Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Run adprep /forestprep and adprep /domainprep
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

2. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

3. Tools to view contents of an OU in an AD snapshot...
Configure offline files and enable manual caching
FFL Windows Server 2008 R2
dsa.msc - dsamain.exe - ntdsutil.exe
Create ADMX and ADML files. Configure the GPO and link it to the domain.

4. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Printer driver isolation
Install the RSAT tool on their workstation to provide for more efficient network management
IIS Manager user account
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

5. Capture all replication errors from all your DCs to a central location...
Active Directory Users and Computers
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Configure event log subscriptions

6. To be able to manage all the corporate servers from a workstation - you must install the
Deploy it by using Group Policy Software Installation method
Authorization Manager
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

7. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Your machine and remote desktops
Create a MEDV workspace
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
The Group Policy Management Console

8. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Implement a Remote Desktop Connection Broker (RD Connection Broker)

9. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

10. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Import-Module
Recommend GPT and basic disks
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

11. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Modify the local policy to point to the Internal WSUS server
Microsoft System Center Data Protection Manager 2010
Recommend Active Directory delegation
Basic Authentication and SSL

12. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement one LUN for the quorum and another LUN for the data
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

13. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Include a server that runs Microsoft Office SharePoint Server 2010
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

14. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create an e-mail account in AD DS for your RMS users.
Create a Network Load Balancing cluster.
Use the Local Roles options with dsmgmt.
Ntdsutil

15. to protect file servers and hard disks that may be at risk of being accessed or stolen
Implement Windows BitLocker Drive Encryption (BitLocker)
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Properties of PSO need modified
Configure separate application pools for each application

16. To make deploying the custom Word dictionary easy
Dynamically expanding VHD's
Use local roles options within "dsmgmt"
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Recommend Group Policy preferences

17. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a GPO for the Sales OU
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement GPO for all client computers

18. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
fsconfig on FSSrv2
Use Netsh tool from administrator's computer.
Dsmgmt
Certificate Templates

19. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Create a standard secondary of domain and create standard secondary of other domain.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy Microsoft System Center Operations Manager (SCOM)
Implement folder redirection by using GPO. Then backup the folder redirection target.

20. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then use on install image file that contains a single install image.
Windows System Resource Manager (WSRM)

22. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Incoming external trust
Recommend Active Directory delegation
DFL needs to be Windows Server 2008

23. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
The Group Policy Management console
Use local roles options within "dsmgmt"
Win2000
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

24. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Configure RODC for Administrator Role Separation
Microsoft Desktop Optimization Pack (MDOP)
Use CISCO IP Helper command to configure.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

25. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement Windows BitLocker Drive Encryption (BitLocker)
Execute the Set-ADServiceAccount cmdlet

26. Can be used to install the Windows RE on existing servers
WDS
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

27. 4 steps to perform authoritative restore of a deleted OU...
Microsoft Application Virtualization (AppV)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
From Server A - run Create Basic Task Wizard
Purchase one additional Enterprise License

28. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Jill came down with 2.50.
Prestage the computer account in AD
Restore-ADObject cmdlet
Enable Credential Roaming

29. To modify several user accounts to a new UPN suffix
Active Directory Users and Computers utility
802.1.x NAP
Deploy the Root CA certificate to the external computers.
Deploy a failover cluster that uses Node and File Share Disk Majority

30. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
802.1.x NAP
Dsmgmt
Include a server that runs Microsoft Office SharePoint Server 2010
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

31. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Active Directory snapshots and Tombstone reanimation
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Create a MEDV workspace

32. If you need to minimize the bandwidth for installation
Utilize IFM (Install From Media)
Microsoft Application Virtualization (AppV)
WSUS server in the branch office in replica mode.
Microsoft System Center Data Protection Manager

33. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Ntdsutil
Get-ADUser cmdlet
Autonomous mode...This allows the local administrator to approve their own updates.
Folder redirection. Folder redirection is also useful when using roamin profiles.

34. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Deploy a failover cluster that contains one node in each office.
Ntdsutil
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Configure authorization rules for Web developers on each web server

35. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

36. Server1 collects all events that occur on your domain controllers. Using the minimal effort - from Event Viewer - what should be done to ensure you are notified when a specific event has occurred on any of your domain controllers?
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
From Server1 - run the Create Basic Task Wizard
Domain based Distributed File System (DFS) will reduce network traffic
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

37. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
DSMOD - ADUC
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy a failover cluster that uses Node and File Share Disk Majority

38. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
DSMOD - ADUC
Autonomous mode...This allows the local administrator to approve their own updates.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Backup operator's domain local group

39. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Deploy a GPO for the Sales OU
dnscmd tool
Active Directory Domains and Trusts
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

40. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
ntdsutil
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
fsconfig on FSSrv2

41. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
ntdsutil
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure separate application pools for each application
Disable Site Link Bridging from the IP properties

42. A specific application requires registry modifications to be in place before installing; you should use
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Group Policy Preferences
Create an Active Directory-Integrated zone.
Windows Deployment Services (WDS)

43. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Improve the performance of File Servers
Recommend Active Directory delegation
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create a Central Store

44. Ensure password length for a group set to 12 characters long while others keep password policy
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Create an Active Directory-Integrated zone.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Install From Media IFM

45. You need to allow a user to add a single computer to a domain - without any additional rights...
WDS
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Prestage the computer account in AD
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

46. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Set-ADServiceAccount cmdlet
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Incoming external trust

47. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Winrm quickconfig
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Autonomous mode...This allows the local administrator to approve their own updates.
CAPublishGP group should have the Manage CA permission.

48. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Then use Windows Deployment Services (WDS) on DHCP1.
Configure authorization rules for Web developers on each web server
Certificate Templates

49. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Dynamically expanding VHD's

50. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Microsoft Application Virtualization (AppV)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Create a new Password Settings Object (PSO) for the IT users.
Install and share a printer on a server and then enable printer pooling.