Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
From Server1 - run the Create Basic Task Wizard
Use local roles options within "dsmgmt"
Raise the DFL to Windows Server 2008 R2.

2. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Distributed File System (DFS) Replication
Configure the zone as an Activde Directory-Integrated zone.
Your machine and remote desktops

3. Tool to allow a user to administer an RODC while minimizing the number of permissions assigned to user.
Dsmgmt
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

4. When service account passwords need to be changed for SQL they should be...
File Server Resource Manager (FSRM) quotas and file screens
Changed manually
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

5. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Deploy it by using Group Policy Software Installation method
Configure caching on the shared folder and configure offline files to use encryption

6. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Perform an authoritative restore
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Improve the performance of File Servers
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

7. DCDNS1 is a DC and DNS server that host and ADI zone for company.com and is located in the main office. DNS2 is a DNS server that hosts a secondary zone for company.com and is located in the branch office. FSrv1 is a new file server that is located i
Then use Windows Deployment Services (WDS) on DHCP1.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Refresh the zone on DNS2

8. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Then configure auto enrollment of certificates and Credential Roaming.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Properties of PSO need modified
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

9. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Modify properties of RODC server computer account.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

10. To be able to user an application from one AD FS with authentication server to another...
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
CAPublishGP group should have the Manage CA permission.
A relying party trust should be created.

11. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
IIS Chared Configuration
Raise the DFL to Windows Server 2008 R2.
Implement Network Access Protection (NAP)
Configure offline files and enable manual caching

12. to protect file servers and hard disks that may be at risk of being accessed or stolen
Backup operator's domain local group
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Subnet object needs to be created
Implement Windows BitLocker Drive Encryption (BitLocker)

13. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

14. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
Create a MEDV workspace
Enable Windows Remote Management (WinRM) on each server.
Create an e-mail account in AD DS for your RMS users.

15. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Modify the schema of LDSInst1
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Win2000

16. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Certificate Templates
Share and Storage Management

17. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Implement Windows BitLocker Drive Encryption (BitLocker)
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Registry on users computer needs to be modified
Then install new Server 2008 R2 Enterprise subordinate CA.

18. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Implement Network Access Protection (NAP) that uses 802.1x enforcement
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Modify the local policy to point to the Internal WSUS server

19. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Create a new Password Settings Object (PSO) for the IT users.

20. You have been tasked with backing up all the GPOs in the domain. The IT manager also wants you to minimize the size of the backup. You decide to use...
Storage manager for SANs
Run the Delegation of Control Wizard on the Staff OU
The Group Policy Management console
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

21. To recover objects deleted from Active Directory you should recommend
From Server A - run Create Basic Task Wizard
Active Directory snapshots and Tombstone reanimation
Recommend Active Directory delegation
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.

22. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Microsoft System Center Data Protection Manager

23. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Site
Increase the tombstone lifetime for the forest.
A Distributed File System (DFS) namespace
Import-Module

24. To deploy templates across the organization
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Recommend Active Directory delegation
Site

25. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then install new Server 2008 R2 Enterprise subordinate CA.
Use local roles options within "dsmgmt"

26. Jack and Jill go up the hill - both with a buck and a quarter
Create a MEDV workspace
Event Subscriptions
Jill came down with 2.50.
Run auditpol and then configure the Security settings of the Domain Controllers OU.

27. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Enable Windows Remote Management (WinRM) on each server.
Active Directory Right Management Services (AD RMS)
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

28. To ensure that a file on a file server do not leave the organization you must implement this.
Microsoft Application Virtualization (AppV)
Active Directory Right Management Services (AD RMS)
AD RMS
Basic Authentication and SSL

29. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Configure authorization rules for Web developers on each web server
Winrm quickconfig
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

30. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Recommend Active Directory delegation
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Install the RSAT tool on their workstation to provide for more efficient network management

31. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Storage manager for SANs
Implement Network Access Protection (NAP)
Enable - ADoptionalFeature cmdlet

32. You need to allow a user to add a single computer to a domain - without any additional rights...
Prestage the computer account in AD
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Implement Distributed File System Replication (DFSR) on both servers
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

33. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Configure Audit Special Logon and define Special Groups
Implement a GPO for each domain
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement Windows System Resource Manager (WSRM) and configure user policies

34. To ensure that recovery is possible if a file on a file server is deleted accidentally
Deploy the Root CA certificate to the external computers.
Implement Shadow Copies
ntdsutil
Prestage the computer account in AD

35. DFL is...
Run net stop ntds
Get-ADUser cmdlet
Win2000 Native
Microsoft Application Virtualization (AppV)

36. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
CAPublishGP group should have the Manage CA permission.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Assign the application to all client computers by using a GPO.

37. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

38. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Group Policy Preferences
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Active Directory Domains and Trusts
Site

39. New password settings object (PSO) created and needs to be applied to user
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Refresh the zone on DNS2
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Properties of PSO need modified

40. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
A relying party trust should be created.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Use Netsh tool from administrator's computer.

41. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Domain based Distributed File System (DFS) will reduce network traffic
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Multipath I/O feature

42. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Zone transfer settings
Modify properties of RODC server computer account.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

43. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
WSUS server in the branch office in replica mode.
Install From Media IFM
Create a MEDV workspace

44. To add a server with AD FS 2.0 role to an existing AD FS farm...
Disable Site Link Bridging from the IP properties
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Software Restriction Polices
fsconfig on FSSrv2

45. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then configure GlobalNames zones on each domain controller.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Recommend Group Policy preferences

46. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Create a Network Load Balancing cluster.
Modify the schema of LDSInst1

47. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Use a GPO to configure device installation restrictions
DISABLE slow link detection in the GPO
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

48. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Dsmgmt
Administrative Role Separation
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

49. To speed up the deployment of the RODC in the new branch offices you should take advantage of this.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Install From Media IFM
Dynamically expanding VHD's
Domain based Distributed File System (DFS) will reduce network traffic

50. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Dsmgmt
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Create and deploy a logon script that runs Auditpol.
Offline domain join