Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Windows Deployment Services (WDS)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Increase the tombstone lifetime for the forest.
Enable Windows Remote Management (WinRM) on the servers.

2. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
From Server1 - run the Create Basic Task Wizard
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create an e-mail account in AD DS for your RMS users.

3. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Recommend Active Directory delegation
PowerShell 2.0

4. UPN Suffix xxxx.com needs to be available for user accounts...
Windows Deployment Services (WDS)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Add the new UPN Suffix to the forest
Microsoft SharePoint Foundation 2010

5. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Backup operator's domain local group
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Configure the zone as an Activde Directory-Integrated zone.

6. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Windows Server 2003
Deploy a failover cluster that contains one node in each office.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Jill came down with 2.50.

7. To build a highly secure server cluster with a reduced attack surface area
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Create a MEDV workspace
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

8. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Group Policy Preferences
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
AD Domains and Trusts

9. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Windows XP Mode
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

10. To create AD Domain Services snapshot
Ntdsutil
Properties of PSO need modified
Implement Network Access Protection (NAP)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

11. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Install the RSAT tool on their workstation to provide for more efficient network management
MEDV to deploy virtual desktops
Repadmin

12. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Implement folder redirection by using GPO. Then backup the folder redirection target.
Upgrading DFS to Windows Server 2008 R2
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Backup operator's domain local group

13. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Disable Site Link Bridging from the IP properties
MEDV to deploy virtual desktops

14. You need to allow a user to add a single computer to a domain - without any additional rights...
Get-ADUser cmdlet
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Prestage the computer account in AD

15. 3 Servers are Network Policy Servers (NPS) that function as RADIUS servers. The network has 20 wireless access points that are configured as RADIUS clients. You need to plan an audit strategy with the following requirements: stores audit data in a ce
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Then use Windows BitLocker Drive Encryption

16. You need to relocate an AD LDS instance from C: Drive to D: Drive
Utilize IFM (Install From Media)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy a failover cluster that uses Node and File Share Disk Majority

17. New Password Policy needs to be created for OU different from domain password policy
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Deploy the Root CA certificate to the external computers.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Create a standard secondary of domain and create standard secondary of other domain.

18. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Then configure auto enrollment of certificates and Credential Roaming.
Jill came down with 2.50.
Winrm quickconfig

19. To backup GPO's in domain and minimize bakcup...
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
A Distributed File System (DFS) namespace
The Group Policy Management Console
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

20. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Event Viewer
Create an Active Directory-Integrated zone.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Recommend GPT and basic disks

21. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

22. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

23. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Domain based Distributed File System (DFS) will reduce network traffic
Set-ADServiceAccount cmdlet
Network Load Balancing (NLB)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

24. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Backup operator's domain local group
Event Subscriptions
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Raise the DFL to Windows Server 2008 R2.

25. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Site
Implement Network Access Protection (NAP)
Modify the local policy to point to the Internal WSUS server
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

26. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Deploy the Root CA certificate to the external computers.
Software Restriction Polices
Upgrading DFS to Windows Server 2008 R2
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

27. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Add the Windows Server Backup feature and Windows System Image recovery.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Site

28. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Configure block inheritance on the IT OU
Upgrading DFS to Windows Server 2008 R2
Raise the DFL to Windows Server 2008 R2.

29. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Microsoft System Center Data Protection Manager
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement the Windows Search Service.

30. To back up your Hyper-VMs and the Hyper-V host; for each VM -
A Distributed File System (DFS) namespace
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Role Separation
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

31. To allow connection to a 256 Kbps ISDN...
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
DISABLE slow link detection in the GPO
Authorization Manager role assignment
fsconfig on FSSrv2

32. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Install Windows Server Backup and modify the Windows firewall settings
Assign the application to computers in the PC OU
Backup operator's domain local group

33. If you need to delegate control of server to remote admins group
Add George to the Domain Admins group.
Configure RODC for Administrator Role Separation
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Discover the run Microsoft Baseline Security Analyzer (MBSA)

34. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Configure RODC for Administrator Role Separation
Use the Local Roles options with dsmgmt.
Your machine and remote desktops

35. To add a new UPN for all user accounts...
Deploy Microsoft System Center Operations Manager (SCOM)
Assign the application to computers in the PC OU
AD Domains and Trusts
IIS Chared Configuration

36. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Domain based Distributed File System (DFS) namespace and DFS Replication.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition

37. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Microsoft Application Virtualization (AppV)
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Backup operator's domain local group
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

38. What should be done first to defragment the AD database?
Run net stop ntds
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Microsoft System Center Data Protection Manager
802.1.x NAP

39. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Execute the Set-ADServiceAccount cmdlet
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Group Policy Preferences
Raise the DFL to Windows Server 2008 R2.

40. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Microsoft Desktop Optimization Pack (MDOP)
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Configure authorization rules for Web developers on each web server
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

41. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Windows Server 2003
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Active Directory snapshots and Tombstone reanimation
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

42. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Share and Storage Management
Use the Local Roles options with dsmgmt.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

43. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Configure separate application pools for each application
Configure folder redirection
Folder redirection. Folder redirection is also useful when using roamin profiles.

44. You need to ensure that the guest account on all servers is disabled to
Attach VHD file created by Windows server backup
Discover the run Microsoft Baseline Security Analyzer (MBSA)
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

45. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
Install the RSAT tool on their workstation to provide for more efficient network management
Administrators is the minimum group membership required to complete this procedure.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

46. Tool to change Directory Services Restore Mode password on Domain Controller...
ntdsutil
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
AD Domains and Trusts
Then configure GlobalNames zones on each domain controller.

47. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Then configure GlobalNames zones on each domain controller.
Configure authorization rules for Web developers on each web server

48. To be able to manage all the corporate servers from a workstation - you must install the
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Implement Windows System Resource Manager (WSRM)

49. You need a solution that meets policy while minimizing hardware and software costs
Create a new Password Settings Object (PSO) for the IT users.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Modify the GPO to include folder redirection
Create an e-mail account in AD DS for your RMS users.

50. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Test-AppLockerPolicy
Implement Network Access Protection (NAP)
Windows Deployment Services (WDS)
From Server1 - run the Create Basic Task Wizard