Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Need to ensure users receive updated template within five days...
Group Policy Preferences
Registry on users computer needs to be modified
Storage manager for SANs
Configure offline files and enable manual caching

2. You need a tool that will help you manage LUN's for both iSCSI and Fibre Channel to support the provision of Virtual disks. You should recommend this.
Storage manager for SANs
Then use on install image file that contains a single install image.
Create an Active Directory-Integrated zone.
dnscmd tool

3. To create AD Domain Services snapshot
Improve the performance of File Servers
Authorization Manager
Ntdsutil
WSUS server in the branch office in replica mode.

4. If you need to encrypt all data on all disks
Microsoft Application Virtualization (AppV)
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Implement Network Access Protection (NAP)
Then use Windows BitLocker Drive Encryption

5. In order for admins at a branch office to be able to change their passwords and logon if a single DC fails even if the WAN Link to the corporate office fails you shoud

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

6. The solution requires that teachers that have been issued district based laptops - work remotely - and teach only on-line classes - must connect to the school network using split-tunnel VPN. Need to be sure that: minimize traffic over the VPN wheneve

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. The strongest form of NAP is
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Dfsrdiag
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Dsmgmt

8. What should be done to resolve names by using GlobalNames zone?
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Dsmgmt
dnscmd tool
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.

9. There is a file server in each office that contains a shared folder named Data. You need to plan the data availability for the Data folder according to these requirements: if WAN link fails - the files in the Data folder must be available in all of t
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Add the Windows Server Backup feature and Windows System Image recovery.
Registry on users computer needs to be modified
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology

10. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Properties of PSO need modified
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Certificate Templates
Import-Module

11. George's user account has been deleted in Active Directory. George's user account needs to be restored by usine minimal amount of effort. What should be done?
Perform an authoritative restore
PDC emulator with w32tm.exe
Jill came down with 2.50.
Install From Media IFM

12. If users complain that it is hard to find the shared folders on the network implement
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
View properties of %systemroot%ntdsntds.dit
Additional DFS Targets

13. Auditing the deletion of Registry keys on all Domain Controllers
Folder redirection. Folder redirection is also useful when using roamin profiles.
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
fsconfig on FSSrv2
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

14. To backup to tape/robotic tape and to backup VMs you must use...
Microsoft System Center Data Protection Manager 2010
Registry on users computer needs to be modified
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Implement Shadow Copies

15. You are evaluating whether to use express installation files as an update distribution mechanism. The technical requirement that
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Windows BitLocker Drive Encryption (Bit Locker)
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Certificate Templates

16. When deploying group polices we want to configure them so that they are applied as quickly as possible. One way this can be done is if the policy only consists of computer settings. If this is the case we can do this.
Disable the user half of the policy. For flow reasons we can stop policies from affecting certain computers and users by placing blocks at the OU level. This will prevent the policy from parent OUs from flowing into the child OU as long as the parent
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Authorization Manager
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie

17. You have a main office that contains two domain controllers and a branch office that has an RODC. What should be done so that a user named George can install updates on the RODC while preventing George from logging on to any other domain controller?
Use the Local Roles options with dsmgmt.
Service user account for AD LDS
Add-ADFineGrainedPasswordPolicySubject cmdlet
Back up to an external USB drive by using Windows Server Backup

18. SrvA has the AD LDS role and an instance named LDSInst1. You connect to this instance by using the ADSI Edit utility. When you execute the Create Object wizard there is no User object class. What should be done so you can create user objects in LDSIn
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Modify the schema of LDSInst1
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

19. To identify users who bypass the new corporate security policy -
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Data Recovery Agent
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Configure Audit Special Logon and define Special Groups

20. To help restrict access to Windows 7 computer in the event that it gets stolen implement
Windows BitLocker Drive Encryption (Bit Locker)
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
Back up to an external USB drive by using Windows Server Backup
Configure caching on the shared folder (offline files)

21. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Create a Network Load Balancing cluster.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

22. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
A Distributed File System (DFS) namespace
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Create a Central Store

23. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

24. AD CS is configured on Server1 as a standalone CA. What two actions should you do to audit changes to the CA configuration settings and the CA security settings?
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
CAPublishGP group should have the Manage CA permission.
Assign the application to all client computers by using a GPO.

25. There are now 4 primary types of VPN solutions - PPTP - L2TP - SSTP and Direct Access. If you need to implement a VPN on Vista SP1 or higher machines you can implement SSTP.
Implement a domain-based DFS namespace that uses replication
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Install Windows Server 2008 R2 Web Edition - it will use the least amount of disk space.
Install From Media IFM

26. Need a solution that will ensure that the initial settings when creating new policies for both forests will become more consistent. You should...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

27. An AD LDS instance needs to be replicated from one server to another...
Service user account for AD LDS
Storage manager for SANs
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Run adprep /forestprep and adprep /domainprep

28. when deploying Virtual Machines in a Remote Desktop pool you can minimize the amount of disk space used by the VM and reduced the admin effort by deploying this.
Implement Shadow Copies
Implement Windows System Resource Manager (WSRM) and configure user policies
Install Windows Server Backup and modify the Windows firewall settings
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.

29. You need a patch management strategy to deploy updates to the computers on the secure network. To accomplish
Additional DFS Targets
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU
Dsmgmt

30. WSUS infrastructure must meet the following: distributed from a central location - all computers must continue to receive updates in the event that a server fails
DSMOD
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Configure Microsoft SQL Server 2008 failover cluster. Configure two WSUS servers in a Network Load Balancing cluster. Configure WSUS to use the remote SQL Server 2008 database instance.
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management

31. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
From Server1 - run the Create Basic Task Wizard
Set-ADServiceAccount cmdlet
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

32. Srv1 is a Server 2008 R2 file server. If you want users to be able to access shared files when they are disconnected from the network -
Configure caching on the shared folder (offline files)
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
net stop ntds
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.

33. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Event Viewer
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Ntfrsutil
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

34. The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console - or add it to any MMC console.
Domain based Distributed File System (DFS) will reduce network traffic
Administrators is the minimum group membership required to complete this procedure.
Implement Windows System Resource Manager (WSRM)
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary

35. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.
Assign the support technicans to the Administrators group on the Windows Server 2008 R2 servers.
Microsoft System Center Data Protection Manager

36. Need to access some resources in another domain that is part of another forest...What trust is created?
Incoming external trust
Run the Delegation of Control Wizard on the Staff OU
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop

37. Ensure password length for a group set to 12 characters long while others keep password policy
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
SSTP is a good solution if you have Vista SP1 or higher and your security team has already opened port 443 on the firewall and the coporate security policy states that they would prefer not to open any more ports on the firewall than necessary. SSTP
Add-ADFineGrainedPasswordPolicySubject cmdlet
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.

38. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
1) Add the branch office admin accounts to teh Group Policy Creator Owners Group. 2) Run the Delegation of Control Wizard and delegate the right to link GPOs for their branch OUs to the branch office admins.
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

39. To restore previous version of script without taking up too much of time...
Deploy the Root CA certificate to the external computers.
Changed manually
Attach VHD file created by Windows server backup
Implement the Windows Search Service.

40. If your company has the need to create administrative templates (.admx) files for Active Directory runnin on server 2008 R2 you should recommend...
Subnet object needs to be created
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Assign permissions for the Groups OU and Branch OU to the help desk technicians.

41. If you need to be able to create shared folders on Server 2008 R2
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Implement a GPO for each domain
Modify properties of RODC server computer account.
Ensure your account - or the group is a member of the local Administrators group for that specific server.

42. You need to plan for the delegation of administrative authority for an OU in your AD named Staff. It should: allow help desk admins to create user accounts in the Staff OU; allow helpdesk admins to change the address attributes; prevent HelpDesk admi
Modify zone transfer settings for company.com zone on DCA
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Run the Delegation of Control Wizard on the Staff OU
Properties of PSO need modified

43. You need to recommend a BitLocker recovery method you should recommend this.
Data Recovery Agent
Restore-ADObject cmdlet
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.

44. If a file server reaches 15% free disk space - you could free up some disk space by
Creating a data collector set that kick off a scritp that either move or delete files.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
net stop ntds

45. All DCs have been upgraded from Windows Server 2003 to Windows Server 2008 R2. What should be done to ensure the Sysvol share replicates by using DFS Replicaiton (DFS-R)?
Recommend Offline Files
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Raise the DFL to Windows Server 2008 R2.
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

46. When deploying software across a large distributed enterprise you can reduce the need for clients to obtain the necessary .msi file needed for installation from over the network. Placing applications .msi file in a shared folder that is replicated us
Windows Deployment Services (WDS)
Deploy the Root CA certificate to the external computers.
Domain based Distributed File System (DFS) will reduce network traffic
Implement Shadow Copies

47. You have three domain controllers that perform a full back up every day. You need a recovery strategy for AD objects that meets these requirements: allows objects in a backup to be compared to objects in the live AD database; minimizes admin effort.
A Distributed File System (DFS) namespace
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Printer driver isolation
Modify the schema of LDSInst1

48. You need to design patch management for satellite offices that meet the following requirements: WSUS updates are approved independently for each satellite office; Internet traffic is minimized. To accomplish
Certificate Templates
Enhanced Storage Access settings in Group Policy on the local machine to require a unique vendor ID to identify the device or even require a certificate for the device to connect to your machine. This policy can even lock the device when the computer
In each satellite office - install a WSUS server and configure the WSUS servers to use the main office WSUS server as an upstream server.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.

49. To ensure that the SQL Servers can fail over autoatically and support 2 TB drives
Recommend GPT and basic disks
Configure block inheritance on the IT OU
Deploy it by using Group Policy Software Installation method
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

50. To minimize the amount of storage required you should recommend
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Share and Storage Management
Creating a data collector set that kick off a scritp that either move or delete files.
Changed manually