Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. DFL is...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Multipath I/O feature
Add the new UPN Suffix to the forest
Win2000 Native

2. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Domain based Distributed File System (DFS) namespace and DFS Replication.
Domain based DFS namespace and configure a DFS replication group

3. When service account passwords need to be changed for SQL they should be...
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Changed manually
Windows BitLocker Drive Encryption (Bit Locker)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

4. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
Software Restriction Polices
Modify zone transfer settings for company.com zone on DCA
Dfsrdiag
Windows System Resource Manager (WSRM)

5. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Create a Central Store
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Then use Windows Deployment Services (WDS)
Active Directory Right Management Services (AD RMS)

6. To recover objects deleted from Active Directory you should recommend
Create a standard secondary of domain and create standard secondary of other domain.
Attach VHD file created by Windows server backup
Active Directory snapshots and Tombstone reanimation
Create a MEDV workspace

7. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Administrative Role Separation
Windows XP Mode
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

8. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Back up to an external USB drive by using Windows Server Backup
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Active Directory Right Management Services (AD RMS)
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

9. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Storage manager for SANs
Configure block inheritance on the IT OU
Offline domain join
Execute the Set-ADServiceAccount cmdlet

10. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Execute the Set-ADServiceAccount cmdlet
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then use Windows BitLocker Drive Encryption
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

11. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Administrative Role Separation
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Deploy a GPO for the Sales OU

12. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
A Distributed File System (DFS) namespace

13. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
NOT be able to store that data on an iSCSI SAN
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

14. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Recommend GPT and basic disks
Microsoft System Center Data Protection Manager 2010
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

15. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Authorization Manager
Windows Server 2003
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
FFL Windows Server 2008 R2

16. In order to manage websites without having to logon you can use
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
PowerShell 2.0
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
A Distributed File System (DFS) namespace

17. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

18. The strongest form of NAP is
Implement the Windows Search Service.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Windows BitLocker Drive Encryption (Bit Locker)

19. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Active Directory Right Management Services (AD RMS)
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Prestage the computer account in AD
A Distributed File System (DFS) namespace

20. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
dsa.msc - dsamain.exe - ntdsutil.exe
Implement Distributed File System Replication (DFSR) on both servers
Implement folder redirection by using GPO. Then backup the folder redirection target.
Domain based Distributed File System (DFS) will reduce network traffic

21. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Disable Site Link Bridging from the IP properties

22. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Share and Storage Management
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
AD RMS
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

23. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WDS
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Dsmgmt
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

24. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Microsoft Desktop Optimization Pack (MDOP) to your company
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement Windows BitLocker Drive Encryption (BitLocker)

25. If you need to allow an external partner's computer to access internal network resources by using SSTP
Configure Firewall Group Policies and link them at the Domain level
Implement GPO for all client computers
WDS
Deploy the Root CA certificate to the external computers.

26. Ensure password length for a group set to 12 characters long while others keep password policy
Recommend Group Policy preferences
dnscmd
Add-ADFineGrainedPasswordPolicySubject cmdlet
Configure separate application pools for each application

27. If you need to encrypt all data on all disks
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Then use Windows BitLocker Drive Encryption
Configure offline files and enable manual caching
Configure caching on the shared folder and configure offline files to use encryption

28. If subnets are connected by CISCO router that is RFC-1542 compliant
Ldp
Assign the application to all client computers by using a GPO.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Use CISCO IP Helper command to configure.

29. To ensure that recovery is possible if a file on a file server is deleted accidentally
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Implement Shadow Copies
DSMOD - ADUC
Configure caching on the shared folder (offline files)

30. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
PDC emulator with w32tm.exe
Dsmgmt
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

31. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Then use on install image file that contains a single install image.
Implement Windows System Resource Manager (WSRM)
PowerShell 2.0

32. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Ldp
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

33. To create and additional AD LDS applicaiton directory partition in existing instance...
Use Netsh tool from administrator's computer.
Implement the Windows Search Service.
Ldp
dsa.msc - dsamain.exe - ntdsutil.exe

34. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Raise the DFL to Windows Server 2008 R2.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Passive file screens
Dynamically expanding VHD's

35. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

36. FFL is...
Share and Storage Management
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Win2000
Windows BitLocker Drive Encryption (Bit Locker)

37. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
AD Rights Management Services
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Network Load Balancing (NLB) cluster
Winrm quickconfig

38. If a file server reaches 15% free disk space - you could free up some disk space by
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
DSMOD
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Creating a data collector set that kick off a scritp that either move or delete files.

39. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

40. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Role Separation
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Modify zone transfer settings for company.com zone on DCA
Implement Distributed File System Replication (DFSR) on both servers

41. When one needs to audit files - folders - printers and the registry enable
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Recommend Active Directory delegation
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Jill came down with 2.50.

42. To restore previous version of script without taking up too much of time...
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
IIS Chared Configuration
Attach VHD file created by Windows server backup
Basic Authentication and SSL

43. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy a GPO for the Sales OU
Event Subscriptions
net stop ntds

44. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Add the Windows Server Backup feature and Windows System Image recovery.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Set-ADServiceAccount cmdlet

45. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Authorization Manager
Configure RODC for Administrator Role Separation
Configure block inheritance on the IT OU
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

46. If you need to delegate control of server to remote admins group
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Microsoft Desktop Optimization Pack (MDOP)
Configure RODC for Administrator Role Separation

47. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
From Server1 - run the Create Basic Task Wizard

48. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Include a server that runs Microsoft Office SharePoint Server 2010
Add George to the Domain Admins group.

49. If you want to allow single-label name resolution
net stop ntds
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Then configure GlobalNames zones on each domain controller.

50. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Utilize IFM (Install From Media)
Deploy a failover cluster that uses Node and File Share Disk Majority
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement Network Access Protection (NAP) that uses 802.1x enforcement