Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Configure event log subscriptions
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Install Hyper-V role and convert physical machines into virtual machines
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.

2. To be able to manage all the corporate servers from a workstation - you must install the
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

3. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Configure Firewall Group Policies and link them at the Domain level
PDC emulator with w32tm.exe
Windows Server 2003
From Server1 - run the Create Basic Task Wizard

4. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Attach VHD file created by Windows server backup
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Microsoft Desktop Optimization Pack (MDOP) to your company
Test-AppLockerPolicy

5. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Set-ADServiceAccount cmdlet
Storage manager for SANs
Recommend Offline Files

6. What role to keep same time as an external server?
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Active Directory snapshots and Tombstone reanimation
PDC emulator with w32tm.exe
Windows Server 2003

7. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
DSMOD
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

8. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Implement Distributed File System Replication (DFSR) on both servers
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Domain based Distributed File System (DFS) will reduce network traffic
Subnet object needs to be created

9. A specific application requires registry modifications to be in place before installing; you should use
Back up to an external USB drive by using Windows Server Backup
Group Policy Preferences
Recommend Offline Files
Microsoft SharePoint Foundation 2010

10. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Distributed File System (DFS) Replication
Domain based Distributed File System (DFS) will reduce network traffic

11. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Zone transfer settings
The Group Policy Management Console
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

12. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Use local roles options within "dsmgmt"
NOT be able to store that data on an iSCSI SAN
WDS
Dfsrdiag

13. You need to create a DNS infrastructure that must allow client computers in each office to register DNA names within their respective offices and client computuers must be able to resolve names for hosts in all offices
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Utilize IFM (Install From Media)
Create an Active Directory-Integrated zone.
Ensure your account - or the group is a member of the local Administrators group for that specific server.

14. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
Dynamically expanding VHD's
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Deploy the Root CA certificate to the external computers.
Configure an audit policy by editing the default domain policy and configure Event Forwarding

15. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Domain based DFS namespace and configure a DFS replication group
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure caching on the shared folder and configure offline files to use encryption

16. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Import-Module
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Use a GPO to configure device installation restrictions

17. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

18. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Administrators is the minimum group membership required to complete this procedure.

19. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
DSMOD
Perform an authoritative restore
Add the Windows Server Backup feature and Windows System Image recovery.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.

20. You need to recommend a BitLocker recovery method you should recommend this.
Incoming external trust
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Data Recovery Agent
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.

21. Certain apps may require that the end user have the ability to make changes to the application - however some applications may allow these changes to be made in the registry. To give you as the administrator the ability to make changes as necessary -
Upgrading DFS to Windows Server 2008 R2
Win2000
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Group Policy Preferences

22. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Test-AppLockerPolicy
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Dsmgmt

23. Your domain has three OUs - HR - IT - and Sales. You need to redesign the layout of the OUs to support the following: Prevent GPOs that are linked to the domain from applying to computers located in IT OU; minimize number of GPOs; minimize number of
Configure block inheritance on the IT OU
Implement a domain-based DFS namespace that uses replication
Create a Central Store
Configure Firewall Group Policies and link them at the Domain level

24. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Configure separate application pools for each application
Then use Windows BitLocker Drive Encryption
Utilize IFM (Install From Media)
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

25. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Configure authorization rules for Web developers on each web server

26. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Add the user to the Domain Admins global group
Role Separation
Disable Site Link Bridging from the IP properties
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

27. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Test-AppLockerPolicy
Certificate Templates
Domain based DFS namespace and configure a DFS replication group
Prestage the computer account in AD

28. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
From Server A - run Create Basic Task Wizard
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Win2000 Native

29. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Then install new Server 2008 R2 Enterprise subordinate CA.
WSUS server in the branch office in replica mode.
Software Restriction Polices
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

30. AD RMS is being used on the network. George is only a member of the AD RMS Enterprise Administrators group. Mitt needs to be able to change the service connection point (SCP) for the AD RMS installation. What should be done so George can accomplish t
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
FILES option within Ntdsutil
Add George to the Domain Admins group.
Recommend Offline Files

31. You don't want users to be able to install removable devices on client computers. However - domain admins and desktop support technicians must be allowed to install removable devices on client computers
Add George to the Domain Admins group.
Use local roles options within "dsmgmt"
Implement GPO for all client computers
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

32. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Implement Windows System Resource Manager (WSRM) and configure user policies
Passive file screens
The Group Policy Management console
Autonomous mode...This allows the local administrator to approve their own updates.

33. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Event Viewer
Disable Site Link Bridging from IP Properties
FILES option within Ntdsutil

34. If you need to delegate control of server to remote admins group
Prestage the computer account in AD
Active Directory Users and Computers utility
Network Load Balancing (NLB) cluster
Configure RODC for Administrator Role Separation

35. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Microsoft System Center Data Protection Manager
Distributed File System (DFS) Replication

36. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Create and deploy a logon script that runs Auditpol.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Create ADMX and ADML files. Configure the GPO and link it to the domain.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

37. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Deploy a failover cluster that contains one node in each office.
Passive file screens
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

38. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Backup operator's domain local group
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

39. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Test-AppLockerPolicy
Authorization Manager
Disable Site Link Bridging from the IP properties
Dynamically expanding VHD's

40. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Your machine and remote desktops
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

41. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Properties of PSO need modified
Create an e-mail account in AD DS for your RMS users.
Assign the application to computers in the PC OU
Active Directory Domains and Trusts

42. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Increase the tombstone lifetime for the forest.
Dsmgmt
Create a Central Store

43. To defragment and AD database...
net stop ntds
Domain based Distributed File System (DFS) will reduce network traffic
Then use Windows Deployment Services (WDS)
Raise the DFL to Windows Server 2008 R2.

44. Deploying a web server farm can be costly. You need to minimize the amount of disk space used.
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Configure event log subscriptions
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

45. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Certificate Templates

46. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Configure separate application pools for each application
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
The Group Policy Management console

47. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Then install new Server 2008 R2 Enterprise subordinate CA.
Active Directory Users and Computers utility
Subnet object needs to be created

48. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Software Restriction Polices
Then configure auto enrollment of certificates and Credential Roaming.
Incoming external trust
PowerShell 2.0

49. To backup Virtual Machines
dsa.msc - dsamain.exe - ntdsutil.exe
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Implement a domain-based DFS namespace that uses replication
Passive file screens

50. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Microsoft SharePoint Foundation 2010
Create ADMX and ADML files. Configure the GPO and link it to the domain.
AD RMS
DSMOD - ADUC