Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Test-AppLockerPolicy
PDC emulator with w32tm.exe
Enable Windows Remote Management (WinRM) on each server.

2. What should be done first to defragment the AD database?
Run net stop ntds
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Microsoft System Center Data Protection Manager
NOT be able to store that data on an iSCSI SAN

3. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Create a Network Load Balancing cluster.
Then use Windows BitLocker Drive Encryption
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

4. You need to recommend a server configuration to support a Web-based application that must meet these requirements: the app must be available to all users if a single server fails; support the installation of .NET applications; Minimize software costs
Refresh the zone on DNS2
Deploy it by using Group Policy Software Installation method
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

5. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Create and deploy a logon script that runs Auditpol.
Configure block inheritance on the IT OU
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

6. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Recommend Group Policy preferences
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Increase the tombstone lifetime for the forest.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

7. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Improve the performance of File Servers
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Dfsrdiag

8. To prevent account password from being cached on RODC server...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Share and Storage Management
Windows BitLocker Drive Encryption (Bit Locker)
Modify properties of RODC server computer account.

9. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
PDC emulator with w32tm.exe

10. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure authorization rules for Web developers on each web server
A relying party trust should be created.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

11. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Active Directory Right Management Services (AD RMS)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Repadmin

12. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Use the Local Roles options with dsmgmt.
Run adprep /forestprep and adprep /domainprep
Microsoft System Center Data Protection Manager 2010
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

13. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Passive file screens
Modify zone transfer settings for company.com zone on DCA
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

14. 2 ways to relocate user and computer accounts to different OUs
DSMOD - ADUC
Certificate Templates
Active Directory Users and Computers utility
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

15. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Prestage the computer account in AD
Win2000 Native
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Attach VHD file created by Windows server backup

16. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
MEDV to deploy virtual desktops
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement Network Access Protection (NAP)

17. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Assign the application to computers in the PC OU
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Configure the zone as an Activde Directory-Integrated zone.

18. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Group Policy Preferences
Upgrading DFS to Windows Server 2008 R2
Implement Shadow Copies
Implement one LUN for the quorum and another LUN for the data

19. You need to ensure that the guest account on all servers is disabled to
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Discover the run Microsoft Baseline Security Analyzer (MBSA)
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

20. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Subnet object needs to be created
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy the Root CA certificate to the external computers.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

21. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Assign the application to all client computers by using a GPO.
Run net stop ntds
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

22. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Passive file screens
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Add the new UPN suffix to the forest.
Implement GPO for all client computers

23. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Dsmgmt
Use local roles options within "dsmgmt"
Include a server that runs Microsoft Office SharePoint Server 2010
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

24. You need to recommend a BitLocker recovery method you should recommend this.
AD Rights Management Services
Configure authorization rules for Web developers on each web server
Creating a data collector set that kick off a scritp that either move or delete files.
Data Recovery Agent

25. To backup Virtual Machines
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Configure caching on the shared folder and configure offline files to use encryption
Microsoft Desktop Optimization Pack (MDOP) to your company
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

26. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
From Server A - run Create Basic Task Wizard
Increase the tombstone lifetime for the forest.
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Create and deploy a logon script that runs Auditpol.

27. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
An Active Directory subnet object needs to be created.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Group Policy Preferences
Run the Delegation of Control Wizard on the Staff OU

28. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
AD RMS
Add-ADFineGrainedPasswordPolicySubject cmdlet
Group Policy Preferences

29. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Deploy a failover cluster that uses Node and File Share Disk Majority
The Group Policy Management console
DSMOD
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

30. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
DISABLE slow link detection in the GPO
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
IIS Manager user account
Recommend Offline Files

31. If you need to minimize the bandwidth for installation
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Utilize IFM (Install From Media)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Create an Active Directory-Integrated zone.

32. What role to keep same time as an external server?
Deploy a failover cluster that uses Node and File Share Disk Majority
Active Directory Users and Computers utility
PDC emulator with w32tm.exe
Upgrading DFS to Windows Server 2008 R2

33. New password settings object (PSO) created and needs to be applied to user
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Configure Audit Special Logon and define Special Groups
Properties of PSO need modified
IIS Chared Configuration

34. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
AD Domains and Trusts
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

35. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Deploy a GPO to the WebSrvOU
Configure offline files and enable manual caching
An Active Directory subnet object needs to be created.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

36. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Changed manually
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

37. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Then use Windows BitLocker Drive Encryption
Use a GPO to configure device installation restrictions
Create ADMX and ADML files. Configure the GPO and link it to the domain.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

38. If subnets are connected by CISCO router that is RFC-1542 compliant
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Use CISCO IP Helper command to configure.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

39. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Install Hyper-V role and convert physical machines into virtual machines
Deploy a GPO for the Sales OU
View properties of %systemroot%ntdsntds.dit
Back up to an external USB drive by using Windows Server Backup

40. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
From Server A - run Create Basic Task Wizard
Encrypting File System (EFS). This can be enabled locally or through a GPO.

41. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Win2000 Native
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

42. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Deploy a failover cluster that uses Node and File Share Disk Majority
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
View properties of %systemroot%ntdsntds.dit
Dfsrdiag

43. To configure Administrator Role Separation for an RODC
Implement the Windows Search Service.
Microsoft SharePoint Foundation 2010
Microsoft Desktop Optimization Pack (MDOP)
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

44. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
FFL Windows Server 2008 R2
Subnet object needs to be created
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Backup operator's domain local group

45. To ensure that the branch office with its own high speed internet connection receives the exact same updates as the corporate office you should recommend this.
AD Rights Management Services
Deploy a failover cluster that uses Node and File Share Disk Majority
Then install new Server 2008 R2 Enterprise subordinate CA.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

46. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
View properties of %systemroot%ntdsntds.dit
Implement Windows System Resource Manager (WSRM) and configure user policies
Add George to the Domain Admins group.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

47. You have a root domain and four child domains. Policy requirements state that all local guest accounts must be renamed and disabled - and all local administrator accounts must be renamed
Implement a GPO for each domain
Execute the Set-ADServiceAccount cmdlet
Software Restriction Polices
Configure event log subscriptions

48. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

49. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Test-AppLockerPolicy
Event Viewer
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

50. To delegate authority to users to manage only certain areas in Hyper-V use the
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Authorization Manager role assignment
Configure the zone as an Activde Directory-Integrated zone.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.