Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. You need to deploy a sales application that only the sales users must have access to
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Deploy a GPO for the Sales OU
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Domain based Distributed File System (DFS) namespace and DFS Replication.

2. Deployment of 10 WSUS servers across 10 branch office will take place over a three month period. The bandwidth between the corporate office and the branch offices must be minimized due to budget contraints within the company. Admins in the corporate
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Implement GPO for all client computers

3. If you need to change the TCP/IP addresses on 30 servers using the minimum amount of administrative effort

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

4. Assign the application to the user if you want the icon to appear on the start menu or desktop - but to allow the user to install it. Keep in mind if you assign the application to the user ....
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

5. To build a highly secure server cluster with a reduced attack surface area
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Winrm quickconfig
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Storage manager for SANs

6. You need to ensure that the guest account on all servers is disabled to
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Implement Windows System Resource Manager (WSRM)
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Discover the run Microsoft Baseline Security Analyzer (MBSA)

7. What role to keep same time as an external server?
Network Load Balancing (NLB) cluster
Install the RSAT tool on their workstation to provide for more efficient network management
PDC emulator with w32tm.exe
Ldp

8. All DCs run Windows Server 2008 R2 and have the DNS Server role installed. The domain controllers for each location are stored locally. Each has its own standard primary zone to support its local domain.You need a plan that meets the following: WAN l
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Create a standard secondary of domain and create standard secondary of other domain.
Creating a data collector set that kick off a scritp that either move or delete files.
Run net stop ntds

9. In AD Sites and Service - which level is Universal Group Membership caching activated / deactivated?
Implement folder redirection by using GPO. Then backup the folder redirection target.
Win2000
Site
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).

10. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
The Group Policy Management Console
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Microsoft Application Virtualization (AppV)
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates

11. To add a new UPN for all user accounts...
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Perform an authoritative restore
AD Domains and Trusts

12. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Incoming external trust
dnscmd
Ntfrsutil
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library

13. If subnets are connected by CISCO router that is RFC-1542 compliant
Use CISCO IP Helper command to configure.
Test-AppLockerPolicy
Your machine and remote desktops
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

14. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Execute the Set-ADServiceAccount cmdlet
Properties of PSO need modified
Add the user to the Domain Admins global group
Disable Site Link Bridging from IP Properties

15. Company users IPV4 and IPV6. A PC uses IPV6 and can no longer authenticate off the DC. What can be done to ensure IPV6 computers authenticate to DCs in same site...
Then configure auto enrollment of certificates and Credential Roaming.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Modify zone transfer settings for company.com zone on DCA
Subnet object needs to be created

16. You need a solution that replaces servers that host 2 applications. This solution must use Windows Server 2008 R2 and minimize cost.
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
AD Domains and Trusts
Windows BitLocker Drive Encryption (Bit Locker)

17. What should be done to ensure changes made to AD objects can be logged?
Domain based Distributed File System (DFS) will reduce network traffic
Implement a Remote Desktop Connection Broker (RD Connection Broker)
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

18. In order to replicate SYSVOL shares by using DFS Replicaiton (DFS-R)
Changed manually
Microsoft System Center Data Protection Manager 2010
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Raise the DFL to Windows Server 2008 R2.

19. IF you need to automate deployment of 32 and 64 bit 2008 R2 servers
Then use Windows Deployment Services (WDS) on DHCP1.
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Registry on users computer needs to be modified
Data Recovery Agent

20. You need to recommend a Windows update strategy for the new branch office. The branch office has a 512 Kbps connection the corporate office and a 2 MB connection to the Internet. You should recommend this.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.

21. Domain.com's network consists of a single forest and a single domain - all Domain Controllers - Servers and Remote Desktop Services servers are now 2008 R2. All clients are Windows 7. You need to deploy a new CRM Applicaiton to the sales team. You mu
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

22. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Site
Install Windows Server Backup and modify the Windows firewall settings

23. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
FILES option within Ntdsutil
Domain based Distributed File System (DFS) namespace and DFS Replication.

24. To determine size of AD database file...
Dfsrdiag
View properties of %systemroot%ntdsntds.dit
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Windows Server 2003

25. You need to allow a user to add a single computer to a domain - without any additional rights...
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Prestage the computer account in AD
Implement Windows System Resource Manager (WSRM) and configure user policies
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

26. To ensure that user's documents are stored on the file server and thus subject to the corporate backup solution - you should implement this.
Folder redirection. Folder redirection is also useful when using roamin profiles.
Domain based DFS namespace and configure a DFS replication group
Configure authorization rules for Web developers on each web server
Run net stop ntds

27. Your company recently created a corporate web site using their own internal developers. Recently your CIO has decided that it would be best that some of the work be done by an outside contractor - and to allow that contractor to only the specific sec
IIS Manager user account
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.

28. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Deploy Microsoft System Center Operations Manager (SCOM)
Implement Windows System Resource Manager (WSRM)
Network Load Balancing (NLB)

29. SiteA is an existing AD site. You just created a new site in AD named SiteB. AD replication needs to be configured betwen the two sites so you install a new DC and you careatd a site link between the two sites. What should be done next?
Ensure your account - or the group is a member of the local Administrators group for that specific server.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Then install new Server 2008 R2 Enterprise subordinate CA.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th

30. What should be done to identify which LDAP computers are using the largest amount of available CPU resources on a DC?
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

31. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

32. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Software Restriction Polices
Offline domain join

33. If a user needs to access a new cert template when logging on to any client computer in domain and you need to automatically install on each client computer a cert
Dfsrdiag
Then configure auto enrollment of certificates and Credential Roaming.
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Implement a domain-based DFS namespace that uses replication

34. In Active Directory Sites and Services - what should be configured to ensure domain controllers only replicate between domain controllers in adjacent sites?
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Disable Site Link Bridging from the IP properties
Include a server that runs Microsoft Office SharePoint Server 2010
Configure the zone as an Activde Directory-Integrated zone.

35. You have a 2008 R2 serever that has SQL Server 2008 installed. The server has one RAID 5 array and two RAID 1 arrays. You need to allocate hard disck space on the server according to the followign requirements: prevent data los if a single hard disk
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

36. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Properties of PSO need modified

37. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Use local roles options within "dsmgmt"
Publish the application as a Remote App. Enable Remote Desktop Web Access (RD Web Access).
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Network Load Balancing (NLB) cluster

38. Currently you already have in place AD - DNS and DHCP. You need an automated deployment solution for the new servers that will boot using native VHD's. You should recommend
Configure authorization rules for Web developers on each web server
Then use Windows Deployment Services (WDS) on DHCP1.
Windows Deployment Services (WDS)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

39. To ensure IT Help Desk Users can create GPOs in the domain and give them a GPO that contains preconfigured settings that will be used to create new GPOs -
IIS Manager user account
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.

40. When deploying servers one would have to include some kind of process that would ultimately join the servers to the domain - this typically would require a script and a reboot. to help eliminate some of the steps involved and automate the deployment
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Windows System Resource Manager (WSRM)
Offline domain join
Dfsrdiag

41. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Active Directory Right Management Services (AD RMS)
Software Restriction Polices
IIS Chared Configuration

42. To compact AD database...
Certificate Templates
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
FILES option within Ntdsutil
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

43. Requirements are: support the installation of SQL Server 2008; Provide redundancy for SQL services if a single server fails. To accomplish this
IIS Chared Configuration
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.

44. You need to modify DNS infrastructure to support dynamic updates to ALL DNS servers; ensure DNS service available even if single server fails; encrypt the synchronization data sent between DNS servers.
Modify the GPO to include folder redirection
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
Configure the zone as an Activde Directory-Integrated zone.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.

45. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Dsmgmt
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Group Policy Preferences

46. All client computers run Windows 7. You have 8 Window Server 2003 servers that run Terminal Services. There is also an ISA server that runs the firewall. You need to plan on giving remote users access to the Terminal Servers according to these requir
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Implement a GPO for each domain
Create a new Password Settings Object (PSO) for the IT users.
View properties of %systemroot%ntdsntds.dit

47. To recover objects deleted from Active Directory you should recommend
Active Directory snapshots and Tombstone reanimation
DSMOD
1) Restart dc in DirectoryServiceRestoreMode - 2) Restory system state data to date before organizational unit was deleted - 3) Use ntdsutil utility to mark organizational unit as authoritative 4) Restart Domain Controller
Reinstall AD DS on DCC.company.com as a WRITABLE DC.

48. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
FILES option within Ntdsutil
Administrative Role Separation
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)

49. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Multipath I/O feature
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

50. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Install Hyper-V role and convert physical machines into virtual machines
Basic Authentication and SSL
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Zone transfer settings