Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To configure AD FS so tokens contain information from Active Directory domain...
Run net stop ntds
New ACCOUNT STORE should be added and configured
Install From Media IFM
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

2. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Incoming external trust
Install the RSAT tool on their workstation to provide for more efficient network management
Implement Shadow Copies
Active Directory snapshots and Tombstone reanimation

3. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Network Access Protection (NAP)
Recommend Group Policy preferences
New ACCOUNT STORE should be added and configured

4. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Add George to the Domain Admins group.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

5. What role to keep same time as an external server?
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
PDC emulator with w32tm.exe
Configure authorization rules for Web developers on each web server
Domain based Distributed File System (DFS) namespace and DFS Replication.

6. To be able to user an application from one AD FS with authentication server to another...
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
A relying party trust should be created.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

7. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Raise the DFL to Windows Server 2008 R2.

8. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
FFL Windows Server 2008 R2
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Then configure GlobalNames zones on each domain controller.
Install From Media IFM

9. When one needs to audit files - folders - printers and the registry enable
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Event Subscriptions
Assign the application to computers in the PC OU
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

10. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add the new UPN suffix to the forest.

11. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Deploy it by using Group Policy Software Installation method
Add the Windows Server Backup feature and Windows System Image recovery.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
dnscmd tool

12. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

13. To make deploying the custom Word dictionary easy
Recommend Group Policy preferences
Configure folder redirection
Run net stop ntds
Implement Network Access Protection (NAP)

14. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
FFL Windows Server 2008 R2
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Modify the schema of LDSInst1
Add George to the Domain Admins group.

15. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Deploy a failover cluster that uses Node and File Share Disk Majority
Add-ADFineGrainedPasswordPolicySubject cmdlet
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

16. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
dsa.msc - dsamain.exe - ntdsutil.exe
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

17. If you want to allow single-label name resolution
Refresh the zone on DNS2
Then configure GlobalNames zones on each domain controller.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Implement one LUN for the quorum and another LUN for the data

18. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
dnscmd
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Modify the GPO to include folder redirection

19. If you need to minimize the bandwidth for installation
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
AD RMS
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Utilize IFM (Install From Media)

20. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
IIS Manager user account
Domain based DFS namespace and configure a DFS replication group
Certificate Templates
Distributed File System (DFS) Replication

21. to prevent VMs from receiving updats from a group policy
The Group Policy Management Console
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
AD Rights Management Services

22. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Event Viewer
Active Directory Users and Computers utility
New ACCOUNT STORE should be added and configured

23. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Storage manager for SANs
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Dsmgmt

24. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Improve the performance of File Servers
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Configure Audit Special Logon and define Special Groups
Basic Authentication and SSL

25. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Use CISCO IP Helper command to configure.
Use local roles options within "dsmgmt"
Increase the tombstone lifetime for the forest.
Service user account for AD LDS

26. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Network Load Balancing (NLB) cluster
Raise the DFL to Windows Server 2008 R2.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

27. If a file server reaches 15% free disk space - you could free up some disk space by
Active Directory snapshots and Tombstone reanimation
Folder redirection. Folder redirection is also useful when using roamin profiles.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Creating a data collector set that kick off a scritp that either move or delete files.

28. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Authorization Manager
Execute the Set-ADServiceAccount cmdlet
Back up to an external USB drive by using Windows Server Backup
Modify zone transfer settings for company.com zone on DCA

29. To allow a specifc user or group to manage the address information for the user accounts...
Recommend Active Directory delegation
Add-ADFineGrainedPasswordPolicySubject cmdlet
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Prestage the computer account in AD

30. If you need to delegate control of server to remote admins group
Microsoft System Center Data Protection Manager
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
DSMOD
Configure RODC for Administrator Role Separation

31. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Enable Windows Remote Management (WinRM) on each server.
Deploy a failover cluster that uses Node and File Share Disk Majority
Test-AppLockerPolicy

32. 4 steps to perform authoritative restore of a deleted OU...
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller

33. When recommending a monitoring solution for an application so that it's events can be stored in a central
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Passive file screens
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Event Subscriptions

34. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Implement the Windows Search Service.
Incoming external trust

35. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

36. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
WSUS server in the branch office in replica mode.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
DSMOD - ADUC
Authorization Manager role assignment

37. What should be done first to defragment the AD database?
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploy a GPO for the Sales OU
Run net stop ntds

38. The strongest form of NAP is
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Jill came down with 2.50.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication

39. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Configure authorization rules for Web developers on each web server
Share and Storage Management
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Implement Windows System Resource Manager (WSRM) and configure user policies

40. What should be done to resolve names by using GlobalNames zone?
WSUS server in the branch office in replica mode.
dnscmd tool
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)

41. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Service user account for AD LDS
Group Policy Preferences
Create and deploy a logon script that runs Auditpol.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

42. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Windows System Resource Manager (WSRM)
Jill came down with 2.50.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

43. Jack and Jill go up the hill - both with a buck and a quarter
Dfsrdiag
Jill came down with 2.50.
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

44. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Dsmgmt
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Administrators is the minimum group membership required to complete this procedure.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

45. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Recommend Group Policy preferences
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Dsmgmt
Use the Local Roles options with dsmgmt.

46. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement Shadow Copies
Site
Raise the DFL to Windows Server 2008 R2.

47. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Purchase one additional Enterprise License
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
802.1.x NAP
Add the new UPN suffix to the forest.

48. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Passive file screens
Modify properties of RODC server computer account.

49. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Perform an authoritative restore
Then configure GlobalNames zones on each domain controller.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

50. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Test-AppLockerPolicy
Deploy Microsoft System Center Operations Manager (SCOM)
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Recommend Group Policy preferences