Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Tool to change Directory Services Restore Mode password on Domain Controller...
Basic Authentication and SSL
Microsoft System Center Data Protection Manager
ntdsutil
Network Load Balancing (NLB) cluster

2. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Folder redirection. Folder redirection is also useful when using roamin profiles.
Microsoft Desktop Optimization Pack (MDOP)
Add the new UPN Suffix to the forest

3. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
FILES option within Ntdsutil
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Create an Active Directory-Integrated zone.

4. You need to design your WSUS infrastructure so that updates are highly available. To do so
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

5. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Dfsrdiag
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

6. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Test-AppLockerPolicy
Recommend GPT and basic disks
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Dsmgmt

7. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Use the Local Roles options with dsmgmt.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Assign the application to all client computers by using a GPO.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

8. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
Distributed File System (DFS) Replication
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

9. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Subnet object needs to be created
From Server A - run Create Basic Task Wizard

10. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Microsoft Desktop Optimization Pack (MDOP) to your company
Add George to the Domain Admins group.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

11. In order to manage websites without having to logon you can use
Deploy a GPO to the WebSrvOU
Configure Audit Special Logon and define Special Groups
Configure block inheritance on the IT OU
PowerShell 2.0

12. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Ntdsutil
Backup operator's domain local group
Win2000

13. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Storage manager for SANs
Then configure auto enrollment of certificates and Credential Roaming.
FFL Windows Server 2008 R2
Ldp

14. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Offline domain join
Administrative Role Separation
Deploy a GPO for the Sales OU
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

15. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Run adprep /forestprep and adprep /domainprep
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Administrative Role Separation
Ntfrsutil

16. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Implement Windows BitLocker Drive Encryption (BitLocker)
Utilize IFM (Install From Media)
Microsoft Desktop Optimization Pack (MDOP) to your company
Deploy the Root CA certificate to the external computers.

17. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

18. To create and additional AD LDS applicaiton directory partition in existing instance...
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Ldp
Event Subscriptions

19. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
NOT be able to store that data on an iSCSI SAN
dnscmd
Authorization Manager

20. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Changed manually
Deploy a failover cluster that uses Node and File Share Disk Majority
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
An Active Directory subnet object needs to be created.

21. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Create a Central Store
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Role Separation

22. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Enable Windows Remote Management (WinRM) on each server.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Create an Active Directory-Integrated zone.

23. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Deploy the Root CA certificate to the external computers.
Ntfrsutil
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

24. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

25. If you need to be able to create shared folders on Server 2008 R2
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Ensure your account - or the group is a member of the local Administrators group for that specific server.

26. If a new application needs to be deployed on the network and it comes as a .msi package and then do this.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy it by using Group Policy Software Installation method
Additional DFS Targets
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

27. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Raise the DFL to Windows Server 2008 R2.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Dsmgmt
Install Hyper-V role and convert physical machines into virtual machines

28. To configure AD FS so tokens contain information from Active Directory domain...
Active Directory Right Management Services (AD RMS)
AD RMS
New ACCOUNT STORE should be added and configured
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

29. To add a server with AD FS 2.0 role to an existing AD FS farm...
Microsoft Desktop Optimization Pack (MDOP)
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
fsconfig on FSSrv2
Purchase one additional Enterprise License

30. What GPO setting should be configured to prevent all users from running an application?
Software Restriction Polices
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Create a Central Store

31. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Ntdsutil
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Software Restriction Polices

32. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Disable Site Link Bridging from the IP properties
Administrators is the minimum group membership required to complete this procedure.
Event Log Subscriptions
Then install new Server 2008 R2 Enterprise subordinate CA.

33. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
Deploy a failover cluster that uses Node and File Share Disk Majority
Active Directory snapshots and Tombstone reanimation
Create a MEDV workspace

34. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Disable Site Link Bridging from the IP properties
Dfsrdiag
Windows Deployment Services (WDS)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

35. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
Active Directory Users and Computers
Offline domain join
ntdsutil

36. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Role Separation
Include a server that runs Microsoft Office SharePoint Server 2010
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

37. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

38. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Perform an authoritative restore
From Server1 - run the Create Basic Task Wizard

39. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Add the new UPN suffix to the forest.
Deploy it by using Group Policy Software Installation method
Increase the tombstone lifetime for the forest.

40. What shold be done to configure AD RMS so users can protect their data?
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Administrators is the minimum group membership required to complete this procedure.
Create an e-mail account in AD DS for your RMS users

41. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Then use on install image file that contains a single install image.
Then configure GlobalNames zones on each domain controller.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

42. You have 159 server 2008 R2 servers that must meet the following: notification by e-mail to the administrator if error occurs on any server with minimum effort...
Configure Firewall Group Policies and link them at the Domain level
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
The Group Policy Management console
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

43. To minimize the amount of storage required you should recommend
Administrative Role Separation
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Implement the Windows Search Service.
Share and Storage Management

44. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Get-ADUser cmdlet
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Increase the tombstone lifetime for the forest.

45. You need to relocate an AD LDS instance from C: Drive to D: Drive
AD Rights Management Services
Recommend Group Policy preferences
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

46. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

47. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

48. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Registry on users computer needs to be modified
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Add George to the Domain Admins group.

49. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
View properties of %systemroot%ntdsntds.dit
IIS Manager user account
Site
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

50. To add a new UPN for all user accounts...
Modify the local policy to point to the Internal WSUS server
Recommend Group Policy preferences
AD Domains and Trusts
Test-AppLockerPolicy