Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To allow connection to a 256 Kbps ISDN...
Modify the GPO to include folder redirection
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
DISABLE slow link detection in the GPO

2. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
IIS Chared Configuration
Deploy it by using Group Policy Software Installation method
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

3. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Offline domain join
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
djoin /requesteodj from internal server - djoin /provision from outside server/PC

4. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Add the new UPN suffix to the forest.
Configure RODC for Administrator Role Separation
djoin /requesteodj from internal server - djoin /provision from outside server/PC
802.1.x NAP

5. To decrease the amount of time it takes for the certain users to generate reports. You should recommend
DSMOD - ADUC
Modify zone transfer settings for company.com zone on DCA
Windows System Resource Manager (WSRM)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

6. The strongest form of NAP is
Enable Windows Remote Management (WinRM) on the servers.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Win2000 Native
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

7. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Utilize IFM (Install From Media)
Dfsrdiag
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.

8. When configuring delegation of administration for Domain Controllers at a remote location you must Add the users or groups as members of the Domain Admins Group. However - be careful to allow just a certain user or group of users to manage the Domain
Microsoft System Center Data Protection Manager
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Windows System Resource Manager (WSRM)

9. You need to access some resources in another domain that is part of another forest. What type of trust should you create?
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Incoming external trust
AD RMS

10. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Passive file screens
Create and deploy a logon script that runs Auditpol.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then use Windows Deployment Services (WDS)

11. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Configure caching on the shared folder and configure offline files to use encryption
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
New ACCOUNT STORE should be added and configured
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

12. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Win2000
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Configure an audit policy by editing the default domain policy and configure Event Forwarding

13. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Authorization Manager
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
File Server Resource Manager (FSRM) quotas and file screens
Deploy a GPO for the Sales OU

14. If you need to ensure that data is protected by BitLocker then you will...
Windows XP Mode
NOT be able to store that data on an iSCSI SAN
Software Restriction Polices
Dsmgmt

15. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
net stop ntds
Implement folder redirection by using GPO. Then backup the folder redirection target.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
WSUS server in the branch office in replica mode.

16. to protect file servers and hard disks that may be at risk of being accessed or stolen
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Implement Windows BitLocker Drive Encryption (BitLocker)
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
AD Rights Management Services

17. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Network Load Balancing (NLB)
Assign the application to computers in the PC OU
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
IIS Manager user account

18. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
DFL needs to be Windows Server 2008
AD RMS
Implement Windows System Resource Manager (WSRM) and configure user policies
Run adprep /forestprep and adprep /domainprep

19. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Dsmgmt
Back up to an external USB drive by using Windows Server Backup
Authorization Manager role assignment
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

20. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Create a Network Load Balancing cluster.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Implement the Windows Search Service.

21. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Install the RSAT tool on their workstation to provide for more efficient network management
DSMOD
Create an Active Directory-Integrated zone.
Folder redirection. Folder redirection is also useful when using roamin profiles.

22. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

23. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Implement Network Access Protection (NAP)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Add the Windows Server Backup feature and Windows System Image recovery.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

24. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Deploy a failover cluster that uses Node and File Share Disk Majority
802.1.x NAP
dnscmd

25. What should be done to resolve names by using GlobalNames zone?
Configure caching on the shared folder and configure offline files to use encryption
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Passive file screens
dnscmd tool

26. When recommending a monitoring solution for an application so that it's events can be stored in a central
Event Subscriptions
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Backup operator's domain local group
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

27. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Dfsrdiag
Your machine and remote desktops
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

28. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Active Directory Right Management Services (AD RMS)
Distributed File System (DFS) Replication
Configure caching on the shared folder (offline files)
Recommend Offline Files

29. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

30. PowerShell script to create user accounts with passwords from a file called password.csv
Domain based Distributed File System (DFS) will reduce network traffic
Ntdsutil
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

31. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Use a GPO to configure device installation restrictions
Configure an audit policy by editing the default domain policy and configure Event Forwarding
An Active Directory subnet object needs to be created.
Storage manager for SANs

32. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Printer driver isolation
Deploy a failover cluster that uses Node and File Share Disk Majority
Then configure GlobalNames zones on each domain controller.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.

33. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Administrators is the minimum group membership required to complete this procedure.
Basic Authentication and SSL
Windows Server 2003
Run adprep /forestprep and adprep /domainprep

34. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Run adprep /forestprep and adprep /domainprep
Configure Firewall Group Policies and link them at the Domain level

35. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

36. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Use local roles options within "dsmgmt"
PowerShell 2.0
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Add the new UPN Suffix to the forest

37. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
dnscmd tool
DSMOD
Deploy a GPO for the Sales OU
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

38. To be able to manage all the corporate servers from a workstation - you must install the
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

39. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Install From Media IFM
Administrators is the minimum group membership required to complete this procedure.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Recommend GPT and basic disks

40. What tool would you use to add a new User Principal Name (UPN) for all user accounts?
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Active Directory Domains and Trusts
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
A Distributed File System (DFS) namespace

41. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Offline domain join
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

42. Can be used to install the Windows RE on existing servers
Recommend GPT and basic disks
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
WDS
FILES option within Ntdsutil

43. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
WDS
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Network Load Balancing (NLB)
IIS Manager user account

45. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Microsoft SharePoint Foundation 2010
Repadmin
Domain based Distributed File System (DFS) will reduce network traffic
Configure Firewall Group Policies and link them at the Domain level

46. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Configure caching on the shared folder and configure offline files to use encryption
Configure block inheritance on the IT OU
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.

47. When deploying an application using the Group Policy distribution method assign the...
Assign the application to all client computers by using a GPO.
Win2000
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Implement File Server Resource Manager (FSRM) quotas on the desired servers

48. To defragment and AD database...
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
net stop ntds
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

49. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

50. To allow a user to administer Active Directory
Active Directory Right Management Services (AD RMS)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
WDS
Add the user to the Domain Admins global group