Test your basic knowledge |

MSITP

Subjects : certifications, msitp, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Client computers run Windows 7 and all applications on the computers are configured to save documetns to the local Documents folder. You need a backup strategy that meets these: Back up the Documents folder for all users; minimize admin effort. To ac
1) Enable the Audit object access setting in the Local Security Policy for Srv1. 2) Configure auditing in the Certification Authority snap-in.
Implement folder redirection by using GPO. Then backup the folder redirection target.
Create a new Password Settings Object (PSO) for the IT users.
Configure RADIUS accounting by using SQL loggin on each server and use Srv1 as database for RADIUS aaccounting.

2. Your forest containts only Windows Server 2008 domain controllers. What should be done to prepare the AD domain to install Windows Server 2008 R2 DCs?
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
Windows System Resource Manager (WSRM)
Run adprep /forestprep and adprep /domainprep
Zone transfer settings

3. to ensure that users can ONLY view the list of DFS Targets to which they are assigned permissions
dsa.msc - dsamain.exe - ntdsutil.exe
Set-ADServiceAccount cmdlet
Subnet object needs to be created
Migrate the namespace to Windows SErver 2008 mode and enable access based enumeration (ABE). NOTE: ABE is a new feature in SERVER 2008; this requires that all DFS Server be 2008 or later.

4. PowerShell script to create user accounts with passwords from a file called password.csv
Import-csv password.csv | Foreach {New-ADUser -Name $_.Name -Enabled $true_AccountPassword (ConvertTo_SecureString $_.Password -AsPlainText -force)}
Dsmgmt
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Implement a domain-based DFS namespace that uses replication

5. To defragment and AD database...
AD Domains and Trusts
Run net stop ntds
Add the Windows Server Backup feature and Windows System Image recovery.
net stop ntds

6. If you need to minimize the bandwidth for installation
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Win2000
Utilize IFM (Install From Media)

7. When one needs to audit files - folders - printers and the registry enable
Back up to an external USB drive by using Windows Server Backup
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Object access auditing on the server that supports the resource. Note: Enabling audit access also helps when auditing your Cert Servers
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.

8. All servers are 2008 R2. All client computers are Vista and have Outlook 2007 installed. Following resources are being accessed: exchange 2010 by using Outlook 2007 - database server on TCP port 38968 - 2008 R2 file servers. You need to provide users
Basic Authentication and SSL
DISABLE slow link detection in the GPO
Add George to the Domain Admins group.
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.

9. To enforce corporate policy on ALL computers in the domain to show a legal notice when a user logs on to the domain
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.
Application to the computer if you need to ensure that the application is installed on the computer before the user logs in.
Create a GPO and link the GPO to the domain then configure the GPO to be enforced
Implement a Remote Desktop Connection Broker (RD Connection Broker)

10. Within your company you have a server that will be running 8 VMs but only 6 concurrently. Your company has already purchased an Enterprise license for the server.
Configure event log subscriptions
Domain based Distributed File System (DFS) namespace and DFS Replication.
Deploy the Root CA certificate to the external computers.
Purchase one additional Enterprise License

11. Jack and Jill go up the hill - both with a buck and a quarter
Jill came down with 2.50.
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.
Implement one LUN for the quorum and another LUN for the data
Use Netsh tool from administrator's computer.

12. What GPO setting should be configured to prevent all users from running an application?
Add all the particular accounts into a new global security group. - Create new (PSO) and apply to group.
Encrypting File System (EFS). This can be enabled locally or through a GPO.
Software Restriction Polices
Add the new UPN Suffix to the forest

13. To prevent account password from being cached on RODC server...
Discover the run Microsoft Baseline Security Analyzer (MBSA)
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
Modify properties of RODC server computer account.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

14. You need to deploy 15 Server Core installations that are only accessible by HTTP and HTTPS. Administration of these must be able to enable administrators to install and administer server roles remotely and fully manage servers remotely
Add the IT Help Desk Users to the Group Policy Creator Owners group and then create a new Starter GPO.
Enable Windows Remote Management (WinRM) on each server.
Ntdsutil
Login to one DC and create and configure a conditional forwarder to replicate to all DNS servers in the forest.

15. What should be used to montior the replication of group policy template files when your DFL is set at Windows Server 2008 R2?
Deploy two writable domain controllers in ad.company.com and recommend to configure both domain controllers as GC's.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Dfsrdiag
Add-ADFineGrainedPasswordPolicySubject cmdlet

16. Domain.com recently deployed several Windows Server 2008 R2 file servers. You recently have had a problem with the file server in the sales department. On a regular basis the hard drive on the file server reaches capcity. You have to routinely perfor
Winrm quickconfig
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
Install the File Server Resource Manager (FSRM) role service on the sales department file server. Configure hard quotas and file screening.

17. You need to plan the deployment of an application that must meet these requirements: users must have - access to the app when they are connected to the network; access the application from an icon on their desktops.
Assign the application to all client computers by using a GPO.
Request and obtain a server authentication certificate from a trusted certification authority (CA) in your organization or from a trusted third-party CA - Authorization Manager provides a flexible framework for integratin role-based access control in
Enable Windows Remote Management (WinRM) on each server.
Implement a domain-based DFS namespace and add a second namespace server; Enable the "Clients fail back to preferred targets" option. Make sure all client computers have at least XP SP2.

18. For complete fault tolerance the backend SQL Server should be protected as well - by placing it in a MSCS Failover Cluster) - To allow computers that are members of the domain to receive updates from a local WSUS you can easily create a group policy
Winrm quickconfig
Modify the local policy to point to the Internal WSUS server
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Encrypting File System (EFS). This can be enabled locally or through a GPO.

19. You need to recommend a solution to ensure that users in the Philadelphia corporate office can access the courseware files in the remote Fernwood office. You should deploy this.
Domain based DFS namespace and configure a DFS replication group
Deploy a failover cluster that contains one node in each office.
Create a standard secondary of domain and create standard secondary of other domain.
Dfsrdiag

20. You need a solution that allows a global group to perform the following: stop and start services; change registry settings; change network settings
net stop ntds
dnscmd tool
Network Load Balancing (NLB) cluster
Add the Remote1-Admins group to the Administrators local group on each server in Remote1.

21. A DNS structure should be deployed acording to the following requirements: ensure resources in the root and child domains are accessible by FQDN; provide name resolution services in the event that a single server fails for a prolonged period of time;
Multipath I/O feature
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
You should: on one domain controller create an Active Directory-Integrated zone for remote domain and create and Active Directory-Integrated stub zone for main domain.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.

22. Recently it was decided to increase the performance of the company's Web Servers by deploying a NLB Web server farm. You need to ensure that the content is easily replicated across all the servers in the farm. You should implement this.
Distributed File System (DFS) Replication
Win2000
Printer driver isolation
Active Directory Users and Computers

23. When you need to distribute a large number of incoming connections to stateless applications such as Web servers or VPN servers you should implement this.
Create a Network Load Balancing cluster.
IIS Manager user account
Network Load Balancing (NLB)
Implementing a Central Store. This will allow custom .admx files to replicate and be available to administrators on any administrative workstation with the RSAT tools installed in the enterprise

24. RDSRv1 is a Server 2008 R2 Remote Desktop Session Host. RDSrv1 has 8 custome apps installed. Each is configured as a RDP RemoteApp. You notice that when a user runs one of the apps - other users report that the server seems slow and that some apps be
Implement Windows System Resource Manager (WSRM)
One Remote Desktop connection authorization policy (RD CAP) and two Remote Desktop resource authorization polices (RD RAPs)
Get-ADUser cmdlet
Then use Windows BitLocker Drive Encryption

25. IE can be a security concern - however you can take advantage of Group policies to lock down IE as much as possible

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

26. To recover objects deleted from Active Directory you should recommend
Add George to the Domain Admins group.
Administrative Role Separation
DISABLE slow link detection in the GPO
Active Directory snapshots and Tombstone reanimation

27. Engineering department has 582 Windows Server 2008 R2 servers. You need to monitor the performance of all 582 with following requirements: Create alerts when average processor usage is higher than 85% for 15 minutes; Automatically adjust the processo
Remote Server Administrative Tools (RSAT) on your administrative workstation or laptop
Deploy Microsoft System Center Operations Manager (SCOM)
Zone transfer settings
Deploy a failover cluster that uses Node and File Share Disk Majority

28. To update ADRMS password...
Configure Firewall Group Policies and link them at the Domain level
Create a Network Load Balancing cluster.
AD Rights Management Services
IIS Manager user account

29. DFL is...
Move "Infrasture Master" role in child domain to a DC that does not hold the Global Catalog.
Win2000 Native
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Prestage the computer account in AD

30. With AppLocker settings - which Windows PowerShell cmdlet would be used to identify whether a specific application file is allowed to run on a computer?
Data Recovery Agent
Test-AppLockerPolicy
On one server - create event subscriptions for each server...on the server - attach tasks to the application error events
Deploy Remote Desktop Connection 7.0 on all computers; Enabled the Desktop Experience feature on the RD Session host; and install the application on the Remote Desktop Services server.

31. You need to rebuild a server and reinstall the operating system - and rollback all operations master roles to original state...
1) Seize operations master roles from sever1 to server2 2) Rebuild Server as a replica domain controller 3) Transfer operations master roles from Server2 to Server1
Add \file2templates as a folder target for \domain.comdfstemplates - Create a DFS replication group that contains \file1templates and \File2templates
Create a Network Load Balancing cluster.
Recommend Active Directory delegation

32. DNS zone is stored in custom applicaiton directory partition. What tool is used to ensure replicaiton to new installed DC?
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
dnscmd
WSUS servers running in replica mode - and configure them to download updates from the WSUS server in the main office
Implement Microsoft System Center Configuration Manager (SCCM) 2007 R2.

33. To compact AD database...
PDC emulator with w32tm.exe
New ACCOUNT STORE should be added and configured
FILES option within Ntdsutil
Include a server that runs Microsoft Office SharePoint Server 2010

34. You need to design your WSUS infrastructure so that updates are highly available. To do so
Microsoft System Center Data Protection Manager
Certificate Templates
Store the WSUS updates on a Distributed File System (DFS) link that uses multiple replicating targets.
Your machine and remote desktops

35. You need to recommend the minimum number of logical unit numbers (LUNs) that must be provisioned for Cluster. If the cluster has an even number of nodes ...
Create a MEDV workspace
Deploy an off-line standalone Root CA - deploy an on-line Enterprise Subordinate CA - and deploy an on-line standalone Subordinate CA.
Deploy WSUS server on secure network. From an online WSUS server - copy the update metadata and the WSUS content to the WSUS server on the secure network.
Implement one LUN for the quorum and another LUN for the data

36. To make a 64-bit application available to several 32-bit XP SP3 computers in the branch office you could use either a remote desktop session host or a remote desktop virtualization host. However - if the application requires you to be a local adminis

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

37. What document management solution allows you to keep multiple versions of documents and automatically apply access policies to these documents? You should recommend
Install Hyper-V role and convert physical machines into virtual machines
Include an iSCSI disk storage subsystem that supports Virtual Disk Service (VDS). Configure the storage subsystem as a RAID 5 array.
Active Directory Rights Management Services (AD RMS) and Microsoft SharePoint Foundation 2010
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

38. to ensure that server backups can be performed remotely from your backup server on your company file server you should perform these two actions
Then deploy Windows Deployment Services (WDS) and Transport Server feature and configure transport server to use static multicast address range.
Install a new server that runs a 64-bit version of Windows Server 2008 R2 Enterprise Edition. Install the Hyper-V role. Install the App1 and App2 in separate child virtual machines.
Offline domain join
Install Windows Server Backup and modify the Windows firewall settings

39. To create AD Domain Services snapshot
Install and share a printer on a server and then enable printer pooling.
Ntdsutil
Implement a GPO for each domain
Windows System Resource Manager (WSRM)

40. Your DFS deployment needs to meet these requirements: minimize the bandwidth required to replicate data; ensure users see only folders to which they have access; ensure users can access the data locally.
Deploy a standalone DFS namespace; Enable access-based enumeration and use DFS Replication
Create an Active Directory-Integrated zone.
Discover the run Microsoft Baseline Security Analyzer (MBSA)
Microsoft Desktop Optimization Pack (MDOP)

41. To reduce the administration involved when making configuration changes in IIS for several servers that are part of NLB Cluster you should implement this.
One virtual network...Install two network adapaters on each node. Configure the network adapters to communicate on separate subnets.
Configure the zone as an Activde Directory-Integrated zone.
1) Run net stop ADLDS command 2) Use ntdsutil tool to move db files 3) Run net start ADLDS cmd
IIS Chared Configuration

42. To make deploying the custom Word dictionary easy
Recommend Group Policy preferences
Configure event log subscriptions
FILES option within Ntdsutil
Authorization Manager

43. 4 steps to perform offline Defragmentation of AD database...
NOT be able to store that data on an iSCSI SAN
Implement Windows BitLocker Drive Encryption (BitLocker)
Then Install IIS on perimeter network and redirect request to Online Responder on internal network.
1) Stop AD services service 2) Compact ntds.dit 3) Move to %windir% ntds 4) Start AD domain services service

44. You have 5 windows Server 2008 R2 servers that are configured with the File Server role. you need to monitor the file servers with the following requirements in mind: administrators must be able to create reports that display folder usage by differen
Install File Server Resource Manager (FSRM) role service - and then configure Quota Managment and Storage Reports Management
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.
Modify the DNS zone replication properties of the root domain - and change it to the ForestDNSZones application directory partition
Run a full back up by using Windows Server Backup - and then run a full back up of the Hyper-V hosts by using Windows Server Backup.

45. You need to devise a security solution so that after 15 days the documents distributed to the members of the School Board can only be opened by the creator owners in the high school year book department. You should recommend...
Microsoft Desktop Optimization Pack (MDOP) to your company
Active Directory Right Management Services (AD RMS)
Upgrade all the client computers to Windows 7 and implement a Secure Socket Tunneling Protocol (SSTP) VPN solution.
Recommend one AD based service account for each web site in each domain - that would mean 10 total. NOTE: Because you're using AD accounts that there is one web site in each domain the number of service accounts will match the number of domains.

46. You need to ensure that your Windows 2008 R2 file servers meet the following: supports volumes larger than 2 terabytes - if a single disk fails - maintain data redundancy - if a single server fails - maintain access to all data - maximize disk throug
Configure caching on the shared folder (offline files)
Deploy a two-node cluster. Connect an external storage subsystem. Configure the external subsystem as a RAID 10 array - and format the array as a GPT disk.
newly implemented technologies must have a minimal effect on LAN traffic - is met by using express installation files
Deploy one new server that runs Windows Server 2008 R2 Enterprise Edition and install the Hyper-V feature on the new server. Then create three child virtual machines.

47. You need to recommend management solution that will allow users to manage only certain parts of Hyper-V
Configure a server with the Remote Desktop Services role and install Outlook 2003 on the Remote Desktop Services server. Then publish Outlook 2003 as a Remote Desktop Services RemoteApp (RD RemoteApp).
Authorization Manager
Back up to an external USB drive by using Windows Server Backup
Then configure GlobalNames zones on each domain controller.

48. All users store their files in their Documents folder. Some of these are very large. You are going to implement roaming profiles for all your users. You will configure this by using a GPO. To minimize the amount of time it takes for your users to log
Disable Site Link Bridging from the IP properties
Modify the GPO to include folder redirection
Implement one LUN for the quorum and another LUN for the data
Raise the DFL to Windows Server 2008 R2.

49. Recently you have installed a special application on your web sites that requires using a managed service account on the Web Servers. This application runs on a web server in each of 10 separate Active Directory domains.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

50. There's an AD domain named company.com. There are 3 DC's that also hold the DNS server role which host an ADI zone named company.com. This zone is configured to update settings to Secure only Dynamic Updates. The CIO has issued a new security policy
Converting physical servers to VMs - implementing SANn and SAN management components such as backup and site resiliency will create additional administrative overhead.
1) Remove the Auth Users account from the Secutiy tab of the company.com DNS zone properties. 2) Assign the server computer accounts to the Allow on Create All Child Objects permission on the Security tab of the company.com DNS zone properties.
In AD Sites and Services - assign a new IP subnet to SiteB - and then move the new DC object to SiteB.
Create a standard secondary of domain and create standard secondary of other domain.