Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. 2 ways to relocate user and computer accounts to different OUs
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Registry on users computer needs to be modified
DSMOD - ADUC

2. With Group Polices having over 8 -000 different settings - the possibility of conflicting policies - and security filters you should track multiple versions and offline modifications to GPOs. You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Basic Authentication and SSL
Passive file screens
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

3. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Dsmgmt
Windows Deployment Services (WDS)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.

4. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
File Server Resource Manager (FSRM) quotas and file screens

5. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Recommend Group Policy preferences

6. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Install and share a printer on a server and then enable printer pooling.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Then use on install image file that contains a single install image.

7. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
The Group Policy Management console
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Raise the DFL to Windows Server 2008 R2.

8. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Deploy it by using Group Policy Software Installation method
Ntfrsutil
AD RMS
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

9. Several employees say they can't get on domain with "password incorrect" message. What utility tool can be used to identify issue and also ensure users can log into domain?
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Repadmin
Add the new UPN suffix to the forest.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

10. An AD LDS instance needs to be replicated from one server to another...
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
Service user account for AD LDS
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

11. When recommending a monitoring solution for an application so that it's events can be stored in a central
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
DSMOD
Backup operator's domain local group
Event Subscriptions

12. File that contains the last logon time and custom attributes values for each user in your forest.
Get-ADUser cmdlet
Assign the application to computers in the PC OU
Modify the local policy to point to the Internal WSUS server
net stop ntds

13. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

14. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Implement a Remote Desktop Connection Broker (RD Connection Broker)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Windows System Resource Manager (WSRM)

15. To protect all computers on the network from unwanted access and to ensure a consistent configuration
Run net stop ntds
Configure Firewall Group Policies and link them at the Domain level
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Create ADMX and ADML files. Configure the GPO and link it to the domain.

16. To recover objects deleted from Active Directory you should recommend
Administrative Role Separation
Active Directory snapshots and Tombstone reanimation
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP

17. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Then install new Server 2008 R2 Enterprise subordinate CA.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.

18. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Modify the local policy to point to the Internal WSUS server
Incoming external trust
Ldp
Dfsrdiag

19. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Then use Windows Deployment Services (WDS)
Basic Authentication and SSL

20. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
Add the new UPN Suffix to the forest
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
IIS Chared Configuration
Registry on users computer needs to be modified

21. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Network Load Balancing (NLB)
Configure Audit Special Logon and define Special Groups
Implement the Windows Search Service.

22. The company requires that only users that have a certificate can recover BitLocker keys. To support this requirement you will need to
View properties of %systemroot%ntdsntds.dit
Implement a domain-based DFS namespace that uses replication
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

23. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Increase the tombstone lifetime for the forest.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
PowerShell 2.0

24. to protect file servers and hard disks that may be at risk of being accessed or stolen
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement Windows BitLocker Drive Encryption (BitLocker)
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

25. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Configure separate application pools for each application
Windows System Resource Manager (WSRM)
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.

26. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Create an e-mail account in AD DS for your RMS users.
Configure folder redirection
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

27. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
From Server1 - run the Create Basic Task Wizard
Execute the Set-ADServiceAccount cmdlet
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

28. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
dnscmd tool
Network Load Balancing (NLB)
Properties of PSO need modified
WSUS server in the branch office in replica mode.

29. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
IIS Manager user account
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
PowerShell 2.0
Subnet object needs to be created

30. A specific application requires registry modifications to be in place before installing; you should use
Group Policy Preferences
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
MEDV to deploy virtual desktops

31. If you need to deploy multiple servers through automation of installation and activation and minimize network traffic
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Domain based DFS namespace and configure a DFS replication group
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

32. 3 servers are configured as DNS servers and are ADI for the company.com zone. DNS only allows for secure updates - but you need to enable dynamic DNS updates on DCC.company.com...What do you do?
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
Autonomous mode...This allows the local administrator to approve their own updates.
Dynamically expanding VHD's
DFL needs to be Windows Server 2008

33. When one needs to audit files - folders - printers and the registry enable
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Configure Firewall Group Policies and link them at the Domain level
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Data Recovery Agent

34. Can be used to install the Windows RE on existing servers
WDS
Create a new Password Settings Object (PSO) for the IT users.
Recommend GPT and basic disks
Network Load Balancing (NLB)

35. You need to deploy a distributed database application that meets the following: allocates storage to servers as required; isolates storage traffic from the exisiting network; ensures that data is available if a single disk fails; ensures that data is
Modify properties of RODC server computer account.
Offline domain join
Win2000 Native
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.

36. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Test-AppLockerPolicy
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Back up to an external USB drive by using Windows Server Backup

37. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Winrm quickconfig
Dfsrdiag
Backup operator's domain local group
Autonomous mode...This allows the local administrator to approve their own updates.

38. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Site
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Data Recovery Agent

39. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Implement a domain-based DFS namespace that uses replication
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Create an e-mail account in AD DS for your RMS users
Certificate Templates

40. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Folder redirection. Folder redirection is also useful when using roamin profiles.
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

41. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Implement Windows BitLocker Drive Encryption (BitLocker)
Create a MEDV workspace

42. Your data recovery strategy for your Server 2008 R2 file server must meet the followign requirements: All data volumes on the server must be backed up daily; backups must have a minimal impact on performance; if a disk fails - the recovery strategy m
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

43. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

44. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
Restore-ADObject cmdlet
Configure separate application pools for each application
Implement GPO for all client computers
Implement Network Access Protection (NAP)

45. You need to recommend a solution to minimize the amount of time it takes for the sales department users to locate files in teh course bookings share.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement the Windows Search Service.
Storage manager for SANs
Windows Deployment Services (WDS)

46. If you need to minimize the bandwidth for installation
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Utilize IFM (Install From Media)
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Winrm quickconfig

47. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Then install new Server 2008 R2 Enterprise subordinate CA.
PDC emulator with w32tm.exe
Raise the DFL to Windows Server 2008 R2.
Certificate Templates

48. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Software Restriction Polices
Windows XP Mode
Test-AppLockerPolicy

49. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Import-Module
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)
Configure block inheritance on the IT OU

50. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
DFL needs to be Windows Server 2008
Implement Windows System Resource Manager (WSRM) and configure user policies
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.