Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
DSMOD
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

2. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Domain based DFS namespace and configure a DFS replication group
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
IIS Manager user account

3. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
MEDV to deploy virtual desktops
Windows XP Mode
Ntfrsutil

4. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Create a new Password Settings Object (PSO) for the IT users.
Enable - ADoptionalFeature cmdlet

5. To create AD Domain Services snapshot
Add the new UPN suffix to the forest.
Implement Shadow Copies
Ntdsutil
Then install new Server 2008 R2 Enterprise subordinate CA.

6. If you need to ensure that data is protected by BitLocker then you will...
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Microsoft SharePoint Foundation 2010
Run the Delegation of Control Wizard on the Staff OU
NOT be able to store that data on an iSCSI SAN

7. George needs to administer a read-only domain controller named Server1 - but to do this with minimal permissions assigned to him. What tool should be used for this daunting task?
Authorization Manager
Add the new UPN Suffix to the forest
Network Load Balancing (NLB) cluster
Dsmgmt

8. Your company IP scheme uses both IPv4 and IPv6. You have a main and branch office. In the branch office you are using PC1. PC1 is now only using IPv6. You noticed that PC1 no longer authenticates off the DC that is in the branch office. What should b
Backup operator's domain local group
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
An Active Directory subnet object needs to be created.
IIS Manager user account

9. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

10. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Microsoft Desktop Optimization Pack (MDOP)
IIS Chared Configuration

11. to protect file servers and hard disks that may be at risk of being accessed or stolen
Group Policy Preferences
Refresh the zone on DNS2
Enable - ADoptionalFeature cmdlet
Implement Windows BitLocker Drive Encryption (BitLocker)

12. To delegate authority to users to manage only certain areas in Hyper-V use the
Authorization Manager role assignment
Active Directory Right Management Services (AD RMS)
Configure caching on the shared folder (offline files)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

13. GPO setting to prevent all users from running an application
Deploy the Root CA certificate to the external computers.
AD Rights Management Services
Software Restriction Polices
Configure RODC for Administrator Role Separation

14. To make deploying the custom Word dictionary easy
Dsmgmt
Perform an authoritative restore
Recommend Group Policy preferences
Disable Site Link Bridging from the IP properties

15. You need to consolidate 120 physical servers into 35 physical servers that run Windows Server 2008 R2 while meeting the following: maximize resource utilization; use existing hardware and software; support 64-bit child virtual machines; maintain sepa
Install Hyper-V role and convert physical machines into virtual machines
Create a Network Load Balancing cluster.
Your machine and remote desktops
PowerShell 2.0

16. To configure AD FS so tokens contain information from Active Directory domain...
Modify the local policy to point to the Internal WSUS server
New ACCOUNT STORE should be added and configured
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

17. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Ldp

18. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Create an e-mail account in AD DS for your RMS users.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

19. If you want to allow single-label name resolution
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Upgrading DFS to Windows Server 2008 R2
Then configure GlobalNames zones on each domain controller.

20. You need to design your WSUS infrastructure so that updates are highly available. To do so
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

21. The Computer Management snap-in allows you to create shares both on...
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Your machine and remote desktops
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
DSMOD

22. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
The Group Policy Management Console

23. 2 ways to relocate user and computer accounts to different OUs
Zone transfer settings
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
DSMOD - ADUC
An Active Directory subnet object needs to be created.

24. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
AD Rights Management Services
Dsmgmt
Zone transfer settings

25. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Changed manually
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Incoming external trust
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

26. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Import-Module
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).

27. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Add George to the Domain Admins group.
Modify zone transfer settings for company.com zone on DCA
Microsoft System Center Data Protection Manager

28. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Implement Windows BitLocker Drive Encryption (BitLocker)
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Create a Central Store

29. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Then use on install image file that contains a single install image.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Then use Windows Deployment Services (WDS) on DHCP1.
Upgrading DFS to Windows Server 2008 R2

30. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
Implement the Windows Search Service.
Create an e-mail account in AD DS for your RMS users
Include a server that runs Microsoft Office SharePoint Server 2010
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

31. To backup Virtual Machines
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Implement one LUN for the quorum and another LUN for the data
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

32. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Run the Delegation of Control Wizard on the Staff OU
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Back up to an external USB drive by using Windows Server Backup

33. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Windows XP Mode
Implement folder redirection by using GPO. Then backup the folder redirection target.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

34. What GPO setting should be configured to prevent all users from running an application?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Software Restriction Polices
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Microsoft Desktop Optimization Pack (MDOP)

35. Help desk staff must be able to update drivers on the domain controllers at the branch office and assign them the proper
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Administrative Role Separation
Domain based Distributed File System (DFS) will reduce network traffic

36. UPN Suffix xxxx.com needs to be available for user accounts...
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Add the new UPN Suffix to the forest
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

37. You need to relocate an AD LDS instance from C: Drive to D: Drive
Add the Windows Server Backup feature and Windows System Image recovery.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
dnscmd tool
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

38. To build a highly secure server cluster with a reduced attack surface area
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Recommend GPT and basic disks

39. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Enable Windows Remote Management (WinRM) on the servers.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

40. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Group Policy Preferences
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Microsoft System Center Data Protection Manager 2010
Discover the run Microsoft Baseline Security Analyzer (MBSA)

41. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Dfsrdiag
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Microsoft Desktop Optimization Pack (MDOP)
Modify properties of RODC server computer account.

42. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Refresh the zone on DNS2
Configure offline files and enable manual caching
Modify properties of RODC server computer account.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

43. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Win2000 Native
Network Load Balancing (NLB)

44. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
DSMOD
Create a standard secondary of domain and create standard secondary of other domain.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Administrators is the minimum group membership required to complete this procedure.

45. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Recommend Active Directory delegation
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Enable Credential Roaming
Run adprep /forestprep and adprep /domainprep

46. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Then install new Server 2008 R2 Enterprise subordinate CA.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Use local roles options within "dsmgmt"

47. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
FFL Windows Server 2008 R2
Implement Distributed File System Replication (DFSR) on both servers
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Modify the GPO to include folder redirection

48. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Implement one LUN for the quorum and another LUN for the data
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Dsmgmt
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

49. New password settings object (PSO) created and needs to be applied to user
Then use on install image file that contains a single install image.
Event Subscriptions
Ldp
Properties of PSO need modified

50. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Create a Network Load Balancing cluster.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.