Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. All 2008 R2 servers and Windows 7 clients are connected to managed switches. The following are requirements for network access: only client computers that have up-to-date service packs installed can access the network; have up-to-date anti-malware so
Active Directory snapshots and Tombstone reanimation
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Active Directory Domains and Trusts
Administrators is the minimum group membership required to complete this procedure.

2. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
Raise the DFL to Windows Server 2008 R2.
Configure folder redirection
Microsoft Application Virtualization (AppV)

3. If the branch office has its own high speed WAN link and you need to minimize traffice between the corporate office and the Branch office - configure this.
Win2000 Native
Run adprep /forestprep and adprep /domainprep
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

4. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Implement Shadow Copies
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Microsoft System Center Data Protection Manager 2010
Then use Windows Deployment Services (WDS) on DHCP1.

5. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Deploy a failover cluster that uses Node and File Share Disk Majority
Configure caching on the shared folder and configure offline files to use encryption
Refresh the zone on DNS2
Win2000

6. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Use local roles options within "dsmgmt"
Winrm quickconfig
Implement a domain-based DFS namespace that uses replication
Test-AppLockerPolicy

7. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Create a standard secondary of domain and create standard secondary of other domain.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Deploy a failover cluster that uses Node and File Share Disk Majority
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

8. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
A Distributed File System (DFS) namespace
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

9. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
From Server A - run Create Basic Task Wizard
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

10. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Enable Credential Roaming

11. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
PDC emulator with w32tm.exe
View properties of %systemroot%ntdsntds.dit
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Configure separate application pools for each application

12. To backup GPO's in domain and minimize bakcup...
The Group Policy Management Console
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Modify the local policy to point to the Internal WSUS server

13. If users complain that it is hard to find the shared folders on the network implement
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Additional DFS Targets
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

14. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Create an Active Directory-Integrated zone.
Add the Windows Server Backup feature and Windows System Image recovery.
Autonomous mode...This allows the local administrator to approve their own updates.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

15. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
FFL Windows Server 2008 R2

16. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
DSMOD
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

17. To add a new UPN for all user accounts...
Implement Windows BitLocker Drive Encryption (BitLocker)
Encrypting File System (EFS). This can be enabled locally or through a GPO.
CAPublishGP group should have the Manage CA permission.
AD Domains and Trusts

18. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Configure offline files and enable manual caching
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Dfsrdiag

19. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Enable - ADoptionalFeature cmdlet
Run adprep /forestprep and adprep /domainprep
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

20. To join a server/PC outside of the domain to the network...
Implement a Remote Desktop Connection Broker (RD Connection Broker)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Dynamically expanding VHD's
Run the Delegation of Control Wizard on the Staff OU

21. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Install and share a printer on a server and then enable printer pooling.
Implement GPO for all client computers
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

22. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
New ACCOUNT STORE should be added and configured
Event Log Subscriptions
Execute the Set-ADServiceAccount cmdlet
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

23. To backup to tape/robotic tape and to backup VMs you must use...
Active Directory Right Management Services (AD RMS)
Microsoft System Center Data Protection Manager 2010
IIS Chared Configuration
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

24. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Then use Windows Deployment Services (WDS)
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
A relying party trust should be created.
Restore-ADObject cmdlet

25. To modify several user accounts to a new UPN suffix
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Create a standard secondary of domain and create standard secondary of other domain.
Active Directory Users and Computers utility
MEDV to deploy virtual desktops

26. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
A relying party trust should be created.
Basic Authentication and SSL
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Group Policy Preferences

27. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
View properties of %systemroot%ntdsntds.dit
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

28. Tools to view contents of an OU in an AD snapshot...
A Distributed File System (DFS) namespace
dsa.msc - dsamain.exe - ntdsutil.exe
Configure Firewall Group Policies and link them at the Domain level
NOT be able to store that data on an iSCSI SAN

29. In order to ensure highly available Windows Update servers you should create this.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Basic Authentication and SSL
Assign the application to computers in the PC OU
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

30. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Winrm quickconfig
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Run adprep /forestprep and adprep /domainprep
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

31. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Implement a domain-based DFS namespace that uses replication
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Encrypting File System (EFS). This can be enabled locally or through a GPO.

32. What should be done to resolve names by using GlobalNames zone?
Microsoft SharePoint Foundation 2010
Deploy a failover cluster that uses Node and File Share Disk Majority
dnscmd tool
Enable Credential Roaming

33. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Distributed File System (DFS) Replication
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

34. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

35. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

36. If you need to delegate control of server to remote admins group
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Configure RODC for Administrator Role Separation
Create an Active Directory-Integrated zone.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

37. To know if a new applicaiton is going to run on your network computers via AppLocker in GPO
Configure the zone as an Activde Directory-Integrated zone.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Test-AppLockerPolicy

38. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Implement one LUN for the quorum and another LUN for the data
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Disable Site Link Bridging from the IP properties
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

39. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Then configure GlobalNames zones on each domain controller.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Import-Module

40. New Password Policy needs to be created for OU different from domain password policy
Get-ADUser cmdlet
Include a server that runs Microsoft Office SharePoint Server 2010
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Event Subscriptions

41. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Configure the zone as an Activde Directory-Integrated zone.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Windows BitLocker Drive Encryption (Bit Locker)
Add the new UPN suffix to the forest.

42. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Execute the Set-ADServiceAccount cmdlet
Utilize IFM (Install From Media)
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

43. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Distributed File System (DFS) Replication
Test-AppLockerPolicy

44. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Active Directory Users and Computers
Passive file screens
dnscmd
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

45. What utility is used to see what accounts cached on RODC?
Active Directory Users and Computers
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Configure folder redirection
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

46. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
WDS
Implement a GPO for each domain
Upgrading DFS to Windows Server 2008 R2
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

47. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Domain based Distributed File System (DFS) will reduce network traffic
Test-AppLockerPolicy
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

48. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Configure separate application pools for each application
A Distributed File System (DFS) namespace
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

49. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
An Active Directory subnet object needs to be created.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Folder redirection. Folder redirection is also useful when using roamin profiles.
Modify the local policy to point to the Internal WSUS server

50. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
802.1.x NAP
Microsoft Desktop Optimization Pack (MDOP)
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Then use Windows Deployment Services (WDS)