Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Enable Credential Roaming
Implement a GPO for each domain
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
View properties of %systemroot%ntdsntds.dit

2. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Incoming external trust

3. RDSrv1 is a Server 2008 R2 server with Remote Desktop Services installed. You are planning to establish a Terminal Server Farm that must meet these requirements: New users automatically connect to the terminal server that has the fewest active sessio
Use local roles options within "dsmgmt"
Use CISCO IP Helper command to configure.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Backup operator's domain local group

4. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Network Load Balancing (NLB) cluster
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Get-ADUser cmdlet
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

5. You need to ensure that the guest account on all servers is disabled to
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Win2000 Native
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Microsoft SharePoint Foundation 2010

6. to make shares at a remote location available to users you should implement this.
WDS
dnscmd
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Domain based Distributed File System (DFS) namespace and DFS Replication.

7. If you need to minimize amount of time and impact of 50 simultaneous Win7 installations
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Purchase one additional Enterprise License
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Use Netsh tool from administrator's computer.

8. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Configure caching on the shared folder (offline files)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Winrm quickconfig
Repadmin

9. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
From Server1 - run the Create Basic Task Wizard
Disable Site Link Bridging from IP Properties

10. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Jill came down with 2.50.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Run the Delegation of Control Wizard on the Staff OU
View properties of %systemroot%ntdsntds.dit

11. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Changed manually
Configure caching on the shared folder and configure offline files to use encryption
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

12. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
802.1.x NAP
Active Directory Right Management Services (AD RMS)
dnscmd tool
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

13. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Install Windows Server Backup and modify the Windows firewall settings
Configure block inheritance on the IT OU
Run adprep /forestprep and adprep /domainprep
Deploy a failover cluster that contains one node in each office.

14. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Site
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Implement a domain-based DFS namespace that uses replication
Active Directory Users and Computers utility

15. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Modify zone transfer settings for company.com zone on DCA
Perform an authoritative restore

16. Ensure password length for a group set to 12 characters long while others keep password policy
FFL Windows Server 2008 R2
Deploy the Root CA certificate to the external computers.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Add-ADFineGrainedPasswordPolicySubject cmdlet

17. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
MEDV to deploy virtual desktops
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Modify the local policy to point to the Internal WSUS server

18. To defragment and AD database...
net stop ntds
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Group Policy Preferences
Modify properties of RODC server computer account.

19. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
File Server Resource Manager (FSRM) quotas and file screens

20. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Offline domain join
Disable Site Link Bridging from IP Properties

21. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Microsoft Desktop Optimization Pack (MDOP) to your company
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
From Server A - run Create Basic Task Wizard
Configure block inheritance on the IT OU

22. If you need to ensure that data is protected by BitLocker then you will...
Implement a domain-based DFS namespace that uses replication
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
NOT be able to store that data on an iSCSI SAN

23. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
dsa.msc - dsamain.exe - ntdsutil.exe
Role Separation
dnscmd tool
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

24. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Windows System Resource Manager (WSRM)
Use local roles options within "dsmgmt"
Add the user to the Domain Admins global group
Configure event log subscriptions

25. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Modify the schema of LDSInst1
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

26. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Implement Network Access Protection (NAP) that uses 802.1x enforcement
DFL needs to be Windows Server 2008
Ntdsutil
Include a server that runs Microsoft Office SharePoint Server 2010

27. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Ntfrsutil
Microsoft Desktop Optimization Pack (MDOP) to your company
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

28. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
IIS Chared Configuration
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

29. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

30. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
New ACCOUNT STORE should be added and configured
Network Load Balancing (NLB) cluster
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

31. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Then use Windows BitLocker Drive Encryption
Dsmgmt
Microsoft System Center Data Protection Manager
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)

32. New password settings object (PSO) created and needs to be applied to user
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Configure caching on the shared folder and configure offline files to use encryption
Configure offline files and enable manual caching
Properties of PSO need modified

33. Deployment solutions that will allow both the 64 bit version of Office 2010 and the 32 bit version Office 2003 to run at a same time on a Windows 7 computer - and to do that when the computer is offline - are very limited. You should recommend
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Active Directory Right Management Services (AD RMS)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Microsoft Application Virtualization (AppV)

34. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Jill came down with 2.50.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Autonomous mode...This allows the local administrator to approve their own updates.

35. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Configure folder redirection
DISABLE slow link detection in the GPO
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

36. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Create a Network Load Balancing cluster.
Then install new Server 2008 R2 Enterprise subordinate CA.
Run net stop ntds

37. To delegate authority to users to manage only certain areas in Hyper-V use the
Dfsrdiag
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Authorization Manager role assignment
Zone transfer settings

38. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Modify the GPO to include folder redirection
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
dnscmd tool

39. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Modify properties of RODC server computer account.
PowerShell 2.0

40. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Passive file screens
dsa.msc - dsamain.exe - ntdsutil.exe
Implement a domain-based DFS namespace that uses replication
Implement File Server Resource Manager (FSRM) quotas on the desired servers

41. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Active Directory Users and Computers
Authorization Manager role assignment
Dsmgmt

42. If you want to implement BitLocker and store recovery informaiton in a central location
Test-AppLockerPolicy
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Properties of PSO need modified

43. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Incoming external trust
Implement Windows System Resource Manager (WSRM) and configure user policies
Execute the Set-ADServiceAccount cmdlet

44. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Refresh the zone on DNS2
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

45. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
AD RMS
Configure an audit policy by editing the default domain policy and configure Event Forwarding
From Server A - run Create Basic Task Wizard

46. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Windows Deployment Services (WDS)
Enable Credential Roaming
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Then use Windows Deployment Services (WDS)

47. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Authorization Manager role assignment
802.1.x NAP

48. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Software Restriction Polices
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Configure offline files and enable manual caching
Autonomous mode...This allows the local administrator to approve their own updates.

49. You need to deploy a sales application that only the sales users must have access to
dnscmd
An Active Directory subnet object needs to be created.
Deploy a GPO for the Sales OU
Deploy it by using Group Policy Software Installation method

50. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Increase the tombstone lifetime for the forest.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Get-ADUser cmdlet
Deploy a failover cluster that uses Node and File Share Disk Majority