Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. To modify several user accounts to a new UPN suffix
Add the new UPN suffix to the forest.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Configure Firewall Group Policies and link them at the Domain level
Active Directory Users and Computers utility

2. To back up your Hyper-VMs and the Hyper-V host; for each VM -
You could restore the backup to an alternate location. Then mount the database using the AD Database Mounting Tool (Dsamain.exe)
Implement Network Access Protection (NAP)
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
The WSUS client to retrieve updates from Microsoft Update (Do not Store updates locally)

3. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Install Windows Server Backup and modify the Windows firewall settings
Configure RODC for Administrator Role Separation
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.

4. When recommending the server configurations for the new failover cluster that will live in a virtual environment from Hyper-V Manager on each node - configure ...
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.
Configure caching on the shared folder and configure offline files to use encryption
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.

5. If you need to delegate control of server to remote admins group
Deploying a WSUS server in replica mode at the Branch office. You can also configure the WSUS in replica mode/split - this will allos the WSUS server to download list of updates from the parent but download the actual updates directly from Windows up
Modify the local policy to point to the Internal WSUS server
Configure RODC for Administrator Role Separation
Registry on users computer needs to be modified

6. In order to ensure highly available Windows Update servers you should create this.
Copy the ADMX files from your company's PDC emulator to the PolicyDefinitions folder on other company's PDC emulator.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Implement a domain-based DFS namespace that uses DFS Replication in a hub and spoke topology
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.

7. GPO setting to prevent all users from running an application
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Software Restriction Polices
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

8. If you need to allow an external partner's computer to access internal network resources by using SSTP
Deploy the Root CA certificate to the external computers.
Dynamically expanding VHD's
Storage manager for SANs
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1

9. The ability to set quotas at the volume level has been around for many years - however if you have have servers that need quotas - but instead of placing the quota at the volume level you need to place the quota on an individual folder -
Implement File Server Resource Manager (FSRM) quotas on the desired servers
Deploy the application via RemoteApp as an .MSI file and enable File Extension Take over.
Autonomous mode...This allows the local administrator to approve their own updates.
Subnet object needs to be created

10. Domain.com's network has a single forest and single domain. Users currently share files using the corporate FTP server and DropBox. You need a better solution for managing document and allowing access. The solution must meet the following: allow for
Allocate three disks to a single RAID 5 volume for the user data. Allocate two disks to a mirrored volume for the operating system data.
Use the Local Roles options with dsmgmt.
WSUS server running in replica mode that is configured to download updates from Microsoft Update (a.k.a. replica split)
Microsoft SharePoint Foundation 2010

11. To backup Virtual Machines
Creating a data collector set that kick off a scritp that either move or delete files.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.
Upgrading DFS to Windows Server 2008 R2

12. Domain.com's network consists of a Single AD domain. All servers and domain controllers run Windows Server 2008 R2. You need to ensure that you can: track all changes made to AD objects by the recently hired IT consulting firm; Ensure that the audits
Configure event log subscriptions
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Configure an audit policy by editing the default domain policy and configure Event Forwarding
Create and deploy a logon script that runs Auditpol.

13. You need to deploy apps to client computers according to these req.: apps must be deployed to client computers that meet minimum hardware requirements; detaild reports on success/failure of the app deployments must be provided; deployments must be sc
Recommend Offline Files
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
DISABLE slow link detection in the GPO

14. to minimize the attack surface area of the servers and reduce licensing cost you should recommend
Run adprep /forestprep and adprep /domainprep
Import-Module
Installing Hyper-V on a Server Core installation of Windows Server 2008 R2 Enterprise
Registry on users computer needs to be modified

15. Need to access some resources in another domain that is part of another forest...What trust is created?
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.
Authorization Manager role assignment
Incoming external trust
Set-ADServiceAccount cmdlet

16. 2 ways to relocate user and computer accounts to different OUs
Branch Cache server that operates in Hosted Cache mode in your recommendation. This is an ideal solution if the branch office already maintains a Server 2008 R2 server solution (no additional licenses would be needed)
DSMOD - ADUC
Dsmgmt
Implement a GPO for each domain

17. To be able to remotely administer DNS servers that run on the Server Core installation of Server 2008 R2 - via MMC console
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Provide remote access to a Windows Server 2008 R2 server that has the Remote Server Administration Tools (RSAT) installed.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010

18. Your AD environment has an Enterprise Root CA. What 2 actions should you take to ensure that only administrators can sign code?
Recommend GPT and basic disks
Configure RODC for Administrator Role Separation
Use Netsh tool from administrator's computer.
1) Publish the code signing template. 2) Modify the security settings on the template to allow only the administrators to request code signing certificates.

19. You need to design your WSUS infrastructure so that updates are highly available. To do so
Repadmin
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Deploy it by using Group Policy Software Installation method

20. You have 9 2008 R2 servers that host Web apps. You need a remote mgmt strategy to manage the Web servers according to these requirements: Web developers need to be able to configure features on the Web sites; Web developers should not have full admin
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Configure authorization rules for Web developers on each web server
Ntfrsutil
Deploy Microsoft System Center Data Protection Manager 2010 and create a new protection group.

21. To allow a user to administer Active Directory
Raise the DFL to Windows Server 2008 R2.
Add the user to the Domain Admins global group
Create TWO new starter GPO's one with user administrative templates configure - and one with computer admin template configured - and export them to .cab files - and make the .cab files available in both forests...Then when creating new group policie
802.1.x NAP

22. When implementing WSUS servers at branch offices or remote campuses you can configure the WSUS server a the remote location to be in
DSMOD
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Dfsrdiag
Autonomous mode...This allows the local administrator to approve their own updates.

23. To create and additional AD LDS applicaiton directory partition in existing instance...
Ldp
Properties of PSO need modified
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Then configure auto enrollment of certificates and Credential Roaming.

24. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Dfsrdiag
Use CISCO IP Helper command to configure.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
Modify the GPO to include folder redirection

25. To defragment and AD database...
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
net stop ntds
802.1.x NAP

26. If you need to be able to create shared folders on Server 2008 R2
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Ensure your account - or the group is a member of the local Administrators group for that specific server.
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.

27. BLANK BLANK is a computer Group Policy setting that can be for example; Linked at an OU where public kiosks/remote desktop session host computers reside.
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Network Load Balancing (NLB) Cluser for the front end WSUS servers. This will allow users to have the continued access in the event that WSUS servers become unavailable.
Implement Network Access Protection (NAP)
Loopback Processing - The purpose of the Loopback Processing policy is to prevent usesr policies that currently affect the user from following them to a publicly used or (shared remote desktop) computer. We may indeed in many cases want these policie

28. If you need secure method to verify validity of individual certificates and minimize network bandwidth
Add the new UPN Suffix to the forest
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
Install the full installation of Windows Server 2008 R2 Web Edition on two servers - and configure them in a Network Load Balancing cluster
Implement Shadow Copies

29. To allow administrators to create and store .ADMX templates in a way that allows them to have access to the template no matter what administrative computer they logon to you must
Install Windows Server Backup and modify the Windows firewall settings
Create a Central Store
Then use Key Management Service (KMS) - DHCP server - and Windows Deployment Services.
Enable Windows Remote Management (WinRM) on each server.

30. A specific application requires registry modifications to be in place before installing; you should use
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Group Policy Preferences
Then configure auto enrollment of certificates and Credential Roaming.

31. You plan to deploy 12 file servers. All computers and servers connect to Ethernet switches. Your data storage solution must meet these: maximizes performance and fault tolerance; allocates storage to the servers as needed; utilizes the existing netwo
Changed manually
Create a user and designate him as a recovery agent by issuing him a data recovery certificate.
Install Windows Server 2008 R2 Datacenter Edition on each server. Deploy the servers in a failover cluster. Deploy an iSCSI storage area network (SAN) - You have a main office and branch office.
AD Domains and Trusts

32. If you need to minimize the bandwidth for installation
Active Directory Users and Computers
Configure RADIUS accounting by using local file loggin on each server. Store the log files in an Internet Authentication Service (IAS) format on a shared folder on one of the servers (Srv1).
Utilize IFM (Install From Media)
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

33. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
Run adprep /forestprep and adprep /domainprep
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
FILES option within Ntdsutil
Either implement a DHCP server at the branch office - or configure a "Static Pool" on the RRAS server itself. If deploying a DHCP server at the branch office isn't an option - then once the Remote Access Server role has been deployed you can configur

34. hr.domain.com domain has an OU named Sales...You need to give UserA administrative rights so that he can manage Group Policies for the Sales OU while meeting the following requirments: UserA must be able to create and configure Group Polices in hr.do
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Run the Delegation of Control Wizard on Sales OU. In Group Policy Management Console - modify the permissions of the Group Policy Objects container in the hr.domain.com domain.
Attach VHD file created by Windows server backup
Printer driver isolation

35. When service account passwords need to be changed for SQL they should be...
Disable Site Link Bridging from the IP properties
Changed manually
Perform an authoritative restore
Enable Credential Roaming

36. You need a strategy for backing up your 2008 R2 file servers according to these: allows for individual file restore; allows for complete server recovery; supports scheduled backups; provides decentralized control over backups and recovery; minimizes
Enable Windows Remote Management (WinRM) on each server.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
dnscmd tool
Back up to an external USB drive by using Windows Server Backup

37. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Active Directory Domains and Trusts
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Active Directory Right Management Services (AD RMS)
Raise the DFL to Windows Server 2008 R2.

38. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Dsmgmt
DFL needs to be Windows Server 2008
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files

39. Auditing the deletion of Registry keys on all Domain Controllers
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
The Group Policy Management console
Modify Object Access Settings AND Global Object Access Auditing settings FROM Advanced Audit Policy configurations

40. Can be used to install the Windows RE on existing servers
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
The applications within the VM by using RemoteApp. Create a RemoteApp and Desktop Connection for each VM.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
WDS

41. If the companies support staff is currently using Remote Desktop to connect to the servers in the data center to perform all management tasks - it would be wise to have them instead
Modify zone transfer settings for company.com zone on DCA
Install the RSAT tool on their workstation to provide for more efficient network management
Configure Audit Special Logon and define Special Groups
Modify properties of RODC server computer account.

42. Capture all replication errors from all your DCs to a central location...
Configure event log subscriptions
Then install new Server 2008 R2 Enterprise subordinate CA.
Create a new global group named HelpDesk and then add the Help Desk department user accounts to the Helpdesk group. Add the HelpDesk group to the Account Operators group that is in all three domains. A-G-U-L-P.
The Group Policy Management console

43. to make shares at a remote location available to users you should implement this.
Domain based Distributed File System (DFS) namespace and DFS Replication.
Install a full installation of Windows Server 2008 R2 Enterprise Edition on two servers and configure the failover cluster services on them.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Your machine and remote desktops

44. You are about to deploy a distributed database appliation that will run on multiple 2008 R2 servers. This deployment needs to follow these requirements: uses the existing network infrastructure; uses standard Windows management tools; allocates stora
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Add all the sales user accounts into a new global security group. Create a new Password Policy Object (PSO) and apply it to the group.
Deploy Microsoft SharePoint Foundation 2010 - and then migrate the share to a new document library. Enable versioning for the library
Logged changes must include old and new values of any attributes. - Run auditpol and then configure Security settings of Domain Controllers OU

45. You need a solution that meets policy while minimizing hardware and software costs
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Then install new Server 2008 R2 Enterprise subordinate CA.
Create a new Password Settings Object (PSO) for the IT users.
Raise the DFL to Windows Server 2008 R2.

46. If users need access to files locally and must be able to access files at another site if the local copy is not available you should implement this.
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
A Distributed File System (DFS) namespace
Certificate Templates
Include a server that runs Microsoft Office SharePoint Server 2010

47. To ensure that recovery is possible if a file on a file server is deleted accidentally
Deploy a GPO to the WebSrvOU
MEDV to deploy virtual desktops
Implement Shadow Copies
AD Rights Management Services

48. You need to deploy a sales application that only the sales users must have access to
Include a server that runs Microsoft Office SharePoint Server 2010
Deploy a GPO for the Sales OU
Use local roles options within "dsmgmt"
ntdsutil

49. To identify users who bypass the new corporate security policy -
Your machine and remote desktops
Configure Audit Special Logon and define Special Groups
Domain based Distributed File System (DFS) will reduce network traffic
Add the user to the Domain Admins global group

50. When backing up multiple servers it is a Microsoft best practice to add the authorized user or group to the

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183