Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Disable Site Link Bridging from IP Properties
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

2. New Password Policy needs to be created for OU different from domain password policy
Back up to an external USB drive by using Windows Server Backup
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Create a Central Store
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

3. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Test-AppLockerPolicy
Install and share a printer on a server and then enable printer pooling.
Implement one LUN for the quorum and another LUN for the data

5. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Increase the tombstone lifetime for the forest.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Create an e-mail account in AD DS for your RMS users.

6. If you need to be able to create shared folders on Server 2008 R2
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Create a Network Load Balancing cluster.
Dynamically expanding VHD's

7. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

8. If you need to encrypt all data on all disks
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Changed manually
Then use Windows BitLocker Drive Encryption
Enable Windows Remote Management (WinRM) on the servers.

9. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Create a new Password Settings Object (PSO) for the IT users.
Group Policy Preferences
Authorization Manager
Administrators is the minimum group membership required to complete this procedure.

10. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Active Directory Users and Computers
Deploy a failover cluster that contains one node in each office.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Create a standard secondary of domain and create standard secondary of other domain.

11. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Create and deploy a logon script that runs Auditpol.
Create a standard secondary of domain and create standard secondary of other domain.
Microsoft System Center Data Protection Manager 2010
An Active Directory subnet object needs to be created.

12. To determine size of AD database file...
Implement GPO for all client computers
Modify the local policy to point to the Internal WSUS server
View properties of %systemroot%ntdsntds.dit
802.1.x NAP

13. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Group Policy Preferences
Modify the schema of LDSInst1
Add the Windows Server Backup feature and Windows System Image recovery.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

14. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Implement Shadow Copies
File Server Resource Manager (FSRM) quotas and file screens
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

15. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Domain based DFS namespace and configure a DFS replication group
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Recommend GPT and basic disks

16. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Active Directory Users and Computers
Include a server that runs Microsoft Office SharePoint Server 2010
Ntdsutil

17. What should be done so application does not fail after 30 days while still keeping password policy in mind?
Domain based Distributed File System (DFS) namespace and DFS Replication.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Set-ADServiceAccount cmdlet
The Group Policy Management console

18. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

19. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Microsoft Application Virtualization (AppV)
Implement a domain-based DFS namespace that uses replication
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Configure RODC for Administrator Role Separation

20. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Then use Windows BitLocker Drive Encryption
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Install the RSAT tool on their workstation to provide for more efficient network management
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

21. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Site
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Deploy a GPO for the Sales OU
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

22. You need to design your WSUS infrastructure so that updates are highly available. To do so
Purchase one additional Enterprise License
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

23. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Enable Windows Remote Management (WinRM) on the servers.
Test-AppLockerPolicy
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Assign the application to computers in the PC OU

24. What role to keep same time as an external server?
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
PDC emulator with w32tm.exe
Windows Deployment Services (WDS)

25. When deploying an application using the Group Policy distribution method assign the...
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

26. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Create a MEDV workspace
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Dfsrdiag

27. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Implement one LUN for the quorum and another LUN for the data
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

28. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Create a standard secondary of domain and create standard secondary of other domain.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Active Directory Domains and Trusts

29. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
AD Rights Management Services

30. To ensure that a file on a file server do not leave the organization you must implement this.
Purchase one additional Enterprise License
Configure caching on the shared folder and configure offline files to use encryption
Folder redirection. Folder redirection is also useful when using roamin profiles.
AD RMS

31. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Implement Windows System Resource Manager (WSRM)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
IIS Manager user account

32. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Modify the schema of LDSInst1
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Dfsrdiag
Administrators is the minimum group membership required to complete this procedure.

33. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
IIS Chared Configuration
Deploy it by using Group Policy Software Installation method

34. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure caching on the shared folder and configure offline files to use encryption
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Microsoft Desktop Optimization Pack (MDOP)

35. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Domain based DFS namespace and configure a DFS replication group
Site
Dynamically expanding VHD's
Refresh the zone on DNS2

36. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Create a Network Load Balancing cluster.
Run the Delegation of Control Wizard on the Staff OU
dnscmd
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

37. To compact AD database...
Configure Firewall Group Policies and link them at the Domain level
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Then use on install image file that contains a single install image.
FILES option within Ntdsutil

38. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
Disable Site Link Bridging from the IP properties
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
DFL needs to be Windows Server 2008

39. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Create an Active Directory-Integrated zone.
Then install new Server 2008 R2 Enterprise subordinate CA.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Network Load Balancing (NLB) cluster

40. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Use Netsh tool from administrator's computer.
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

41. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Deploy a GPO to the WebSrvOU
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

42. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Deploy a failover cluster that uses Node and File Share Disk Majority
Administrative Role Separation
Attach VHD file created by Windows server backup
Run net stop ntds

43. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Jill came down with 2.50.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Improve the performance of File Servers

44. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Execute the Set-ADServiceAccount cmdlet
Implement Network Access Protection (NAP)
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Repadmin

45. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
An Active Directory subnet object needs to be created.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Dsmgmt
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

46. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
dsa.msc - dsamain.exe - ntdsutil.exe
Raise the DFL to Windows Server 2008 R2.
Assign the application to computers in the PC OU

47. To replicate SYSVOL using Distributed File System Replication (DFSR)...
FILES option within Ntdsutil
DFL needs to be Windows Server 2008
Create an Active Directory-Integrated zone.
Implement Network Access Protection (NAP)

48. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Dsmgmt
Use Netsh tool from administrator's computer.
FILES option within Ntdsutil

49. When service account passwords need to be changed for SQL they should be...
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Changed manually
Authorization Manager
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

50. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
802.1.x NAP