Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To allow a specifc user or group to manage the address information for the user accounts...
Use CISCO IP Helper command to configure.
Recommend Active Directory delegation
Implement Network Access Protection (NAP)
Jill came down with 2.50.

2. File that contains the last logon time and custom attributes values for each user in your forest.
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Offline domain join
Then configure auto enrollment of certificates and Credential Roaming.
Get-ADUser cmdlet

3. You have a 2008 R2 server configured as Remote Desktop Session host. You need to deploy a line-of-business app; however - the app requires desktop themes to be enabled. Your deployment strategy must meet these requirements: only authorized users must
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Then use Windows BitLocker Drive Encryption
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Create and deploy a logon script that runs Auditpol.

4. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Recommend Group Policy preferences
Install and share a printer on a server and then enable printer pooling.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Service user account for AD LDS

5. To backup GPO's in domain and minimize bakcup...
Ntdsutil
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Active Directory Users and Computers utility
The Group Policy Management Console

6. If subnets are connected by CISCO router that is RFC-1542 compliant
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Use CISCO IP Helper command to configure.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Encrypting File System (EFS). This can be enabled locally or through a GPO.

7. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Right Management Services (AD RMS)
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Then install new Server 2008 R2 Enterprise subordinate CA.

8. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

9. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Disable Site Link Bridging from IP Properties
Dfsrdiag
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.

10. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Active Directory snapshots and Tombstone reanimation
Set-ADServiceAccount cmdlet
dnscmd tool
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

11. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Dfsrdiag
Disable Site Link Bridging from IP Properties
Use local roles options within "dsmgmt"
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

12. Web server administrator's accountsd are in an OU called WebAdminOU and are member of a global group called WebAdmins. To allow the web server administrators to perform administrative tasks on the web servers - but not allow them to perform administr
Folder redirection. Folder redirection is also useful when using roamin profiles.
Deploy a GPO to the WebSrvOU
Then use Windows BitLocker Drive Encryption
Group Policy Preferences

13. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
802.1.x NAP
PDC emulator with w32tm.exe
Configure separate application pools for each application
Run auditpol and then configure the Security settings of the Domain Controllers OU.

14. Need to ensure users receive updated template within five days...
WDS
Share and Storage Management
Registry on users computer needs to be modified
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

15. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Implement Shadow Copies
Domain based Distributed File System (DFS) will reduce network traffic
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.

16. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Then install new Server 2008 R2 Enterprise subordinate CA.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

17. When service account passwords need to be changed for SQL they should be...
Modify the schema of LDSInst1
Changed manually
Configure event log subscriptions
Implement Shadow Copies

18. You just dconfigured so that Server1 zone is stored in AD and accept secure dynamic updates. What command should be executed so that Server2 can accept secure dynamic updates?
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Create a MEDV workspace
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer

19. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Deploy a failover cluster that uses Node and File Share Disk Majority
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.
Enable Windows Remote Management (WinRM) on each server.
Install Windows Server Backup and modify the Windows firewall settings

20. To restore previous version of script without taking up too much of time...
Attach VHD file created by Windows server backup
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Event Log Subscriptions

21. Company.com is working on a set of corporate documents. These documents are stored in a shared folder on your corporate file server. You need to protect documents as they get created.
Implement Windows System Resource Manager (WSRM)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Implement GPO for all client computers
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

22. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Create a Network Load Balancing cluster.
Deploy a failover cluster that contains one node in each office.
Include a server that runs Microsoft Office SharePoint Server 2010
The Group Policy Management console

23. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

24. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
WSUS server in the branch office in replica mode.
Add George to the Domain Admins group.
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

25. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Reinstall AD DS on DCC.company.com as a WRITABLE DC.
WSUS server in the branch office in replica mode.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

26. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. DFL is Windows Server 2003 and client computers run Vista. DCRMS is a server that holds AD RMS. What should be done to configure AD RMS so users - including Waldo - can protect their data?
dsa.msc - dsamain.exe - ntdsutil.exe
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Windows XP Mode
Create an e-mail account in AD DS for your RMS users.

28. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Then configure auto enrollment of certificates and Credential Roaming.
NOT be able to store that data on an iSCSI SAN
Modify the local policy to point to the Internal WSUS server
Deploy a GPO to the WebSrvOU

29. You need to implement read only copies of files at several locations. You currently have DFS for 2008 deployed. You should recommend this.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Deploy a GPO to the WebSrvOU
Upgrading DFS to Windows Server 2008 R2
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

30. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Offline domain join
Domain based Distributed File System (DFS) namespace and DFS Replication.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
CAPublishGP group should have the Manage CA permission.

31. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
djoin /requesteodj from internal server - djoin /provision from outside server/PC
An Active Directory subnet object needs to be created.
Microsoft Desktop Optimization Pack (MDOP)
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up

32. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
AD Rights Management Services
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

33. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Increase the tombstone lifetime for the forest.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Run adprep /forestprep and adprep /domainprep

34. To configure AD FS so tokens contain information from Active Directory domain...
Enable Windows Remote Management (WinRM) on each server.
New ACCOUNT STORE should be added and configured
Authorization Manager
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

35. To control access to resources using WSRM and to help prevent memory leaks from monopolizing your web server
Win2000
Then make sure all DCs are runing Windows Server 2008 R2 - and then use a GPO to enable Trusted Platform Module backups to AD.
Configure separate application pools for each application
Then use Windows Deployment Services (WDS) on DHCP1.

36. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Execute the Set-ADServiceAccount cmdlet
Event Log Subscriptions
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then use Windows Deployment Services (WDS)

37. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Dfsrdiag
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Windows BitLocker Drive Encryption (Bit Locker)
Zone transfer settings

38. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
MEDV to deploy virtual desktops
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Increase the tombstone lifetime for the forest.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

39. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Implement a GPO for each domain
Disable Site Link Bridging from IP Properties
AD Rights Management Services

40. Ensure password length for a group set to 12 characters long while others keep password policy
Utilize IFM (Install From Media)
Add-ADFineGrainedPasswordPolicySubject cmdlet
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Raise the DFL to Windows Server 2008 R2.

41. If you need to deploy a DHCP server that supports computers that start from a PXE network adapater and support Win7
Then use Windows Deployment Services (WDS)
Share and Storage Management
Add the user to the Domain Admins global group
Configure folder redirection

42. You need to come up with a solution for managing user accounts that: allows Help Desk department to manage the user objects in all domains and minimize the administrative effort required to manage the frequent changes to the Help Desk department
Software Restriction Polices
Domain based Distributed File System (DFS) namespace and DFS Replication.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Microsoft Desktop Optimization Pack (MDOP)

43. What shold be done to configure AD RMS so users can protect their data?
AD RMS
Create an e-mail account in AD DS for your RMS users
DSMOD
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.

44. To minimize the amount of storage used for virtual machines in a Virtual desktop pool the VHD's should be

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

45. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Run the Delegation of Control Wizard on the Staff OU
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Use the Local Roles options with dsmgmt.

46. You need a solution for your Web servers that meet these requirements: ensures that the Web site is accessible even if a single server fails; supports the addition of more Web servers without interrupting client connections.
Registry on users computer needs to be modified
Create a Network Load Balancing cluster.
Administrators is the minimum group membership required to complete this procedure.
Microsoft System Center Data Protection Manager

47. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Dfsrdiag

48. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Deploy Microsoft System Center Operations Manager (SCOM)
Authorization Manager

49. To allow all users in the forest to be able to resolve the names in the Forest Root Partition
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Create an e-mail account in AD DS for your RMS users.
Microsoft System Center Data Protection Manager 2010

50. You need to deploy a new application according to the following requirements: must be available to remote users when they are offline; must access the application from an icon on the Start menu
Assign the application to computers in the PC OU
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Create an e-mail account in AD DS for your RMS users
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.