Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Creating a data collector set that kick off a scritp that either move or delete files.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Enable Windows Remote Management (WinRM) on each server.

2. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Data Recovery Agent
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

3. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Run the Delegation of Control Wizard on the Staff OU
Implement GPO for all client computers
Assign the application to all client computers by using a GPO.
Modify zone transfer settings for company.com zone on DCA

4. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
File Server Resource Manager (FSRM) quotas and file screens
Administrative Role Separation
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

5. When recommending a monitoring solution for an application so that it's events can be stored in a central
FILES option within Ntdsutil
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Event Subscriptions

6. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
FFL Windows Server 2008 R2
Enable Windows Remote Management (WinRM) on the servers.
Configure block inheritance on the IT OU

7. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Import-Module
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Windows BitLocker Drive Encryption (Bit Locker)
Microsoft Desktop Optimization Pack (MDOP)

8. If subnets are connected by CISCO router that is RFC-1542 compliant
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
PowerShell 2.0
FFL Windows Server 2008 R2
Use CISCO IP Helper command to configure.

9. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Ntfrsutil
Deploy a failover cluster that contains one node in each office.

10. If you need to ensure that data is protected by BitLocker then you will...
Dfsrdiag
NOT be able to store that data on an iSCSI SAN
Create a new Password Settings Object (PSO) for the IT users.
Encrypting File System (EFS). This can be enabled locally or through a GPO.

11. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Configure separate application pools for each application
Network Load Balancing (NLB) cluster
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
dsa.msc - dsamain.exe - ntdsutil.exe

12. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Configure RODC for Administrator Role Separation
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Windows System Resource Manager (WSRM)
Raise the DFL to Windows Server 2008 R2.

13. To create and additional AD LDS applicaiton directory partition in existing instance...
Microsoft Desktop Optimization Pack (MDOP)
Ldp
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Upgrading DFS to Windows Server 2008 R2

14. PowerShell script to create user accounts with passwords from a file called password.csv
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Implement Network Access Protection (NAP)
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

15. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Refresh the zone on DNS2
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Subnet object needs to be created

16. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Incoming external trust
Implement Network Access Protection (NAP)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Windows Deployment Services (WDS)

17. What should be done to resolve names by using GlobalNames zone?
dnscmd tool
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Additional DFS Targets

18. To backup Virtual Machines
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
View properties of %systemroot%ntdsntds.dit
Utilize IFM (Install From Media)
Dynamically expanding VHD's

19. To configure Administrator Role Separation for an RODC
Implement a GPO for each domain
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Recommend Active Directory delegation

20. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Creating a data collector set that kick off a scritp that either move or delete files.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Data Recovery Agent

21. Can be used to install the Windows RE on existing servers
WDS
Implement Shadow Copies
Implement Distributed File System Replication (DFSR) on both servers
Microsoft Desktop Optimization Pack (MDOP)

22. To defragment and AD database...
Install Windows Server Backup and modify the Windows firewall settings
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
net stop ntds

23. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Raise the DFL to Windows Server 2008 R2.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

24. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Configure authorization rules for Web developers on each web server
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Recommend Offline Files

25. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Group Policy Preferences
Windows BitLocker Drive Encryption (Bit Locker)
Distributed File System (DFS) Replication
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

26. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Active Directory snapshots and Tombstone reanimation
Authorization Manager role assignment

27. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Distributed File System (DFS) Replication
Create an Active Directory-Integrated zone.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

28. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
Use the Local Roles options with dsmgmt.
DSMOD
Event Log Subscriptions
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP

29. To create AD Domain Services snapshot
Configure separate application pools for each application
Ntdsutil
Site
Modify the schema of LDSInst1

30. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Configure caching on the shared folder and configure offline files to use encryption
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Windows XP Mode
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

31. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Active Directory Users and Computers
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Domain based DFS namespace and configure a DFS replication group
Use CISCO IP Helper command to configure.

32. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Authorization Manager
Dsmgmt
From Server1 - run the Create Basic Task Wizard
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

33. to make shares at a remote location available to users you should implement this.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Domain based Distributed File System (DFS) namespace and DFS Replication.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

34. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Data Recovery Agent
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

35. To backup GPO's in domain and minimize bakcup...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Modify the local policy to point to the Internal WSUS server
The Group Policy Management Console
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

36. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Add-ADFineGrainedPasswordPolicySubject cmdlet

37. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Enable Windows Remote Management (WinRM) on the servers.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Event Viewer
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

38. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Deploy a GPO for the Sales OU
Add-ADFineGrainedPasswordPolicySubject cmdlet

39. To ensure that a file on a file server do not leave the organization you must implement this.
AD RMS
Test-AppLockerPolicy
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

40. What Function Level (FL) needs to be in place to enable AD Recycle Bin?
Dynamically expanding VHD's
FFL Windows Server 2008 R2
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Add-ADFineGrainedPasswordPolicySubject cmdlet

41. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
The Group Policy Management console
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Install From Media IFM
Network Load Balancing (NLB) cluster

42. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Configure block inheritance on the IT OU
Implement Network Access Protection (NAP)
Configure Firewall Group Policies and link them at the Domain level
Modify the GPO to include folder redirection

43. Need to access some resources in another domain that is part of another forest...What trust is created?
Add the new UPN suffix to the forest.
Network Load Balancing (NLB) cluster
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Incoming external trust

44. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
FFL Windows Server 2008 R2
dnscmd
Modify properties of RODC server computer account.

45. You need to ensure that the guest account on all servers is disabled to
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

46. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Share and Storage Management

47. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

48. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Ntfrsutil
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Microsoft Application Virtualization (AppV)
Create a GPO and link the GPO to the domain then configure the GPO to be enforced

49. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Subnet object needs to be created
Backup operator's domain local group
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

50. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Domain based Distributed File System (DFS) will reduce network traffic
Assign the application to computers in the PC OU
Recommend GPT and basic disks