Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Install From Media IFM
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Disable Site Link Bridging from the IP properties

2. The Computer Management snap-in allows you to create shares both on...
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Your machine and remote desktops
Install WSUS 3.0 on a 2008 R2 server and configure Windows Update by using a GPO
Implement a Remote Desktop Connection Broker (RD Connection Broker)

3. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Utilize IFM (Install From Media)
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Purchase one additional Enterprise License
Raise the DFL to Windows Server 2008 R2.

4. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Install Windows Server Backup and modify the Windows firewall settings
Windows XP Mode
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.

5. If you need to minimize the bandwidth for installation
View properties of %systemroot%ntdsntds.dit
Incoming external trust
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Utilize IFM (Install From Media)

6. Enables you to receive emails when domain users locked out of accounts...
Event Viewer
Attach VHD file created by Windows server backup
Printer driver isolation
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events

7. The servers in each office run Server 2008 R2 Enterprise Edition. You need to plan a failover cluster solution to service users in both offices that meet these: maintain the availability of services if a single server fails; minimize the number of se
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Deploy a failover cluster that contains one node in each office.
Microsoft Desktop Optimization Pack (MDOP)
Prestage the computer account in AD

8. To add a server with AD FS 2.0 role to an existing AD FS farm...
Then Upgrade clients to Win7 - implement Enterprise CA on Win 2008 R2 and implement IPSec VPN with cert-based authentication.
fsconfig on FSSrv2
Configure each SharePoint site to use a separate application pool - and then implement Windows System Resource Manager (WSRM)
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers

9. What should be done to ensure changes made to AD objects can be logged?
Service user account for AD LDS
Configure authorization rules for Web developers on each web server
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

10. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Execute the Active Directory Diagnostics Data Collector Set and then review the report.
Zone transfer settings
Domain based DFS namespace and configure a DFS replication group

11. An external partner plan requires the following: prevent sensitive documents from being forwarded to untrusted recipients or from being printed; allow users in the external partner organization to access the protected content to which they have been
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Certificate Templates
Establish a Federated Trust between your company and the external partner. Deploy a 2008 R2 server that runs MIcrosoft SharePoint 2010 and that has the Active Directory Rights Management Services (AD MS) role installed.
Administrators is the minimum group membership required to complete this procedure.

12. What GPO setting should be configured to prevent all users from running an application?
net stop ntds
Software Restriction Polices
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

13. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Deploy Microsoft System Center Operations Manager (SCOM)
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Use local roles options within "dsmgmt"
Configure caching on the shared folder (offline files)

14. GPO's can be difficult to manage; you need a solution that will include version tracking and offline modifications. You should recommend
Implement a domain-based DFS namespace that uses replication
Add-ADFineGrainedPasswordPolicySubject cmdlet
Microsoft Desktop Optimization Pack (MDOP) to your company
Get-ADUser cmdlet

15. You need to design a data storage solution that meets the following: users must be able to choose the documents that will be available when they are away from the network; minimize the number of documents that are stored on users' portable computers;
Deploy a GPO to the WebSrvOU
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
AD Domains and Trusts
Configure offline files and enable manual caching

16. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Windows BitLocker Drive Encryption (Bit Locker)
Implement folder redirection by using GPO. Then backup the folder redirection target.
Assign the application to computers in the PC OU
Import-Module

17. You need to recommend a solution for users in the branch office to access files in the main office. To minimize the amount of time it takes for users in the Branch office to access files stored on servers in the main office - and minimize the number
Deploy it by using Group Policy Software Installation method
Offline domain join
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Changed manually

18. If you need to be able to create shared folders on Server 2008 R2
Deploy a GPO to the WebSrvOU
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
Install Windows Server Backup and modify the Windows firewall settings
Ensure your account - or the group is a member of the local Administrators group for that specific server.

19. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Microsoft System Center Data Protection Manager
dnscmd tool
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent

20. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

21. You have a couple support technicians located in branch office on Server 2008 R2 machines with the following requirements: Install server roles; stop and start services; minimize the security privileges granted to the support technicians
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
AD Domains and Trusts
dnscmd
Set-ADServiceAccount cmdlet

22. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Implement Windows System Resource Manager (WSRM) and configure user policies
WSUS server in the branch office in replica mode.

23. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Deploy it by using Group Policy Software Installation method
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

24. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
FILES option within Ntdsutil
PDC emulator with w32tm.exe
Active Directory Right Management Services (AD RMS)
Multipath I/O feature

25. You are about to deploy 1 -000 Windows 7 desktops and your company has a web based application that only runs correctly when using IE 6. You should use
MEDV to deploy virtual desktops
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Add the new UPN Suffix to the forest
Execute the Set-ADServiceAccount cmdlet

26. What should be configured to ensure domain controllers only replicate between doain controllers in adjacent sites?
Enable - ADoptionalFeature cmdlet
Service user account for AD LDS
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Disable Site Link Bridging from IP Properties

27. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

28. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Software Restriction Polices
Event Log Subscriptions
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Run the Delegation of Control Wizard on the Staff OU

29. Internet access is provided through the main office to the satellite offices. You need to design a patch management for the satellite offices that meet the following requirements: WSUS updates are approved from a central location; internet traffic is
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Active Directory Users and Computers utility
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.

30. To compact AD database...
FILES option within Ntdsutil
Registry on users computer needs to be modified
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Event Viewer

31. Srv1 is a file server that has five internal SCSI hard drives. Your storage strategy needs to meet the following requirements: Physically separates the operating system data from the user data; maximize the disk space available for data storage; uses
Recommend GPT and basic disks
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
File Server Resource Manager (FSRM) quotas and file screens

32. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Microsoft Desktop Optimization Pack (MDOP)
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

33. To ensure that a group in not giving too many permissions when delegating be sure to delagate permissions at the lower level OUs vs. at the domain level for example
DFL needs to be Windows Server 2008
Basic Authentication and SSL
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Implement a GPO for each domain

34. Ensure password length for a group set to 12 characters long while others keep password policy
Add-ADFineGrainedPasswordPolicySubject cmdlet
Dynamically expanding VHD's
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)

35. You need to ensure that users that access your web site can use any browser; however - they must be authenticated on a membership page. In order for this authentication to be done securely in IIS implement
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
Basic Authentication and SSL
Set-ADServiceAccount cmdlet
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

36. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Certificate Templates
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Authorization Manager

37. What should be done so the application does not fail after 30 days while still keeping the password policy in mind?
Enable - ADoptionalFeature cmdlet
DFL needs to be Windows Server 2008
Execute the Set-ADServiceAccount cmdlet
Create an Active Directory-Integrated zone.

38. All servers run 2008 R2 and all client computers run Windows 7. Server users have laptops and work from home. You need to plan an infrastructure to secure sensitive files according to these requirements: files must be - stored in an encrypted format;
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP
Certificate Templates
Install Windows Server Backup and modify the Windows firewall settings
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

39. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Microsoft SharePoint Foundation 2010
Software Restriction Polices
Run adprep /forestprep and adprep /domainprep

40. You have a main office and 2 branch offices. Your OU structure mimics this. The branch office admins need to be able to apply GPOs only to their respective OUs. What 2 steps should you take to accomplish this?
Enable Credential Roaming
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Perform an authoritative restore

41. Audit account management policy settings and Audit directory services access settings are enabled for the entire domain. What should be done to ensure that changes made to AD objects can be logged? The logged changes must include the old and new valu
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Passive file screens
Run auditpol and then configure the Security settings of the Domain Controllers OU.

42. USB storage deviced on the client computers can be very convenient; however they create a huge security risk. To help reduce the risk of USB deviced you can implement...
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
New ACCOUNT STORE should be added and configured
Then use Windows Deployment Services (WDS)

43. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Deploy an additional WSUS server for the remote teachers. Configure the remote teacher's laptops to use the additional WSUS server. Configure the addtional WSUS server to leave the updates on the Microsoft Update Web Site.
Network Load Balancing (NLB) cluster
Set-ADServiceAccount cmdlet
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

44. To replicate SYSVOL using Distributed File System Replication (DFSR)...
DFL needs to be Windows Server 2008
Network Load Balancing (NLB)
dnscmd tool
Add-ADFineGrainedPasswordPolicySubject cmdlet

45. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
Configure folder redirection
Implement the Windows Search Service.
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Your machine and remote desktops

46. To allow for an application on a Remote Desktop Server to be available through document invocation - you must
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Configure separate application pools for each application
Implement Windows BitLocker Drive Encryption (BitLocker)

47. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Install and share a printer on a server and then enable printer pooling.
net stop ntds

48. You need a solution that allows your users to collaborate with each other and that must meet these: enables - full text indexing of all user content - remote access to files by using a Web browser - secure access to files by assigning permisions; sup
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
Install From Media IFM
Include a server that runs Microsoft Office SharePoint Server 2010

49. DCA is DC and DNS server that holds ADI zone for company.com DNSB is member server that has DNS server role installed. What should be done so DNSB can get zone updates from DCA?
Modify zone transfer settings for company.com zone on DCA
Configure authorization rules for Web developers on each web server
Windows System Resource Manager (WSRM)
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.

50. Policy states that users are to log into AD by usine a new User Principal Name (UPN). What tool should be used to modify the UPN suffix for all user accounts?
DSMOD
Add George to the Domain Admins group.
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
Store all sensitive files in EFS encrypted folders and require home users to access the files by using SSTP