Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. SrvA has Remote Desktop Services role installed. You notice that users are consuming more than 40% of CPU resources. You want to prevent them from consuming more than 10% - however - administrators should not be limited.
FILES option within Ntdsutil
Implement Windows System Resource Manager (WSRM) and configure user policies
Import-Module
Network Load Balancing (NLB) cluster

2. You have two identical print devices. You must plan a print services infrastructure where: the print services must be available - even if one print device fails and have the ability to manage the print queue from a central location
Event Viewer
Dsmgmt
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Install and share a printer on a server and then enable printer pooling.

3. To deploy templates across the organization
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Use Windows Server Backup to perform a daily backup to an external disk. Enable shadow copies for the volumes that contain shared user data. Store the shadow copies on a separate physical disk.
Execute the Set-ADServiceAccount cmdlet

4. To ensure that a file on a file server do not leave the organization you must implement this.
Implement one LUN for the quorum and another LUN for the data
Remote Desktop Virtualization host - you wouldn't want all the users on the same Remote Desktop Session host to be local administrators.
AD RMS
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

5. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
FILES option within Ntdsutil
Offline domain join
DISABLE slow link detection in the GPO

6. All servers run 2008 R2. All client computers run Windows 7 and Outlook 2010. The sales team needs to use Outlook 2003 to support a custom application. You need a deployment strategy that meets these requirements: provide access to Outlook 2003 and 2
djoin /requesteodj from internal server - djoin /provision from outside server/PC
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Group Policy Preferences
Active Directory Domains and Trusts

7. What role to keep same time as an external server?
Add-ADFineGrainedPasswordPolicySubject cmdlet
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
PDC emulator with w32tm.exe
Refresh the zone on DNS2

8. To build a highly secure server cluster with a reduced attack surface area
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Install a Server Core installation of Windows Server 2008 R2 Enterprise. Note: Remember clusters must be either 2008 Enterprise or Datacenter - you cannot build a Microsoft Cluster using Web or Standard Editions
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Modify properties of RODC server computer account.

9. When taking files offline there is always a security risk. Corporate files now reside on a laptop that will leave the confines of the corporate office. When taking files offline it is best practice to help protect these files using
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Install Hyper-V role and convert physical machines into virtual machines
Create a MEDV workspace

10. To add a server with AD FS 2.0 role to an existing AD FS farm...
Create and deploy a logon script that runs Auditpol.
Configure authorization rules for Web developers on each web server
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server - implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services Resource authorization policy (RD RAP).
fsconfig on FSSrv2

11. To ensure that administrators are allowed to install USB drives on their Windows 7 computers - but NOT allow non-administrators
Use a GPO to configure device installation restrictions
Upgrade one of the TS to Windows Server 2008 R2 and configure it as the Remote Desktop Services Gateway (RD Gateway). Then implement Network Access Protection (NAP).
Improve the performance of File Servers
Changed manually

12. To configure AD FS so tokens contain information from Active Directory domain...
New ACCOUNT STORE should be added and configured
Then Migrate DHCP server role from the domain controllers to the files servers. On file servers - add admin for office to DHCP admin local group.
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.

13. What shold be done to configure AD RMS so users can protect their data?
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Create an e-mail account in AD DS for your RMS users
Prestage the computer account in AD
Configure caching on the shared folder (offline files)

14. You need an Active Directory strategy that supports the recovery of deleted objects for up to one year after the date of deletion. to accomplish this
Increase the tombstone lifetime for the forest.
Get-ADUser cmdlet
Domain based DFS namespace and configure a DFS replication group
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.

15. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Create a standard secondary of domain and create standard secondary of other domain.

16. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Congifure the new Local User and Groups by using Group Policy Preferences option and link the policy to the Branch office site.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Registry on users computer needs to be modified
New ACCOUNT STORE should be added and configured

17. 4 steps to perform offline Defragmentation of AD database...
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Software Restriction Polices
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service
Upgrade one of the Server 2003 servers to Server 2008 R2. On this server implement the Remote Desktop Services Gateway (RD Gateway) role and configure a Remote Desktop Services connection authorization policy (RD CAP).

18. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Recommend Offline Files
Configure Audit Special Logon and define Special Groups
From Server1 - run the Create Basic Task Wizard
Dfsrdiag

19. To be able to manage all the corporate servers from a workstation - you must install the
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Group Policy Preferences
Deploy a failover cluster that uses Node and File Share Disk Majority

20. You have a failover cluster that has an application installed. Service level agreement requires 55 percent of processor and memory utilization to be reserved for the app. A solution to guarantee service level agreement would be
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Install Microsoft Secure Socket Tunneling Protocol (SSTP)

21. To backup GPO's in domain and minimize bakcup...
Implement Windows System Resource Manager (WSRM) and configure user policies
Active Directory Domains and Trusts
The Group Policy Management Console
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise

22. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
Refresh the zone on DNS2
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Disable Site Link Bridging from IP Properties
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

23. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Assign permissions for the Groups OU and Branch OU to the help desk technicians.
Storage manager for SANs
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Distributed File System (DFS) Replication

24. So a user can install updates on an RODC while preventing them from logging on to any other domain controller...
Test-AppLockerPolicy
Install and share a printer on a server and then enable printer pooling.
Use local roles options within "dsmgmt"
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.

25. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Restore-ADObject cmdlet
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Distributed File System (DFS) Replication

26. To help restrict access to Windows 7 computer in the event that it gets stolen implement
The computer must be connected to the network when the end user clicks the icon and launches the install of the application.
Modify zone transfer settings for company.com zone on DCA
A Distributed File System (DFS) namespace
Windows BitLocker Drive Encryption (Bit Locker)

27. To prevent computers that do not have the Windows Firewall enabled from connecting to the wireless access point or the physical switch - you should implement this.
Create ADMX and ADML files. Configure the GPO and link it to the domain.
Passive file screens
Add George to the Domain Admins group.
802.1.x NAP

28. A script fails to create user accounts. Which cmdlet should be added to the script to create user accounts?
Click Start - click Run - type cmd - and then press ENTER. - At the command prompt - type dsmgmt.exe - and then press ENTER. - For a list of valid parameters - type ? - and then press ENTER. - By default - no local administrator role is defined on th
IPSec based enforcement. IPSec enforcement should be used when you want a stronger solution than 802.1x - DHCP or VPN based NAP. IPSec based NAP cannot be bypassed by modifying the NAP agent/client.
Execute the Set-ADServiceAccount cmdlet
Import-Module

29. To ensure that admins in the corporate office can manage and control all Windows Updates and manage WSUS computer groups - deploy this.
Install the Remote Server Administration Tools (RSAT) on the Windows 7 computers.
Ldp
WSUS server in the branch office in replica mode.
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

30. You need a solution that meets policy while minimizing hardware and software costs
Enable - ADoptionalFeature cmdlet
Deploy a GPO for the Sales OU
Create a new Password Settings Object (PSO) for the IT users.
Implement Windows BitLocker Drive Encryption (BitLocker)

31. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
Place the operating system files on one of the RAID 1 array - place the SQL transaction logs on the other RAID 1 array - and place the SQL database files on the RAID 5 array
Implement Windows System Resource Manager (WSRM) and configure a resource-allocation policy for process-based management.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Modify the schema of LDSInst1

32. You have a forest with two domains - all servers run 2008 R2 - and all DCs contain DNS. A member server has a primary zone for test.company.com. What should be done so all DCs can resolve names from test.company.com zone?
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.
Install Microsoft Secure Socket Tunneling Protocol (SSTP)
Raise the DFL to Windows Server 2008 R2.
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.

33. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Back up to an external USB drive by using Windows Server Backup
Configure offline files and enable manual caching
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Dsmgmt

34. You plan to upgrade your networks desktops to Windows 7 however - after testing you discover an application that will only run on Windows XP. You need to make this application available to a large number of desktops.
dnscmd dcsrv2.company.com /zoneresettype company.com /dsprimary
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Create a MEDV workspace

35. Need to ensure users receive updated template within five days...
Certificate Templates
Dsmgmt
Implement Windows System Resource Manager (WSRM)
Registry on users computer needs to be modified

36. Auditing the deletion of Registry keys on all Domain Controllers
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Set-ADServiceAccount cmdlet
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations
Domain based DFS namespace and configure a DFS replication group

37. Backup solutions for the files servers that support a robotic-based tape library must support the enterprise; you should recommend
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Microsoft System Center Data Protection Manager
Implement Network Access Protection (NAP) that uses 802.1x enforcement

38. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Microsoft Application Virtualization (AppV)
Add the new UPN Suffix to the forest
Raise the DFL to Windows Server 2008 R2.

39. What should be modified so you can use the nslookup utility to list all SRV records for your domain?
Win2000
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Zone transfer settings
Create an Active Directory-Integrated zone.

40. The two role services must be deployed to prevent machines from connecting to the network if their security center settings (Firewall - Windows Updates - Defender) are NOT up to date are
Configure Firewall Group Policies and link them at the Domain level
Network Policy Server (NPS) and Routing and Remote Access Service (RRAS)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Dsmgmt

41. To improve performance and provide redundancy if a single server fails - the intranet web site should be in this.
Network Load Balancing (NLB) cluster
Role Separation
Active Directory snapshots and Tombstone reanimation
Deploy a failover cluster that contains one node in each office.

42. To be able to user an application from one AD FS with authentication server to another...
Folder redirection. Folder redirection is also useful when using roamin profiles.
A relying party trust should be created.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Configure Firewall Group Policies and link them at the Domain level

43. If you need to implement a Cert Services solution that automates distribution of certificates - ensures security and gives external users acess to resources that use cert-based authentication
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
Event Viewer
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

44. Your data provisioning solution must meet the following requirements: users must have access to their Documents folder regardless of the client computer that they use; user documents should not be stored on the local client computer; minimize the tim
MEDV to deploy virtual desktops
Administrators is the minimum group membership required to complete this procedure.
Configure folder redirection
Then use on install image file that contains a single install image.

45. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
Passive file screens
IIS Chared Configuration
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie
Recommend Group Policy preferences

46. Policy states that domain controllers cannot contain optical drives. You need a backup and recovery plan that restores the domain controllers in the event of a catastrophic server failure. To accomplish this
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Your machine and remote desktops
Administrative Role Separation

47. Srv1 - Srv2 - Srv 3 are Network Policy Servers (NPS) that function as RADIUS Servers. Srv1 is also Microsoft SQL Server 2008 server. The network has 20 wireless access points that are configured as RADIUS clients. You need an audit strategy with the
Group Policy Preferences
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement one LUN for the quorum and another LUN for the data
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

48. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Create an e-mail account in AD DS for your RMS users
Active Directory Right Management Services (AD RMS)
Modify the GPO to include folder redirection
Disable Site Link Bridging from IP Properties

49. You have several Windows 2000 Servers that have a custom application installed. However - the apps are incompatible with each other and with Windows Server 2008 R2 - but they consume less than 10% of system resources. There is a policy that states al
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
In each office - install a WSUS server and configure the WSUS servers as a replica of the main office.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

50. If you need to implement Encrypting File System (EFS) and minimize amount of data transferred across and access EFS certs on any client computer
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Enable Credential Roaming
Use Windows Server Backup to back up each domain controller to a remote network share. Use Windows Deployment Services (WDS) to deploy the Windows Recovery Environment (Windows RE)
Modify the local policy to point to the Internal WSUS server