Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Create an Active Directory-Integrated zone.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Import-Module
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

2. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
File Server Resource Manager (FSRM) quotas and file screens
Ldp
Configure offline files and enable manual caching
Domain based Distributed File System (DFS) will reduce network traffic

3. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Deploy it by using Group Policy Software Installation method
Modify the local policy to point to the Internal WSUS server
Restore-ADObject cmdlet

4. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Windows BitLocker Drive Encryption (Bit Locker)
Then use Windows Deployment Services (WDS) on DHCP1.
Recommend Offline Files
Improve the performance of File Servers

5. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install From Media IFM
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

6. to make shares at a remote location available to users you should implement this.
ntdsutil
Perform an authoritative restore
Domain based Distributed File System (DFS) namespace and DFS Replication.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

7. To backup Virtual Machines
Event Log Subscriptions
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Share and Storage Management
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

8. New password settings object (PSO) created and needs to be applied to user
Recommend Offline Files
NOT be able to store that data on an iSCSI SAN
Incoming external trust
Properties of PSO need modified

9. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Offline domain join
Active Directory snapshots and Tombstone reanimation
Implement a domain-based DFS namespace that uses replication
View properties of %systemroot%ntdsntds.dit

10. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

11. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
NOT be able to store that data on an iSCSI SAN
Deploy Microsoft System Center Operations Manager (SCOM)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Perform an authoritative restore

12. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Then use Windows Deployment Services (WDS) on DHCP1.
Service user account for AD LDS
Network Load Balancing (NLB) cluster
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

13. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Administrative Role Separation
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Then configure auto enrollment of certificates and Credential Roaming.
djoin /requesteodj from internal server - djoin /provision from outside server/PC

14. To defragment and AD database...
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
net stop ntds
802.1.x NAP

15. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Install From Media IFM
Implement Windows System Resource Manager (WSRM)
Implement Network Access Protection (NAP)
Microsoft Desktop Optimization Pack (MDOP) to your company

16. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
DFL needs to be Windows Server 2008
Then configure GlobalNames zones on each domain controller.

17. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Enable - ADoptionalFeature cmdlet
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

18. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Implement one LUN for the quorum and another LUN for the data
Folder redirection. Folder redirection is also useful when using roamin profiles.
Recommend GPT and basic disks
Configure caching on the shared folder (offline files)

19. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Group Policy Preferences
Create and deploy a logon script that runs Auditpol.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

20. Ensure password length for a group set to 12 characters long while others keep password policy
Then configure auto enrollment of certificates and Credential Roaming.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Dynamically expanding VHD's

21. To create AD Domain Services snapshot
Microsoft Desktop Optimization Pack (MDOP) to your company
Ntdsutil
Dsmgmt
Set-ADServiceAccount cmdlet

22. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Install the RSAT tool on their workstation to provide for more efficient network management
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure caching on the shared folder and configure offline files to use encryption
Autonomous mode...This allows the local administrator to approve their own updates.

23. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
The Group Policy Management console
Offline domain join

24. FFL is...
Win2000
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Windows XP Mode
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

25. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Service user account for AD LDS
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Encrypting File System (EFS). This can be enabled locally or through a GPO.

26. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Incoming external trust
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Then use Windows Deployment Services (WDS)
Microsoft System Center Data Protection Manager 2010

27. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Then configure auto enrollment of certificates and Credential Roaming.
Upgrading DFS to Windows Server 2008 R2
Perform an authoritative restore
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

28. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

29. In order to ensure highly available Windows Update servers you should create this.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement Distributed File System Replication (DFSR) on both servers
CAPublishGP group should have the Manage CA permission.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

30. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
PowerShell 2.0
Disable Site Link Bridging from IP Properties
Dsmgmt
Modify the GPO to include folder redirection

31. You need to manage GPO to meet the following: allow administrators to view and edit the GPO in their own language; minimize number of GPOs deployed
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Storage manager for SANs
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

32. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
AD RMS
Test-AppLockerPolicy
Refresh the zone on DNS2
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

33. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Recommend Offline Files
Autonomous mode...This allows the local administrator to approve their own updates.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

34. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Then use on install image file that contains a single install image.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).

35. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Zone transfer settings
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Assign the application to computers in the PC OU

36. To restore deleted user account from AD Recycle Bin...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Microsoft Desktop Optimization Pack (MDOP) to your company
PDC emulator with w32tm.exe
Restore-ADObject cmdlet

37. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Import-Module
Zone transfer settings
Dsmgmt

38. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Enable Credential Roaming
Configure RODC for Administrator Role Separation
Create a standard secondary of domain and create standard secondary of other domain.
From Server A - run Create Basic Task Wizard

39. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
File Server Resource Manager (FSRM) quotas and file screens
Enable Windows Remote Management (WinRM) on the servers.

40. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Microsoft Desktop Optimization Pack (MDOP) to your company
Assign the application to all client computers by using a GPO.
Dsmgmt

41. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Active Directory snapshots and Tombstone reanimation
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Configure authorization rules for Web developers on each web server

42. To compact AD database...
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
FILES option within Ntdsutil
Changed manually
Import-Module

43. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Import-Module
Install Windows Server Backup and modify the Windows firewall settings
Service user account for AD LDS

45. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Then use Windows BitLocker Drive Encryption

46. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify properties of RODC server computer account.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Dfsrdiag

47. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
802.1.x NAP
Active Directory Users and Computers
Microsoft Desktop Optimization Pack (MDOP)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

48. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
Creating a data collector set that kick off a scritp that either move or delete files.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Share and Storage Management

49. To build a highly secure server cluster with a reduced attack surface area
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
File Server Resource Manager (FSRM) quotas and file screens
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

50. To enable the AD Recycle Bin
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Windows System Resource Manager (WSRM) and configure user policies
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Enable - ADoptionalFeature cmdlet