Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You have 2 Server Core servers that are part of a Network Load Balance that host a web site. To be able to allow administrators - on their Windows 7 computers - remotely manage the NLB with automation
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Enable Windows Remote Management (WinRM) on the servers.
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
MEDV to deploy virtual desktops

2. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
The Group Policy Management Console

3. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
Install and share a printer on a server and then enable printer pooling.
Create a MEDV workspace
Enable Credential Roaming
Create a new Password Settings Object (PSO) for the IT users.

4. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
Create an e-mail account in AD DS for your RMS users.
Run adprep /forestprep and adprep /domainprep

5. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Discover the run Microsoft Baseline Security Analyzer (MBSA)
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

6. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Active Directory Users and Computers
AD Domains and Trusts
Windows BitLocker Drive Encryption (Bit Locker)
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.

7. File that contains the last logon time and custom attributes values for each user in your forest.
Additional DFS Targets
Get-ADUser cmdlet
File Server Resource Manager (FSRM) quotas and file screens
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.

8. If you need a VPN soluction that stores VPN passwords as encrypted text and supports automatic enrollment of certificates
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
AD Rights Management Services
Raise the DFL to Windows Server 2008 R2.

9. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Add the user to the Domain Admins global group
Then use Windows Deployment Services (WDS) on DHCP1.

10. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Active Directory Users and Computers
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Increase the tombstone lifetime for the forest.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

11. To replicate SYSVOL using Distributed File System Replication (DFSR)...
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Then use Windows Deployment Services (WDS) on DHCP1.
DFL needs to be Windows Server 2008
Deploy a GPO to the WebSrvOU

12. To configure Administrator Role Separation for an RODC
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Passive file screens
Microsoft Desktop Optimization Pack (MDOP) to your company

13. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Raise the DFL to Windows Server 2008 R2.

14. You have a main office and a branch office. Your Active Director domain runs at functional level Windows Server 2008. You are planning to implement file servers in each office. Your file sharing implementation must meet the following requirements: us
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Group Policy Preferences
Implement a domain-based DFS namespace that uses replication
Apply a WMI Filter to the policy. Note: You can use a WMI filter to filter out VM from being affected by a GPO the same way you can a physcial machine.

15. From Win7 PC - to view all account logon successes that occur on domain and consolidate to one list...
Winrm quickconfig
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
WDS
ntdsutil

16. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Role Separation
Create a standard secondary of domain and create standard secondary of other domain.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

17. To back up your Hyper-VMs and the Hyper-V host; for each VM -
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Role Separation
Attach VHD file created by Windows server backup
Deploy Microsoft System Center Operations Manager (SCOM)

18. You need to generate a report on the status of software updates for your Windows 7 client computers with the following requirements: display all of the operating system updates and Microsoft application updates that installed successfully and failed;
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
Assign the application to computers in the PC OU
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

19. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Microsoft Desktop Optimization Pack (MDOP)

20. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Microsoft Desktop Optimization Pack (MDOP)
Implement one LUN for the quorum and another LUN for the data
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

21. If you need to ensure that data is protected by BitLocker then you will...
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
NOT be able to store that data on an iSCSI SAN
Certificate Templates
Backup operator's domain local group

22. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
View properties of %systemroot%ntdsntds.dit
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

23. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Purchase one additional Enterprise License
Execute the Set-ADServiceAccount cmdlet
Folder redirection. Folder redirection is also useful when using roamin profiles.

24. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Modify the GPO to include folder redirection
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
FILES option within Ntdsutil

25. You need to ensure that the guest account on all servers is disabled to
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Properties of PSO need modified
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Administrative Role Separation

26. UPN Suffix xxxx.com needs to be available for user accounts...
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Add the new UPN Suffix to the forest
Changed manually

27. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Win2000 Native
Run adprep /forestprep and adprep /domainprep
Install and share a printer on a server and then enable printer pooling.

28. 2 ways to relocate user and computer accounts to different OUs
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Group Policy Preferences
DSMOD - ADUC
Software Restriction Polices

29. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Microsoft System Center Data Protection Manager 2010
Install Windows Server Backup and modify the Windows firewall settings

30. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Active Directory Right Management Services (AD RMS)
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.

31. If you need to encrypt all data on all disks
Implement Windows System Resource Manager (WSRM)
Create a Central Store
A Distributed File System (DFS) namespace
Then use Windows BitLocker Drive Encryption

32. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Configure offline files and enable manual caching
Attach VHD file created by Windows server backup
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd

33. To monitor replication of group policy template files when DFL set at Windows 2008 R2...
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Dfsrdiag

34. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Run the Delegation of Control Wizard on the Staff OU
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Execute the Set-ADServiceAccount cmdlet
Configure the zone as an Activde Directory-Integrated zone.

35. If you need to delegate control of server to remote admins group
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Configure RODC for Administrator Role Separation
Create a Central Store

36. Tool to montior replicaiton of group policy template files when DFL set at Windows SVR 2003
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Ntfrsutil
Set-ADServiceAccount cmdlet
Share and Storage Management

37. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
Add the new UPN suffix to the forest.
Raise the DFL to Windows Server 2008 R2.
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster

38. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Install From Media IFM
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Increase the tombstone lifetime for the forest.

39. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Use CISCO IP Helper command to configure.
Recommend GPT and basic disks
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

40. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Run auditpol and then configure the Security settings of the Domain Controllers OU.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Purchase one additional Enterprise License
Then use Windows Deployment Services (WDS)

41. You have a single AD domain named ad.company.com. The FFL is windows 2000 and the DFL is Windows 2000 Native. The UPN suffix company.com needs to be available for user accounts. What should be done first?
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Recommend GPT and basic disks
Add the new UPN suffix to the forest.
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

42. DFL is...
Disable Site Link Bridging from the IP properties
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Win2000 Native
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array

43. You need a solution that meets policy while minimizing hardware and software costs
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Add the user to the Domain Admins global group
Create a new Password Settings Object (PSO) for the IT users.

44. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Configure the zone as an Activde Directory-Integrated zone.
Disable Site Link Bridging from the IP properties
Add the new UPN suffix to the forest.

45. You have two offices that are connected via a WAN link. Each office has a 2008 R2 file server. Users store their data on their local file server - but they can also acces data from the other office. You must implement a data solution according to the
Implement Network Access Protection (NAP)
Implement Distributed File System Replication (DFSR) on both servers
A Fibre Channel (FC) disk storage subsystem that uses Microsoft Multipath I/O. Configure a RAID 5 array.
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

46. You need to allow remote access to the servers on your network while meeting the following requirements: all remote connections to the servers must be encrypted; all remote authentication attempts to the servers must be encrypted; only inbound connec
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Authorization Manager role assignment

47. You need to deploy a sales application that only the sales users must have access to
DISABLE slow link detection in the GPO
Deploy a GPO for the Sales OU
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

48. When implementing a Hyper-V environment the benefits are enormous - however there are certain aspects of virtualization that can create some additional administrative overhead that you can not have in a pure physical environment for example
Basic Authentication and SSL
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
New ACCOUNT STORE should be added and configured
Create ADMX and ADML files. Configure the GPO and link it to the domain.

49. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
Assign the application to all client computers by using a GPO.
Recommend Group Policy preferences
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)

50. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
From Server A - run Create Basic Task Wizard
Raise the DFL to Windows Server 2008 R2.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).
Dfsrdiag