Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Windows BitLocker Drive Encryption (Bit Locker)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Configure separate application pools for each application

2. What GPO setting should be configured to prevent all users from running an application?
IIS Chared Configuration
Software Restriction Polices
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

3. What shold be done to configure AD RMS so users can protect their data?
Group Policy Preferences
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Create an e-mail account in AD DS for your RMS users

4. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Enable Windows Remote Management (WinRM) on the servers.
Passive file screens
Ldp
Raise the DFL to Windows Server 2008 R2.

5. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Recommend Active Directory delegation
Microsoft System Center Data Protection Manager 2010
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Import-Module

6. To allow a user to administer Active Directory
Get-ADUser cmdlet
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Add the user to the Domain Admins global group

7. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Get-ADUser cmdlet
Network Load Balancing (NLB)
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

8. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Configure block inheritance on the IT OU
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Create and deploy a logon script that runs Auditpol.
Windows XP Mode

9. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
PowerShell 2.0
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

10. Tool to change Directory Services Restore Mode password on Domain Controller...
Execute the Set-ADServiceAccount cmdlet
Storage manager for SANs
ntdsutil
Autonomous mode...This allows the local administrator to approve their own updates.

11. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Add the new UPN suffix to the forest.
Create an Active Directory-Integrated zone.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Modify zone transfer settings for company.com zone on DCA

12. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

13. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

14. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Utilize IFM (Install From Media)
Create a Network Load Balancing cluster.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Assign the application to computers in the PC OU

15. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
NOT be able to store that data on an iSCSI SAN
Windows BitLocker Drive Encryption (Bit Locker)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Zone transfer settings

16. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
A Distributed File System (DFS) namespace
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Domain based Distributed File System (DFS) namespace and DFS Replication.

17. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Incoming external trust
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Test-AppLockerPolicy

18. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Repadmin
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

19. The strongest form of NAP is
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Passive file screens
Implement Windows System Resource Manager (WSRM)
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

20. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Configure the zone as an Activde Directory-Integrated zone.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Administrative Role Separation

21. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Run net stop ntds
Ntfrsutil
Disable Site Link Bridging from the IP properties

22. To configure Administrator Role Separation for an RODC
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
fsconfig on FSSrv2

23. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Then use Windows Deployment Services (WDS)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure the zone as an Activde Directory-Integrated zone.

24. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

25. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Enable Credential Roaming
PowerShell 2.0
Role Separation
MEDV to deploy virtual desktops

26. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Use a GPO to configure device installation restrictions
Use Netsh tool from administrator's computer.
Windows BitLocker Drive Encryption (Bit Locker)

27. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Enable Windows Remote Management (WinRM) on the servers.

28. You need to ensure that the guest account on all servers is disabled to
Event Viewer
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Deploy the Root CA certificate to the external computers.
The Group Policy Management Console

29. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Create a new Password Settings Object (PSO) for the IT users.
Create a MEDV workspace
Windows BitLocker Drive Encryption (Bit Locker)
Windows XP Mode

30. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Add the Windows Server Backup feature and Windows System Image recovery.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Service user account for AD LDS

31. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Active Directory snapshots and Tombstone reanimation
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Active Directory Domains and Trusts
Domain based DFS namespace and configure a DFS replication group

32. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Add the Windows Server Backup feature and Windows System Image recovery.
Configure authorization rules for Web developers on each web server

33. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Win2000
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Network Load Balancing (NLB)
Administrators is the minimum group membership required to complete this procedure.

34. If subnets are connected by CISCO router that is RFC-1542 compliant
Service user account for AD LDS
IIS Manager user account
Use CISCO IP Helper command to configure.
Execute the Set-ADServiceAccount cmdlet

35. Need to ensure users receive updated template within five days...
Add George to the Domain Admins group.
Registry on users computer needs to be modified
The Group Policy Management console
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

36. If you need to encrypt all data on all disks
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Then use Windows BitLocker Drive Encryption
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

37. You have few Server 2003 servers that have Terminal services installed. You also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meeet the following: restricts accsss to specific Remote Desktop
Upgrading DFS to Windows Server 2008 R2
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Test-AppLockerPolicy
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

38. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

39. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Install From Media IFM
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

40. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Active Directory Domains and Trusts
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
FILES option within Ntdsutil

41. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Deploy a failover cluster that contains one node in each office.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add the user to the Domain Admins global group

42. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Autonomous mode...This allows the local administrator to approve their own updates.
CAPublishGP group should have the Manage CA permission.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

43. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Data Recovery Agent
Create and deploy a logon script that runs Auditpol.
Microsoft Desktop Optimization Pack (MDOP) to your company
Win2000

44. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Folder redirection. Folder redirection is also useful when using roamin profiles.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

45. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

46. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Implement a GPO for each domain
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Implement GPO for all client computers
Configure offline files and enable manual caching

47. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Group Policy Preferences
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Storage manager for SANs

48. To backup GPO's in domain and minimize bakcup...
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Restore-ADObject cmdlet
The Group Policy Management Console

49. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Use the Local Roles options with dsmgmt.
Add George to the Domain Admins group.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Add the user to the Domain Admins global group

50. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Import-Module
Domain based Distributed File System (DFS) will reduce network traffic
Configure Audit Special Logon and define Special Groups
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.