offline domain join

46. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Deploy a failover cluster that contains one node in each office.
Authorization Manager role assignment

47. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Install and share a printer on a server and then enable printer pooling.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

48. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Recommend GPT and basic disks
Site
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

49. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

50. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
NOT be able to store that data on an iSCSI SAN
Add the new UPN Suffix to the forest