Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Raise the DFL to Windows Server 2008 R2.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Create a MEDV workspace

2. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

3. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
AD RMS
Microsoft Desktop Optimization Pack (MDOP)

4. Your file server contains 2 volumes; one that contains the operating system and the other volume contains all data files. Your recovery strategy must meet these requirements: allows the operating system to be restored; allows the data files to be res
Add the Windows Server Backup feature and Windows System Image recovery.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Autonomous mode...This allows the local administrator to approve their own updates.

5. To backup to tape/robotic tape and to backup VMs you must use...
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Microsoft System Center Data Protection Manager 2010
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

6. DFL is...
Win2000 Native
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Certificate Templates
Service user account for AD LDS

7. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Create an e-mail account in AD DS for your RMS users
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Role Separation

8. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Run adprep /forestprep and adprep /domainprep
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

9. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Active Directory Users and Computers utility
Windows Deployment Services (WDS)

10. When recommending a monitoring solution for an application so that it's events can be stored in a central
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Ldp
Event Subscriptions

11. You need to design your WSUS infrastructure so that updates are highly available. To do so
Win2000
Event Viewer
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Implement Network Access Protection (NAP) that uses 802.1x enforcement

12. If you need to encrypt all data on all disks
Data Recovery Agent
AD RMS
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Then use Windows BitLocker Drive Encryption

13. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Recommend Active Directory delegation
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Implement Windows System Resource Manager (WSRM) and configure user policies

14. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure event log subscriptions
Configure offline files and enable manual caching
Run net stop ntds
ntdsutil

15. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Enable - ADoptionalFeature cmdlet
Configure caching on the shared folder and configure offline files to use encryption

16. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
DSMOD - ADUC
Execute the Set-ADServiceAccount cmdlet
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.

17. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

18. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
dsa.msc - dsamain.exe - ntdsutil.exe
Enable Windows Remote Management (WinRM) on each server.
Passive file screens
From Server A - run Create Basic Task Wizard

19. Can be used to install the Windows RE on existing servers
WDS
DISABLE slow link detection in the GPO
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Microsoft System Center Data Protection Manager 2010

20. To ensure that a file on a file server do not leave the organization you must implement this.
Winrm quickconfig
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
AD RMS

21. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
DSMOD

22. If subnets are connected by CISCO router that is RFC-1542 compliant
Deploy it by using Group Policy Software Installation method
Deploy a failover cluster that uses Node and File Share Disk Majority
Use CISCO IP Helper command to configure.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.

23. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Run auditpol and then configure the Security settings of the Domain Controllers OU.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

24. UPN Suffix xxxx.com needs to be available for user accounts...
Network Load Balancing (NLB)
Implement Network Access Protection (NAP)
Folder redirection. Folder redirection is also useful when using roamin profiles.
Add the new UPN Suffix to the forest

25. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Dsmgmt
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Microsoft Application Virtualization (AppV)

26. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Win2000
DSMOD
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

27. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Disable Site Link Bridging from the IP properties
Implement Windows System Resource Manager (WSRM)
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Implement Windows BitLocker Drive Encryption (BitLocker)

28. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Run adprep /forestprep and adprep /domainprep
AD RMS
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

29. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Active Directory snapshots and Tombstone reanimation
Enable Windows Remote Management (WinRM) on the servers.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Implement Windows System Resource Manager (WSRM) and configure user policies

30. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Run adprep /forestprep and adprep /domainprep
Deploy a GPO for the Sales OU
Raise the DFL to Windows Server 2008 R2.
Implement Distributed File System Replication (DFSR) on both servers

31. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Windows Server 2003
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.

32. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement Network Access Protection (NAP) that uses 802.1x enforcement
net stop ntds
Software Restriction Polices

33. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

34. When one needs to audit files - folders - printers and the registry enable
Configure separate application pools for each application
Implement Windows System Resource Manager (WSRM) and configure user policies
Create a new Password Settings Object (PSO) for the IT users.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

35. To add a server with AD FS 2.0 role to an existing AD FS farm...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Implement Network Access Protection (NAP) that uses 802.1x enforcement
fsconfig on FSSrv2

36. you have fewer Server 2003 servers that have Terminal Services installed. you also have a firewall that runs ISA Server 2006. Your remote access strategy for the terminal servers needs to meet the following: encrypts all remote connections to the ter
Windows Server 2003
dsa.msc - dsamain.exe - ntdsutil.exe
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

37. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
AD Rights Management Services
Share and Storage Management
Implement a Remote Desktop Connection Broker (RD Connection Broker)

38. to make shares at a remote location available to users you should implement this.
Microsoft Application Virtualization (AppV)
Domain based Distributed File System (DFS) namespace and DFS Replication.
Run the Delegation of Control Wizard on the Staff OU
Purchase one additional Enterprise License

39. Tool to change Directory Services Restore Mode password on Domain Controller...
Configure block inheritance on the IT OU
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
ntdsutil
Back up to an external USB drive by using Windows Server Backup

40. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
AD Rights Management Services
Configure authorization rules for Web developers on each web server

41. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Microsoft Desktop Optimization Pack (MDOP)
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Install Windows Server Backup and modify the Windows firewall settings
Perform an authoritative restore

42. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Domain based Distributed File System (DFS) will reduce network traffic
Deploy a GPO for the Sales OU
Create and deploy a logon script that runs Auditpol.
Implement one LUN for the quorum and another LUN for the data

43. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
Add-ADFineGrainedPasswordPolicySubject cmdlet
Network Load Balancing (NLB)
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Create an e-mail account in AD DS for your RMS users.

44. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
Backup operator's domain local group
Install Windows Server Backup and modify the Windows firewall settings
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

45. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

46. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
dsa.msc - dsamain.exe - ntdsutil.exe
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Administrators is the minimum group membership required to complete this procedure.

47. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Autonomous mode...This allows the local administrator to approve their own updates.
Create an e-mail account in AD DS for your RMS users.
Distributed File System (DFS) Replication
Back up to an external USB drive by using Windows Server Backup

48. If you want to implement BitLocker and store recovery informaiton in a central location
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Dsmgmt
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in

49. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Microsoft System Center Data Protection Manager 2010
Network Load Balancing (NLB) cluster
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Recommend GPT and basic disks

50. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Active Directory Users and Computers utility
Run the Delegation of Control Wizard on the Staff OU
Implement a GPO for each domain
Use local roles options within "dsmgmt"