Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To allow administrators tha trun Windows 7 ability to manage the DNS server that runs on the Server Core installation of Server 2008 R2
ntdsutil
Basic Authentication and SSL
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Then configure GlobalNames zones on each domain controller.

2. WSSvr1 has Windows SharePoint Services role installed and contains 20 SharePoint sites. You need to optimize performance and ensure that if CPU utilization exceeds 75% - then an equal amount of system resources are allocated to each SharePoint site.
FILES option within Ntdsutil
Then configure GlobalNames zones on each domain controller.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

3. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Jill came down with 2.50.
Active Directory Right Management Services (AD RMS)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Refresh the zone on DNS2

4. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Incoming external trust
Network Load Balancing (NLB)
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

5. to increase the reliability of the print server - configure...
Microsoft Desktop Optimization Pack (MDOP)
Assign the application to all client computers by using a GPO.
Printer driver isolation
Deploy it by using Group Policy Software Installation method

6. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Install and share a printer on a server and then enable printer pooling.
Microsoft Desktop Optimization Pack (MDOP)
dsa.msc - dsamain.exe - ntdsutil.exe
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

7. To configure Administrator Role Separation for an RODC
Add the Windows Server Backup feature and Windows System Image recovery.
AD Domains and Trusts
Winrm quickconfig
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

8. The Computer Management snap-in allows you to create shares both on...
Configure RODC for Administrator Role Separation
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Your machine and remote desktops
Administrative Role Separation

9. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Then configure GlobalNames zones on each domain controller.
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Create a Network Load Balancing cluster.
Import-Module

10. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
Administrative Role Separation
Create a standard secondary of domain and create standard secondary of other domain.
New ACCOUNT STORE should be added and configured
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).

11. What shold be done to configure AD RMS so users can protect their data?
Set-ADServiceAccount cmdlet
Multipath I/O feature
Create an e-mail account in AD DS for your RMS users
Deploy Microsoft System Center Operations Manager (SCOM)

12. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Subnet object needs to be created
Deploy the Root CA certificate to the external computers.

13. Tools to view contents of an OU in an AD snapshot...
dsa.msc - dsamain.exe - ntdsutil.exe
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Assign the application to computers in the PC OU
Modify the schema of LDSInst1

14. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Your machine and remote desktops
Backup operator's domain local group
Site
Microsoft System Center Data Protection Manager

15. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
CAPublishGP group should have the Manage CA permission.
Basic Authentication and SSL
Active Directory Users and Computers utility
Recommend Group Policy preferences

16. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Additional DFS Targets
Implement Distributed File System Replication (DFSR) on both servers
Test-AppLockerPolicy

17. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Printer driver isolation
Disable Site Link Bridging from the IP properties
Recommend GPT and basic disks
Run net stop ntds

18. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

19. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Configure Firewall Group Policies and link them at the Domain level
Certificate Templates
CAPublishGP group should have the Manage CA permission.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

20. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Install Windows Server Backup and modify the Windows firewall settings
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Set-ADServiceAccount cmdlet
DISABLE slow link detection in the GPO

21. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
Properties of PSO need modified
IIS Manager user account
DISABLE slow link detection in the GPO
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

22. If you need to encrypt all data on all disks
Utilize IFM (Install From Media)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Then use Windows BitLocker Drive Encryption
Enable Windows Remote Management (WinRM) on the servers.

23. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Repadmin
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Set-ADServiceAccount cmdlet

24. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Implement Windows BitLocker Drive Encryption (BitLocker)
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Raise the DFL to Windows Server 2008 R2.
Implement GPO for all client computers

25. Minimal FFL needed to deploy an RODC that runs Windows Server 2008 R2...
Upgrading DFS to Windows Server 2008 R2
Windows Server 2003
Attach VHD file created by Windows server backup
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

26. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Then use on install image file that contains a single install image.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Raise the DFL to Windows Server 2008 R2.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

27. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Implement the Windows Search Service.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Storage manager for SANs
Use the Local Roles options with dsmgmt.

28. 2 ways to relocate user and computer accounts to different OUs
Dsmgmt
DSMOD - ADUC
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

29. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Configure block inheritance on the IT OU
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Event Viewer

30. When one needs to audit files - folders - printers and the registry enable
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
Install Hyper-V role and convert physical machines into virtual machines
Import-Module
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

31. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Storage manager for SANs
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Certificate Templates

32. Two different solutions are available to help assign IP addresses to remote clients that need to VPN or Dial-in to the branch office.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

33. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Zone transfer settings
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

34. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Implement one LUN for the quorum and another LUN for the data
Prestage the computer account in AD

35. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Assign the application to all client computers by using a GPO.

36. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Then use on install image file that contains a single install image.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

37. When using Remote Desktop and Remote Desktop Session hosts - to be able to control both who can gain access - and to what - on the network configure;
Folder redirection. Folder redirection is also useful when using roamin profiles.
CAPublishGP group should have the Manage CA permission.
Implement a domain-based DFS namespace that uses replication
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)

38. If users complain that it is hard to find the shared folders on the network implement
Windows Server 2003
Disable Site Link Bridging from IP Properties
From Server A - run Create Basic Task Wizard
Additional DFS Targets

39. To ensure that when certain users log on to any client computers in the branch office - they automatically receive the local administrator rights to the computer - and when they log off - they must lose the administrator rights
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Microsoft SharePoint Foundation 2010
Add-ADFineGrainedPasswordPolicySubject cmdlet
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

40. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Install From Media IFM
Add-ADFineGrainedPasswordPolicySubject cmdlet
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

41. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Create a standard secondary of domain and create standard secondary of other domain.
Assign the application to computers in the PC OU
Enable Windows Remote Management (WinRM) on each server.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

42. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Distributed File System (DFS) Replication
Get-ADUser cmdlet
NOT be able to store that data on an iSCSI SAN
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

43. To restore previous version of script without taking up too much of time...
Dfsrdiag
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Attach VHD file created by Windows server backup
Software Restriction Polices

44. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
IIS Manager user account
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Configure RODC for Administrator Role Separation
Incoming external trust

45. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Refresh the zone on DNS2
Role Separation
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

46. In order to ensure highly available Windows Update servers you should create this.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Increase the tombstone lifetime for the forest.
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

47. Users need to be warned when uploading or copying MP3 files onto a corporate network share. You should implement this.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Passive file screens
Create a Central Store
Windows Server 2003

48. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Implement Windows System Resource Manager (WSRM)
Multipath I/O feature
DFL needs to be Windows Server 2008

49. To build a highly secure server cluster with a reduced attack surface area
Assign the application to computers in the PC OU
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.

50. Auditing the deletion of Registry keys on all Domain Controllers
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
PowerShell 2.0
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up