Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. CAPublishGP needs to be able to publish new certificate revocation lists - but not be able to revoke certificates. How is this accomplished?
Event Log Subscriptions
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
CAPublishGP group should have the Manage CA permission.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

2. to protect file servers and hard disks that may be at risk of being accessed or stolen
Then install new Server 2008 R2 Enterprise subordinate CA.
Implement Windows System Resource Manager (WSRM)
Implement Windows BitLocker Drive Encryption (BitLocker)
Improve the performance of File Servers

3. When service account passwords need to be changed for SQL they should be...
Changed manually
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Create a new Password Settings Object (PSO) for the IT users.

4. If you need to encrypt all data on all disks
Then use Windows BitLocker Drive Encryption
Active Directory Users and Computers
Install the RSAT tool on their workstation to provide for more efficient network management
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.

5. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Create a MEDV workspace
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

6. To make sure that all current certificate holders automatically enroll for the new template - use what utility?
Certificate Templates
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
802.1.x NAP
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

7. FFL is...
Implement folder redirection by using GPO. Then backup the folder redirection target.
Win2000
Ntfrsutil
Create a MEDV workspace

8. If you want to allow single-label name resolution
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Include a server that runs Microsoft Office SharePoint Server 2010
Then configure GlobalNames zones on each domain controller.
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

9. AD structure includes a forest with one root domain and one child domain. Child domain lists entries that start with "S-1-5-21" but no account name listed. What should be done so account names are listed?
DISABLE slow link detection in the GPO
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Implement one LUN for the quorum and another LUN for the data
Purchase one additional Enterprise License

10. To limit each user's storage space and to prevent users from storing audio and video files on the servers you should recommend
File Server Resource Manager (FSRM) quotas and file screens
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Add-ADFineGrainedPasswordPolicySubject cmdlet
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

11. ServerA collects all events that occur on domain controllers with minimum effort from Event Viewer - what should be done to ensure notified when specific event occurs on any domain controllers...
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
From Server A - run Create Basic Task Wizard
An Active Directory subnet object needs to be created.

12. All servers run 2008 R2 and all client computers run Windows 7. Provide a necessary access solution that meets: only computers that have the most up-to-date service packs can be granted general network access; all noncompliant computers must be redir
From Server A - run Create Basic Task Wizard
Add the user to the Domain Admins global group
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Implement Network Access Protection (NAP)

13. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Increase the tombstone lifetime for the forest.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Modify the GPO to include folder redirection
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO

14. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Enable Windows Remote Management (WinRM) on each server.

15. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
Ntfrsutil
Deploy a GPO to the WebSrvOU
Use the Local Roles options with dsmgmt.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

16. Certain groups of users must be able to approve certificate requrests and revoke certificates but not be able to modify the properties of the CA. You should recommend
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Group Policy Preferences
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Role Separation

17. To prevent account password from being cached on RODC server...
Modify properties of RODC server computer account.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Dfsrdiag
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.

18. Your AD domain has an OU named Sales OU that contains the user accounts of the Sales department. A new password polity needs to be created for the Sales department that is different from the domain password policy. How is this accomplished?
Recommend GPT and basic disks
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
IIS Manager user account
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

19. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
Autonomous mode...This allows the local administrator to approve their own updates.
Run net stop ntds
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

20. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Active Directory snapshots and Tombstone reanimation
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Then use Windows Deployment Services (WDS)

21. If subnets are connected by CISCO router that is RFC-1542 compliant
Repadmin
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Use CISCO IP Helper command to configure.
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.

22. You need to recommend a BitLocker recovery method you should recommend this.
Implement one LUN for the quorum and another LUN for the data
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Data Recovery Agent
dnscmd tool

23. You have administrative templates that another company wants to use on their domain. How would you configure the other company's domain to use these administrative templates?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

24. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Implement Network Access Protection (NAP) that uses 802.1x enforcement
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Implement the Windows Search Service.

25. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Network Load Balancing (NLB)
From Server A - run Create Basic Task Wizard
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).

26. to increase the reliability of the print server - configure...
Backup operator's domain local group
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Printer driver isolation

27. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Purchase one additional Enterprise License
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Domain based DFS namespace and configure a DFS replication group

28. What role to keep same time as an external server?
Disable Site Link Bridging from the IP properties
Create a MEDV workspace
PDC emulator with w32tm.exe
AD Domains and Trusts

29. All servers use internal storage only. Srv1 is a Server 2008 R2 file server. you need to deploy a client/server application so that it is available if a single server fails. To achieve this while minimizing cost
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Import-Module
Increase the tombstone lifetime for the forest.
Deploy a failover cluster that uses Node and File Share Disk Majority

30. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Modify the local policy to point to the Internal WSUS server
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.

31. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Microsoft Desktop Optimization Pack (MDOP)
Create a Network Load Balancing cluster.
An Active Directory subnet object needs to be created.

32. All servers run 2008 R2 and all client computers run XP SP1. You need to deploy Distributed File System (DFS) to meet these: minimize cost; provide redundancy in the event a single server fails; ensure client computers reconnect to their preferred se
ntdsutil
Back up to an external USB drive by using Windows Server Backup
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Service user account for AD LDS

33. to make shares at a remote location available to users you should implement this.
Deploy a GPO for the Sales OU
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Domain based Distributed File System (DFS) namespace and DFS Replication.

34. If you need to minimize the bandwidth for installation
Implement Windows System Resource Manager (WSRM)
Win2000 Native
Get-ADUser cmdlet
Utilize IFM (Install From Media)

35. If CA PKI needs to support Suite B hashing and encryption algorithms and store keys in AD
Then install new Server 2008 R2 Enterprise subordinate CA.
Implement Windows BitLocker Drive Encryption (BitLocker)
Windows Server 2003
Administrators is the minimum group membership required to complete this procedure.

36. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Basic Authentication and SSL
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Dfsrdiag
Microsoft SharePoint Foundation 2010

37. If you want to allow the administrator in each office to manage DHCP scope for their own office - and prevent the administror of one office from managing DHCP scopes on the DHCP server in another office with mimimal admin effort
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Implement Network Access Protection (NAP)
Install From Media IFM

38. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
You can apply IE Group Policies only to the OU's that contain clients that must be restricted based on your corporate policies.
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Storage manager for SANs
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.

39. GPO setting to prevent all users from running an application
Software Restriction Polices
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Implement a domain-based DFS namespace that uses replication

40. All computers are running either Windows SP2 or Windows 7. You want to audit users that are accessing the administrative shares on all the computers...
Active Directory Domains and Trusts
Dfsrdiag
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Create and deploy a logon script that runs Auditpol.

41. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Configure separate application pools for each application

42. To restore deleted user account from AD Recycle Bin...
Create a MEDV workspace
DFL needs to be Windows Server 2008
Restore-ADObject cmdlet
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

43. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Domain based Distributed File System (DFS) will reduce network traffic
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Dfsrdiag

44. Your office has no Internet connection. Your data provisioning solution must meet these requirements: users that are not connected to the network must be able to access files and folders on the network; unauthorized users must not have access to the
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Utilize IFM (Install From Media)
Configure caching on the shared folder and configure offline files to use encryption
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.

45. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
Run adprep /forestprep and adprep /domainprep
Microsoft SharePoint Foundation 2010
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.

46. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
A relying party trust should be created.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Then use on install image file that contains a single install image.
Microsoft Desktop Optimization Pack (MDOP) to your company

47. You are upgrading only a few computers in one department to Windows 7. These computers are running a legacy XP application you should recommend...
Configure offline files and enable manual caching
Windows XP Mode
Windows Deployment Services (WDS)
Ntdsutil

48. To ensure that recovery is possible if a file on a file server is deleted accidentally
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Add the new UPN suffix to the forest.
Implement Shadow Copies

49. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Upgrading DFS to Windows Server 2008 R2
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Distributed File System (DFS) Replication
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}

50. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Implement Distributed File System Replication (DFSR) on both servers